add configuration support for user prompts and other access control options

2010-11-18  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/SecurityDesc.java: Remove window banner
    permissions from sandboxPermissions and j2eePermissions.
    (getSandBoxPermissions): Dynamically add window banner permissions
    if allowed by configuration.
    * netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java:
    Add KEY_SECURITY_PROMPT_USER,
    KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING,
    KEY_SECURITY_PROMPT_USER_FOR_JNLP, and
    KEY_SECURITY_INSTALL_AUTHENTICATOR.
    (loadDefaultProperties): Use the new constants.
    * netx/net/sourceforge/jnlp/security/SecurityWarning.java
    (showAccessWarningDialog): Check if the user should be prompted
    before prompting the user.
    (showNotAllSignedWarningDialog): Likewise.
    (showCertWarningDialog): Likewise.
    (showAppletWarning): Likewise.
    (shouldPromptUser): New method. Check if configuration allows
    showing user prompts.
    * netx/net/sourceforge/jnlp/services/ServiceUtil.java
    (checkAccess(AccessType,Object...)): Clarify javadocs.
    (checkAccess(ApplicationInstance,AccessType,Object...)): Clarify
    javadocs. Only prompt the user if showing JNLP prompts is ok.
    (shouldPromptUser): New method. Returns true if configuration allows
    for showing JNLP api prompts.
    * plugin/icedteanp/java/sun/applet/PluginMain.java
    (init): Only install custom authenticator if allowed by
    configuration.

1 files changed, 25 insertions, 5 deletions

diff --git a/netx/net/sourceforge/jnlp/services/ServiceUtil.java b/netx/net/sourceforge/jnlp/services/ServiceUtil.java
index 6116332..62ce28f 100644
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java
+++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java
@@ -39,6 +39,7 @@ import javax.jnlp.UnavailableServiceException;
 
 import net.sourceforge.jnlp.JNLPFile;
 import net.sourceforge.jnlp.runtime.ApplicationInstance;
+import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
 import net.sourceforge.jnlp.security.SecurityWarning;
 import net.sourceforge.jnlp.security.SecurityWarning.AccessType;
@@ -208,9 +209,10 @@ public class ServiceUtil {
     };
 
     /**
-     * Returns whether the app requesting a service is signed. If the app is
-     * unsigned, the user is prompted with a dialog asking if the action
-     * should be allowed.
+     * Returns whether the app requesting a JNLP service has the right permissions.
+     * If it doesn't, user is prompted for permissions. This method should only be
+     * used for JNLP API related permissions.
+     *
      * @param type the type of access being requested
      * @param extras extra Strings (usually) that are passed to the dialog for
      * message formatting.
@@ -221,8 +223,9 @@ public class ServiceUtil {
     }
 
     /**
-     * Returns whether the app requesting a service has the right permissions.
-     * If it doesn't, user is prompted for permissions.
+     * Returns whether the app requesting a JNLP service has the right permissions.
+     * If it doesn't, user is prompted for permissions. This method should only be
+     * used for JNLP API related permissions.
      *
      * @param app the application which is requesting the check. If null, the current
      * application is used.
@@ -265,6 +268,11 @@ public class ServiceUtil {
         }
 
         if (!codeTrusted) {
+
+                if (!shouldPromptUser()) {
+                    return false;
+                }
+
                 final AccessType tmpType = type;
                 final Object[] tmpExtras = extras;
                 final ApplicationInstance tmpApp = app;
@@ -285,4 +293,16 @@ public class ServiceUtil {
 
         return true; //allow
     }
+
+    /**
+     * Returns whether the current runtime configuration allows prompting the
+     * user for JNLP permissions.
+     *
+     * @return true if the user should be prompted for JNLP API related permissions.
+     */
+    private static boolean shouldPromptUser() {
+        return Boolean.valueOf(JNLPRuntime.getConfiguration()
+                .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+    }
+
 }