diff options
| -rw-r--r-- | ChangeLog | 30 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/SecurityDesc.java | 10 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java | 33 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/security/SecurityWarning.java | 29 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/services/ServiceUtil.java | 30 | ||||
| -rw-r--r-- | plugin/icedteanp/java/sun/applet/PluginMain.java | 6 |
6 files changed, 126 insertions, 12 deletions
@@ -1,5 +1,35 @@ 2010-11-18 Omair Majid <[email protected]> + * netx/net/sourceforge/jnlp/SecurityDesc.java: Remove window banner + permissions from sandboxPermissions and j2eePermissions. + (getSandBoxPermissions): Dynamically add window banner permissions + if allowed by configuration. + * netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java: + Add KEY_SECURITY_PROMPT_USER, + KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING, + KEY_SECURITY_PROMPT_USER_FOR_JNLP, and + KEY_SECURITY_INSTALL_AUTHENTICATOR. + (loadDefaultProperties): Use the new constants. + * netx/net/sourceforge/jnlp/security/SecurityWarning.java + (showAccessWarningDialog): Check if the user should be prompted + before prompting the user. + (showNotAllSignedWarningDialog): Likewise. + (showCertWarningDialog): Likewise. + (showAppletWarning): Likewise. + (shouldPromptUser): New method. Check if configuration allows + showing user prompts. + * netx/net/sourceforge/jnlp/services/ServiceUtil.java + (checkAccess(AccessType,Object...)): Clarify javadocs. + (checkAccess(ApplicationInstance,AccessType,Object...)): Clarify + javadocs. Only prompt the user if showing JNLP prompts is ok. + (shouldPromptUser): New method. Returns true if configuration allows + for showing JNLP api prompts. + * plugin/icedteanp/java/sun/applet/PluginMain.java + (init): Only install custom authenticator if allowed by + configuration. + +2010-11-18 Omair Majid <[email protected]> + * netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java: Add KEY_ENABLE_LOGGING. (loadDefaultProperties): Use KEY_ENABLE_LOGGING. diff --git a/netx/net/sourceforge/jnlp/SecurityDesc.java b/netx/net/sourceforge/jnlp/SecurityDesc.java index d2ccde6..e7a9706 100644 --- a/netx/net/sourceforge/jnlp/SecurityDesc.java +++ b/netx/net/sourceforge/jnlp/SecurityDesc.java @@ -23,6 +23,9 @@ import java.util.*; import java.security.*; import java.awt.AWTPermission; +import net.sourceforge.jnlp.runtime.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.JNLPRuntime; + /** * The security element. * @@ -67,7 +70,6 @@ public class SecurityDesc { // queues, or even prevent access to security dialog queues. // // new AWTPermission("accessEventQueue"), - new AWTPermission("showWindowWithoutWarningBanner"), new RuntimePermission("exitVM"), new RuntimePermission("loadLibrary"), new RuntimePermission("queuePrintJob"), @@ -105,7 +107,6 @@ public class SecurityDesc { new PropertyPermission("javaws.*", "read,write"), new RuntimePermission("exitVM"), new RuntimePermission("stopThread"), - new AWTPermission("showWindowWithoutWarningBanner"), // disabled because we can't at this time prevent an // application from accessing other applications' event // queues, or even prevent access to security dialog queues. @@ -187,6 +188,11 @@ public class SecurityDesc { for (int i=0; i < sandboxPermissions.length; i++) permissions.add(sandboxPermissions[i]); + String key = DeploymentConfiguration.KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING; + if (Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(key)) == Boolean.TRUE) { + permissions.add(new AWTPermission("showWindowWithoutWarningBanner")); + } + if (file.isApplication()) for (int i=0; i < jnlpRIAPermissions.length; i++) permissions.add(jnlpRIAPermissions[i]); diff --git a/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java b/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java index 20d66e0..779cd46 100644 --- a/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java +++ b/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java @@ -17,6 +17,7 @@ package net.sourceforge.jnlp.runtime; +import java.awt.AWTPermission; import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.File; @@ -154,8 +155,32 @@ public final class DeploymentConfiguration { public static final String KEY_SYSTEM_TRUSTED_JSSE_CERTS = "deployment.system.security.trusted.jssecerts"; public static final String KEY_SYSTEM_TRUSTED_CLIENT_CERTS = "deployment.system.security.trusted.clientautcerts"; + /* + * Security and access control + */ + + /** Boolean. Only show security prompts to user if true */ + public static final String KEY_SECURITY_PROMPT_USER = "deployment.security.askgrantdialog.show"; + + /** Boolean. Only give AWTPermission("showWindowWithoutWarningBanner") if true */ + public static final String KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING = "deployment.security.sandbox.awtwarningwindow"; + + /** Boolean. Only prompt user for granting any JNLP permissions if true */ + public static final String KEY_SECURITY_PROMPT_USER_FOR_JNLP = "deployment.security.sandbox.jnlp.enhanced"; + + /** Boolean. Only install the custom authenticator if true */ + public static final String KEY_SECURITY_INSTALL_AUTHENTICATOR = "deployment.security.authenticator"; + + /* + * Tracing and Logging + */ + public static final String KEY_ENABLE_LOGGING = "deployment.log"; + /* + * Desktop Integration + */ + public static final String KEY_CREATE_DESKTOP_SHORTCUT = "deployment.javaws.shortcut"; public static final String KEY_BROWSER_PATH = "deployment.browser.path"; @@ -345,15 +370,15 @@ public final class DeploymentConfiguration { { KEY_SYSTEM_TRUSTED_JSSE_CERTS, SYSTEM_SECURITY + File.separator + "trusted.jssecerts" }, { KEY_SYSTEM_TRUSTED_CLIENT_CERTS, SYSTEM_SECURITY + File.separator + "trusted.clientcerts" }, /* security access and control */ - { "deployment.security.askgrantdialog.show", String.valueOf(true) }, + { KEY_SECURITY_PROMPT_USER, String.valueOf(true) }, { "deployment.security.askgrantdialog.notinca", String.valueOf(true) }, { "deployment.security.notinca.warning", String.valueOf(true) }, { "deployment.security.expired.warning", String.valueOf(true) }, { "deployment.security.jsse.hostmismatch.warning", String.valueOf(true) }, { "deployment.security.trusted.policy", null }, - { "deployment.security.sandbox.awtwarningwindow", String.valueOf(true) }, - { "deployment.security.sandbox.jnlp.enhanced", String.valueOf(true) }, - { "deployment.security.authenticator", String.valueOf(true) }, + { KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING, String.valueOf(true) }, + { KEY_SECURITY_PROMPT_USER_FOR_JNLP, String.valueOf(true) }, + { KEY_SECURITY_INSTALL_AUTHENTICATOR, String.valueOf(true) }, /* networking */ { "deployment.proxy.type", String.valueOf(PROXY_TYPE_BROWSER) }, { "deployment.proxy.same", String.valueOf(false) }, diff --git a/netx/net/sourceforge/jnlp/security/SecurityWarning.java b/netx/net/sourceforge/jnlp/security/SecurityWarning.java index 54ffc31..c0eda43 100644 --- a/netx/net/sourceforge/jnlp/security/SecurityWarning.java +++ b/netx/net/sourceforge/jnlp/security/SecurityWarning.java @@ -49,6 +49,7 @@ import javax.swing.JDialog; import javax.swing.SwingUtilities; import net.sourceforge.jnlp.JNLPFile; +import net.sourceforge.jnlp.runtime.DeploymentConfiguration; import net.sourceforge.jnlp.runtime.JNLPRuntime; /** @@ -111,6 +112,11 @@ public class SecurityWarning { */ public static boolean showAccessWarningDialog(final AccessType accessType, final JNLPFile file, final Object[] extras) { + + if (!shouldPromptUser()) { + return false; + } + final SecurityDialogMessage message = new SecurityDialogMessage(); message.dialogType = DialogType.ACCESS_WARNING; @@ -140,6 +146,10 @@ public class SecurityWarning { */ public static boolean showNotAllSignedWarningDialog(JNLPFile file) { + if (!shouldPromptUser()) { + return false; + } + final SecurityDialogMessage message = new SecurityDialogMessage(); message.dialogType = DialogType.NOTALLSIGNED_WARNING; message.accessType = AccessType.NOTALLSIGNED; @@ -174,6 +184,10 @@ public class SecurityWarning { public static boolean showCertWarningDialog(AccessType accessType, JNLPFile file, CertVerifier jarSigner) { + if (!shouldPromptUser()) { + return false; + } + final SecurityDialogMessage message = new SecurityDialogMessage(); message.dialogType = DialogType.CERT_WARNING; message.accessType = accessType; @@ -200,6 +214,10 @@ public class SecurityWarning { */ public static int showAppletWarning() { + if (!shouldPromptUser()) { + return 2; + } + SecurityDialogMessage message = new SecurityDialogMessage(); message.dialogType = DialogType.APPLET_WARNING; @@ -295,4 +313,15 @@ public class SecurityWarning { return message.userResponse; } + /** + * Returns whether the current runtime configuration allows prompting user + * for security warnings. + * + * @return true if security warnings should be shown to the user. + */ + private static boolean shouldPromptUser() { + return Boolean.valueOf(JNLPRuntime.getConfiguration() + .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER)); + } + } diff --git a/netx/net/sourceforge/jnlp/services/ServiceUtil.java b/netx/net/sourceforge/jnlp/services/ServiceUtil.java index 6116332..62ce28f 100644 --- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java +++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java @@ -39,6 +39,7 @@ import javax.jnlp.UnavailableServiceException; import net.sourceforge.jnlp.JNLPFile; import net.sourceforge.jnlp.runtime.ApplicationInstance; +import net.sourceforge.jnlp.runtime.DeploymentConfiguration; import net.sourceforge.jnlp.runtime.JNLPRuntime; import net.sourceforge.jnlp.security.SecurityWarning; import net.sourceforge.jnlp.security.SecurityWarning.AccessType; @@ -208,9 +209,10 @@ public class ServiceUtil { }; /** - * Returns whether the app requesting a service is signed. If the app is - * unsigned, the user is prompted with a dialog asking if the action - * should be allowed. + * Returns whether the app requesting a JNLP service has the right permissions. + * If it doesn't, user is prompted for permissions. This method should only be + * used for JNLP API related permissions. + * * @param type the type of access being requested * @param extras extra Strings (usually) that are passed to the dialog for * message formatting. @@ -221,8 +223,9 @@ public class ServiceUtil { } /** - * Returns whether the app requesting a service has the right permissions. - * If it doesn't, user is prompted for permissions. + * Returns whether the app requesting a JNLP service has the right permissions. + * If it doesn't, user is prompted for permissions. This method should only be + * used for JNLP API related permissions. * * @param app the application which is requesting the check. If null, the current * application is used. @@ -265,6 +268,11 @@ public class ServiceUtil { } if (!codeTrusted) { + + if (!shouldPromptUser()) { + return false; + } + final AccessType tmpType = type; final Object[] tmpExtras = extras; final ApplicationInstance tmpApp = app; @@ -285,4 +293,16 @@ public class ServiceUtil { return true; //allow } + + /** + * Returns whether the current runtime configuration allows prompting the + * user for JNLP permissions. + * + * @return true if the user should be prompted for JNLP API related permissions. + */ + private static boolean shouldPromptUser() { + return Boolean.valueOf(JNLPRuntime.getConfiguration() + .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP)); + } + } diff --git a/plugin/icedteanp/java/sun/applet/PluginMain.java b/plugin/icedteanp/java/sun/applet/PluginMain.java index 613a8f1..f270d9e 100644 --- a/plugin/icedteanp/java/sun/applet/PluginMain.java +++ b/plugin/icedteanp/java/sun/applet/PluginMain.java @@ -199,7 +199,11 @@ public class PluginMain System.setProperties(avProps); // plug in a custom authenticator and proxy selector - Authenticator.setDefault(new CustomAuthenticator()); + boolean installAuthenticator = Boolean.valueOf(JNLPRuntime.getConfiguration() + .getProperty(DeploymentConfiguration.KEY_SECURITY_INSTALL_AUTHENTICATOR)); + if (installAuthenticator) { + Authenticator.setDefault(new CustomAuthenticator()); + } ProxySelector.setDefault(new PluginProxySelector()); CookieManager ckManager = new PluginCookieManager(); |