diff options
Diffstat (limited to 'netx/net/sourceforge')
4 files changed, 91 insertions, 11 deletions
diff --git a/netx/net/sourceforge/jnlp/SecurityDesc.java b/netx/net/sourceforge/jnlp/SecurityDesc.java index d2ccde6..e7a9706 100644 --- a/netx/net/sourceforge/jnlp/SecurityDesc.java +++ b/netx/net/sourceforge/jnlp/SecurityDesc.java @@ -23,6 +23,9 @@ import java.util.*; import java.security.*; import java.awt.AWTPermission; +import net.sourceforge.jnlp.runtime.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.JNLPRuntime; + /** * The security element. * @@ -67,7 +70,6 @@ public class SecurityDesc { // queues, or even prevent access to security dialog queues. // // new AWTPermission("accessEventQueue"), - new AWTPermission("showWindowWithoutWarningBanner"), new RuntimePermission("exitVM"), new RuntimePermission("loadLibrary"), new RuntimePermission("queuePrintJob"), @@ -105,7 +107,6 @@ public class SecurityDesc { new PropertyPermission("javaws.*", "read,write"), new RuntimePermission("exitVM"), new RuntimePermission("stopThread"), - new AWTPermission("showWindowWithoutWarningBanner"), // disabled because we can't at this time prevent an // application from accessing other applications' event // queues, or even prevent access to security dialog queues. @@ -187,6 +188,11 @@ public class SecurityDesc { for (int i=0; i < sandboxPermissions.length; i++) permissions.add(sandboxPermissions[i]); + String key = DeploymentConfiguration.KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING; + if (Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(key)) == Boolean.TRUE) { + permissions.add(new AWTPermission("showWindowWithoutWarningBanner")); + } + if (file.isApplication()) for (int i=0; i < jnlpRIAPermissions.length; i++) permissions.add(jnlpRIAPermissions[i]); diff --git a/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java b/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java index 20d66e0..779cd46 100644 --- a/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java +++ b/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java @@ -17,6 +17,7 @@ package net.sourceforge.jnlp.runtime; +import java.awt.AWTPermission; import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.File; @@ -154,8 +155,32 @@ public final class DeploymentConfiguration { public static final String KEY_SYSTEM_TRUSTED_JSSE_CERTS = "deployment.system.security.trusted.jssecerts"; public static final String KEY_SYSTEM_TRUSTED_CLIENT_CERTS = "deployment.system.security.trusted.clientautcerts"; + /* + * Security and access control + */ + + /** Boolean. Only show security prompts to user if true */ + public static final String KEY_SECURITY_PROMPT_USER = "deployment.security.askgrantdialog.show"; + + /** Boolean. Only give AWTPermission("showWindowWithoutWarningBanner") if true */ + public static final String KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING = "deployment.security.sandbox.awtwarningwindow"; + + /** Boolean. Only prompt user for granting any JNLP permissions if true */ + public static final String KEY_SECURITY_PROMPT_USER_FOR_JNLP = "deployment.security.sandbox.jnlp.enhanced"; + + /** Boolean. Only install the custom authenticator if true */ + public static final String KEY_SECURITY_INSTALL_AUTHENTICATOR = "deployment.security.authenticator"; + + /* + * Tracing and Logging + */ + public static final String KEY_ENABLE_LOGGING = "deployment.log"; + /* + * Desktop Integration + */ + public static final String KEY_CREATE_DESKTOP_SHORTCUT = "deployment.javaws.shortcut"; public static final String KEY_BROWSER_PATH = "deployment.browser.path"; @@ -345,15 +370,15 @@ public final class DeploymentConfiguration { { KEY_SYSTEM_TRUSTED_JSSE_CERTS, SYSTEM_SECURITY + File.separator + "trusted.jssecerts" }, { KEY_SYSTEM_TRUSTED_CLIENT_CERTS, SYSTEM_SECURITY + File.separator + "trusted.clientcerts" }, /* security access and control */ - { "deployment.security.askgrantdialog.show", String.valueOf(true) }, + { KEY_SECURITY_PROMPT_USER, String.valueOf(true) }, { "deployment.security.askgrantdialog.notinca", String.valueOf(true) }, { "deployment.security.notinca.warning", String.valueOf(true) }, { "deployment.security.expired.warning", String.valueOf(true) }, { "deployment.security.jsse.hostmismatch.warning", String.valueOf(true) }, { "deployment.security.trusted.policy", null }, - { "deployment.security.sandbox.awtwarningwindow", String.valueOf(true) }, - { "deployment.security.sandbox.jnlp.enhanced", String.valueOf(true) }, - { "deployment.security.authenticator", String.valueOf(true) }, + { KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING, String.valueOf(true) }, + { KEY_SECURITY_PROMPT_USER_FOR_JNLP, String.valueOf(true) }, + { KEY_SECURITY_INSTALL_AUTHENTICATOR, String.valueOf(true) }, /* networking */ { "deployment.proxy.type", String.valueOf(PROXY_TYPE_BROWSER) }, { "deployment.proxy.same", String.valueOf(false) }, diff --git a/netx/net/sourceforge/jnlp/security/SecurityWarning.java b/netx/net/sourceforge/jnlp/security/SecurityWarning.java index 54ffc31..c0eda43 100644 --- a/netx/net/sourceforge/jnlp/security/SecurityWarning.java +++ b/netx/net/sourceforge/jnlp/security/SecurityWarning.java @@ -49,6 +49,7 @@ import javax.swing.JDialog; import javax.swing.SwingUtilities; import net.sourceforge.jnlp.JNLPFile; +import net.sourceforge.jnlp.runtime.DeploymentConfiguration; import net.sourceforge.jnlp.runtime.JNLPRuntime; /** @@ -111,6 +112,11 @@ public class SecurityWarning { */ public static boolean showAccessWarningDialog(final AccessType accessType, final JNLPFile file, final Object[] extras) { + + if (!shouldPromptUser()) { + return false; + } + final SecurityDialogMessage message = new SecurityDialogMessage(); message.dialogType = DialogType.ACCESS_WARNING; @@ -140,6 +146,10 @@ public class SecurityWarning { */ public static boolean showNotAllSignedWarningDialog(JNLPFile file) { + if (!shouldPromptUser()) { + return false; + } + final SecurityDialogMessage message = new SecurityDialogMessage(); message.dialogType = DialogType.NOTALLSIGNED_WARNING; message.accessType = AccessType.NOTALLSIGNED; @@ -174,6 +184,10 @@ public class SecurityWarning { public static boolean showCertWarningDialog(AccessType accessType, JNLPFile file, CertVerifier jarSigner) { + if (!shouldPromptUser()) { + return false; + } + final SecurityDialogMessage message = new SecurityDialogMessage(); message.dialogType = DialogType.CERT_WARNING; message.accessType = accessType; @@ -200,6 +214,10 @@ public class SecurityWarning { */ public static int showAppletWarning() { + if (!shouldPromptUser()) { + return 2; + } + SecurityDialogMessage message = new SecurityDialogMessage(); message.dialogType = DialogType.APPLET_WARNING; @@ -295,4 +313,15 @@ public class SecurityWarning { return message.userResponse; } + /** + * Returns whether the current runtime configuration allows prompting user + * for security warnings. + * + * @return true if security warnings should be shown to the user. + */ + private static boolean shouldPromptUser() { + return Boolean.valueOf(JNLPRuntime.getConfiguration() + .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER)); + } + } diff --git a/netx/net/sourceforge/jnlp/services/ServiceUtil.java b/netx/net/sourceforge/jnlp/services/ServiceUtil.java index 6116332..62ce28f 100644 --- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java +++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java @@ -39,6 +39,7 @@ import javax.jnlp.UnavailableServiceException; import net.sourceforge.jnlp.JNLPFile; import net.sourceforge.jnlp.runtime.ApplicationInstance; +import net.sourceforge.jnlp.runtime.DeploymentConfiguration; import net.sourceforge.jnlp.runtime.JNLPRuntime; import net.sourceforge.jnlp.security.SecurityWarning; import net.sourceforge.jnlp.security.SecurityWarning.AccessType; @@ -208,9 +209,10 @@ public class ServiceUtil { }; /** - * Returns whether the app requesting a service is signed. If the app is - * unsigned, the user is prompted with a dialog asking if the action - * should be allowed. + * Returns whether the app requesting a JNLP service has the right permissions. + * If it doesn't, user is prompted for permissions. This method should only be + * used for JNLP API related permissions. + * * @param type the type of access being requested * @param extras extra Strings (usually) that are passed to the dialog for * message formatting. @@ -221,8 +223,9 @@ public class ServiceUtil { } /** - * Returns whether the app requesting a service has the right permissions. - * If it doesn't, user is prompted for permissions. + * Returns whether the app requesting a JNLP service has the right permissions. + * If it doesn't, user is prompted for permissions. This method should only be + * used for JNLP API related permissions. * * @param app the application which is requesting the check. If null, the current * application is used. @@ -265,6 +268,11 @@ public class ServiceUtil { } if (!codeTrusted) { + + if (!shouldPromptUser()) { + return false; + } + final AccessType tmpType = type; final Object[] tmpExtras = extras; final ApplicationInstance tmpApp = app; @@ -285,4 +293,16 @@ public class ServiceUtil { return true; //allow } + + /** + * Returns whether the current runtime configuration allows prompting the + * user for JNLP permissions. + * + * @return true if the user should be prompted for JNLP API related permissions. + */ + private static boolean shouldPromptUser() { + return Boolean.valueOf(JNLPRuntime.getConfiguration() + .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP)); + } + } |