aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net
diff options
context:
space:
mode:
Diffstat (limited to 'netx/net')
-rw-r--r--netx/net/sourceforge/jnlp/SecurityDesc.java10
-rw-r--r--netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java33
-rw-r--r--netx/net/sourceforge/jnlp/security/SecurityWarning.java29
-rw-r--r--netx/net/sourceforge/jnlp/services/ServiceUtil.java30
4 files changed, 91 insertions, 11 deletions
diff --git a/netx/net/sourceforge/jnlp/SecurityDesc.java b/netx/net/sourceforge/jnlp/SecurityDesc.java
index d2ccde6..e7a9706 100644
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java
@@ -23,6 +23,9 @@ import java.util.*;
import java.security.*;
import java.awt.AWTPermission;
+import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+
/**
* The security element.
*
@@ -67,7 +70,6 @@ public class SecurityDesc {
// queues, or even prevent access to security dialog queues.
//
// new AWTPermission("accessEventQueue"),
- new AWTPermission("showWindowWithoutWarningBanner"),
new RuntimePermission("exitVM"),
new RuntimePermission("loadLibrary"),
new RuntimePermission("queuePrintJob"),
@@ -105,7 +107,6 @@ public class SecurityDesc {
new PropertyPermission("javaws.*", "read,write"),
new RuntimePermission("exitVM"),
new RuntimePermission("stopThread"),
- new AWTPermission("showWindowWithoutWarningBanner"),
// disabled because we can't at this time prevent an
// application from accessing other applications' event
// queues, or even prevent access to security dialog queues.
@@ -187,6 +188,11 @@ public class SecurityDesc {
for (int i=0; i < sandboxPermissions.length; i++)
permissions.add(sandboxPermissions[i]);
+ String key = DeploymentConfiguration.KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING;
+ if (Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(key)) == Boolean.TRUE) {
+ permissions.add(new AWTPermission("showWindowWithoutWarningBanner"));
+ }
+
if (file.isApplication())
for (int i=0; i < jnlpRIAPermissions.length; i++)
permissions.add(jnlpRIAPermissions[i]);
diff --git a/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java b/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java
index 20d66e0..779cd46 100644
--- a/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java
+++ b/netx/net/sourceforge/jnlp/runtime/DeploymentConfiguration.java
@@ -17,6 +17,7 @@
package net.sourceforge.jnlp.runtime;
+import java.awt.AWTPermission;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.File;
@@ -154,8 +155,32 @@ public final class DeploymentConfiguration {
public static final String KEY_SYSTEM_TRUSTED_JSSE_CERTS = "deployment.system.security.trusted.jssecerts";
public static final String KEY_SYSTEM_TRUSTED_CLIENT_CERTS = "deployment.system.security.trusted.clientautcerts";
+ /*
+ * Security and access control
+ */
+
+ /** Boolean. Only show security prompts to user if true */
+ public static final String KEY_SECURITY_PROMPT_USER = "deployment.security.askgrantdialog.show";
+
+ /** Boolean. Only give AWTPermission("showWindowWithoutWarningBanner") if true */
+ public static final String KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING = "deployment.security.sandbox.awtwarningwindow";
+
+ /** Boolean. Only prompt user for granting any JNLP permissions if true */
+ public static final String KEY_SECURITY_PROMPT_USER_FOR_JNLP = "deployment.security.sandbox.jnlp.enhanced";
+
+ /** Boolean. Only install the custom authenticator if true */
+ public static final String KEY_SECURITY_INSTALL_AUTHENTICATOR = "deployment.security.authenticator";
+
+ /*
+ * Tracing and Logging
+ */
+
public static final String KEY_ENABLE_LOGGING = "deployment.log";
+ /*
+ * Desktop Integration
+ */
+
public static final String KEY_CREATE_DESKTOP_SHORTCUT = "deployment.javaws.shortcut";
public static final String KEY_BROWSER_PATH = "deployment.browser.path";
@@ -345,15 +370,15 @@ public final class DeploymentConfiguration {
{ KEY_SYSTEM_TRUSTED_JSSE_CERTS, SYSTEM_SECURITY + File.separator + "trusted.jssecerts" },
{ KEY_SYSTEM_TRUSTED_CLIENT_CERTS, SYSTEM_SECURITY + File.separator + "trusted.clientcerts" },
/* security access and control */
- { "deployment.security.askgrantdialog.show", String.valueOf(true) },
+ { KEY_SECURITY_PROMPT_USER, String.valueOf(true) },
{ "deployment.security.askgrantdialog.notinca", String.valueOf(true) },
{ "deployment.security.notinca.warning", String.valueOf(true) },
{ "deployment.security.expired.warning", String.valueOf(true) },
{ "deployment.security.jsse.hostmismatch.warning", String.valueOf(true) },
{ "deployment.security.trusted.policy", null },
- { "deployment.security.sandbox.awtwarningwindow", String.valueOf(true) },
- { "deployment.security.sandbox.jnlp.enhanced", String.valueOf(true) },
- { "deployment.security.authenticator", String.valueOf(true) },
+ { KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING, String.valueOf(true) },
+ { KEY_SECURITY_PROMPT_USER_FOR_JNLP, String.valueOf(true) },
+ { KEY_SECURITY_INSTALL_AUTHENTICATOR, String.valueOf(true) },
/* networking */
{ "deployment.proxy.type", String.valueOf(PROXY_TYPE_BROWSER) },
{ "deployment.proxy.same", String.valueOf(false) },
diff --git a/netx/net/sourceforge/jnlp/security/SecurityWarning.java b/netx/net/sourceforge/jnlp/security/SecurityWarning.java
index 54ffc31..c0eda43 100644
--- a/netx/net/sourceforge/jnlp/security/SecurityWarning.java
+++ b/netx/net/sourceforge/jnlp/security/SecurityWarning.java
@@ -49,6 +49,7 @@ import javax.swing.JDialog;
import javax.swing.SwingUtilities;
import net.sourceforge.jnlp.JNLPFile;
+import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
/**
@@ -111,6 +112,11 @@ public class SecurityWarning {
*/
public static boolean showAccessWarningDialog(final AccessType accessType,
final JNLPFile file, final Object[] extras) {
+
+ if (!shouldPromptUser()) {
+ return false;
+ }
+
final SecurityDialogMessage message = new SecurityDialogMessage();
message.dialogType = DialogType.ACCESS_WARNING;
@@ -140,6 +146,10 @@ public class SecurityWarning {
*/
public static boolean showNotAllSignedWarningDialog(JNLPFile file) {
+ if (!shouldPromptUser()) {
+ return false;
+ }
+
final SecurityDialogMessage message = new SecurityDialogMessage();
message.dialogType = DialogType.NOTALLSIGNED_WARNING;
message.accessType = AccessType.NOTALLSIGNED;
@@ -174,6 +184,10 @@ public class SecurityWarning {
public static boolean showCertWarningDialog(AccessType accessType,
JNLPFile file, CertVerifier jarSigner) {
+ if (!shouldPromptUser()) {
+ return false;
+ }
+
final SecurityDialogMessage message = new SecurityDialogMessage();
message.dialogType = DialogType.CERT_WARNING;
message.accessType = accessType;
@@ -200,6 +214,10 @@ public class SecurityWarning {
*/
public static int showAppletWarning() {
+ if (!shouldPromptUser()) {
+ return 2;
+ }
+
SecurityDialogMessage message = new SecurityDialogMessage();
message.dialogType = DialogType.APPLET_WARNING;
@@ -295,4 +313,15 @@ public class SecurityWarning {
return message.userResponse;
}
+ /**
+ * Returns whether the current runtime configuration allows prompting user
+ * for security warnings.
+ *
+ * @return true if security warnings should be shown to the user.
+ */
+ private static boolean shouldPromptUser() {
+ return Boolean.valueOf(JNLPRuntime.getConfiguration()
+ .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
+ }
+
}
diff --git a/netx/net/sourceforge/jnlp/services/ServiceUtil.java b/netx/net/sourceforge/jnlp/services/ServiceUtil.java
index 6116332..62ce28f 100644
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java
+++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java
@@ -39,6 +39,7 @@ import javax.jnlp.UnavailableServiceException;
import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.runtime.ApplicationInstance;
+import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.security.SecurityWarning;
import net.sourceforge.jnlp.security.SecurityWarning.AccessType;
@@ -208,9 +209,10 @@ public class ServiceUtil {
};
/**
- * Returns whether the app requesting a service is signed. If the app is
- * unsigned, the user is prompted with a dialog asking if the action
- * should be allowed.
+ * Returns whether the app requesting a JNLP service has the right permissions.
+ * If it doesn't, user is prompted for permissions. This method should only be
+ * used for JNLP API related permissions.
+ *
* @param type the type of access being requested
* @param extras extra Strings (usually) that are passed to the dialog for
* message formatting.
@@ -221,8 +223,9 @@ public class ServiceUtil {
}
/**
- * Returns whether the app requesting a service has the right permissions.
- * If it doesn't, user is prompted for permissions.
+ * Returns whether the app requesting a JNLP service has the right permissions.
+ * If it doesn't, user is prompted for permissions. This method should only be
+ * used for JNLP API related permissions.
*
* @param app the application which is requesting the check. If null, the current
* application is used.
@@ -265,6 +268,11 @@ public class ServiceUtil {
}
if (!codeTrusted) {
+
+ if (!shouldPromptUser()) {
+ return false;
+ }
+
final AccessType tmpType = type;
final Object[] tmpExtras = extras;
final ApplicationInstance tmpApp = app;
@@ -285,4 +293,16 @@ public class ServiceUtil {
return true; //allow
}
+
+ /**
+ * Returns whether the current runtime configuration allows prompting the
+ * user for JNLP permissions.
+ *
+ * @return true if the user should be prompted for JNLP API related permissions.
+ */
+ private static boolean shouldPromptUser() {
+ return Boolean.valueOf(JNLPRuntime.getConfiguration()
+ .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+ }
+
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 12:01:45 +0000