|
|||||||||||||||||||
30 day Evaluation Version distributed via the Maven Jar Repository. Clover is not free. You have 30 days to evaluate it. Please visit http://www.thecortex.net/clover to obtain a licensed version of Clover | |||||||||||||||||||
Source file | Conditionals | Statements | Methods | TOTAL | |||||||||||||||
AbstractPolicy.java | 0% | 0% | 0% | 0% |
|
1 |
/*
|
|
2 |
* Copyright (C) The Spice Group. All rights reserved.
|
|
3 |
*
|
|
4 |
* This software is published under the terms of the Spice
|
|
5 |
* Software License version 1.1, a copy of which has been included
|
|
6 |
* with this distribution in the LICENSE.txt file.
|
|
7 |
*/
|
|
8 |
package org.codehaus.spice.xmlpolicy.runtime;
|
|
9 |
|
|
10 |
import java.io.File;
|
|
11 |
import java.net.MalformedURLException;
|
|
12 |
import java.net.URL;
|
|
13 |
import java.security.CodeSource;
|
|
14 |
import java.security.Permission;
|
|
15 |
import java.security.PermissionCollection;
|
|
16 |
import java.security.Permissions;
|
|
17 |
import java.security.Policy;
|
|
18 |
import java.security.cert.Certificate;
|
|
19 |
import java.util.ArrayList;
|
|
20 |
import java.util.Enumeration;
|
|
21 |
import org.codehaus.spice.salt.io.FileUtil;
|
|
22 |
|
|
23 |
/**
|
|
24 |
* Abstract Policy class that makes it easy to add permission
|
|
25 |
* sets to policy.
|
|
26 |
*
|
|
27 |
* @author Peter Donald
|
|
28 |
*/
|
|
29 |
public abstract class AbstractPolicy |
|
30 |
extends Policy
|
|
31 |
{ |
|
32 |
/**
|
|
33 |
* List of PolicyEntry objects described by AbstractPolicy.
|
|
34 |
*/
|
|
35 |
private final ArrayList m_entries = new ArrayList(); |
|
36 |
|
|
37 |
/**
|
|
38 |
* Overide so we can have a per-application security policy with
|
|
39 |
* no side-effects to other applications.
|
|
40 |
*
|
|
41 |
* @param codeSource the CodeSource to get permissions for
|
|
42 |
* @return the PermissionCollection
|
|
43 |
*/
|
|
44 | 0 |
public PermissionCollection getPermissions( final CodeSource codeSource )
|
45 |
{ |
|
46 | 0 |
final CodeSource target = normalize( codeSource ); |
47 |
|
|
48 | 0 |
final Permissions permissions = new Permissions();
|
49 | 0 |
final int size = m_entries.size();
|
50 |
|
|
51 | 0 |
for( int i = 0; i < size; i++ ) |
52 |
{ |
|
53 | 0 |
final PolicyEntry entry = (PolicyEntry)m_entries.get( i ); |
54 | 0 |
if( entry.getCodeSource().implies( target ) )
|
55 |
{ |
|
56 | 0 |
copyPermissions( permissions, entry.getPermissions() ); |
57 |
} |
|
58 |
} |
|
59 |
|
|
60 | 0 |
return permissions;
|
61 |
} |
|
62 |
|
|
63 |
/**
|
|
64 |
* Refresh policy. Ignored in this implementation.
|
|
65 |
*/
|
|
66 | 0 |
public void refresh() |
67 |
{ |
|
68 |
} |
|
69 |
|
|
70 |
/**
|
|
71 |
* Create a set of permissions for a particular codesource.
|
|
72 |
* These are read-write permissions and can be written till until the
|
|
73 |
* time in which they are applied to code.
|
|
74 |
*
|
|
75 |
* @param codeSource the code source
|
|
76 |
* @return the permission set
|
|
77 |
*/
|
|
78 | 0 |
protected Permissions createPermissionSetFor( final CodeSource codeSource )
|
79 |
{ |
|
80 | 0 |
final CodeSource target = normalize( codeSource ); |
81 | 0 |
final PolicyEntry entry = |
82 |
new PolicyEntry( target, new Permissions() ); |
|
83 | 0 |
m_entries.add( entry ); |
84 | 0 |
return entry.getPermissions();
|
85 |
} |
|
86 |
|
|
87 |
/**
|
|
88 |
* Normalizing CodeSource involves removing relative addressing
|
|
89 |
* (like .. and .) for file urls.
|
|
90 |
*
|
|
91 |
* @param codeSource the codeSource to be normalized
|
|
92 |
* @return the normalized codeSource
|
|
93 |
*/
|
|
94 | 0 |
private CodeSource normalize( final CodeSource codeSource )
|
95 |
{ |
|
96 | 0 |
final URL initialLocation = codeSource.getLocation(); |
97 |
|
|
98 |
// This is a bit of a h ack. I don't know why CodeSource should behave like this
|
|
99 |
// Fear not, this only seems to be a problem for home grown classloaders.
|
|
100 |
// - Paul Hammant, Nov 2000
|
|
101 | 0 |
if( null == initialLocation ) |
102 |
{ |
|
103 | 0 |
return codeSource;
|
104 |
} |
|
105 |
|
|
106 | 0 |
String location = null;
|
107 |
|
|
108 | 0 |
if( !initialLocation.getProtocol().equalsIgnoreCase( "file" ) ) |
109 |
{ |
|
110 | 0 |
location = initialLocation.getFile(); |
111 | 0 |
location = FileUtil.normalize( location ); |
112 |
} |
|
113 |
else
|
|
114 |
{ |
|
115 | 0 |
final File file = new File( initialLocation.getFile() );
|
116 | 0 |
location = file.getAbsoluteFile().toString().replace( File.separatorChar, '/' ); |
117 | 0 |
location = FileUtil.normalize( location ); |
118 |
} |
|
119 |
|
|
120 | 0 |
URL finalLocation = null;
|
121 | 0 |
try
|
122 |
{ |
|
123 | 0 |
finalLocation = new URL( initialLocation.getProtocol(),
|
124 |
initialLocation.getHost(), |
|
125 |
initialLocation.getPort(), |
|
126 |
location ); |
|
127 |
} |
|
128 |
catch( final MalformedURLException mue )
|
|
129 |
{ |
|
130 | 0 |
error( "Error building codeBase", mue );
|
131 |
} |
|
132 |
|
|
133 | 0 |
final Certificate[] certificates = codeSource.getCertificates(); |
134 | 0 |
return new CodeSource( finalLocation, certificates ); |
135 |
} |
|
136 |
|
|
137 |
/**
|
|
138 |
* Utility method to cpoy permissions from specified source to specified destination.
|
|
139 |
*
|
|
140 |
* @param destination the destination of permissions
|
|
141 |
* @param source the source of permissions
|
|
142 |
*/
|
|
143 | 0 |
private void copyPermissions( final Permissions destination, |
144 |
final Permissions source ) |
|
145 |
{ |
|
146 | 0 |
final Enumeration enum = source.elements(); |
147 | 0 |
while( enum.hasMoreElements() )
|
148 |
{ |
|
149 | 0 |
destination.add( (Permission)enum.nextElement() ); |
150 |
} |
|
151 |
} |
|
152 |
|
|
153 |
/**
|
|
154 |
* Error occured in policy. Subclasses should overide.
|
|
155 |
*/
|
|
156 | 0 |
protected void error( final String message, |
157 |
final Throwable throwable ) |
|
158 |
{ |
|
159 | 0 |
System.err.println( message ); |
160 |
} |
|
161 |
} |
|
162 |
|
|