You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@avalon.apache.org by do...@apache.org on 2002/09/15 13:36:34 UTC
cvs commit: jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/runtime AbstractPolicy.java PolicyEntry.java
donaldp 2002/09/15 04:36:34
Added: loader/src/java/org/apache/excalibur/policy/runtime
AbstractPolicy.java PolicyEntry.java
Log:
Start to integrate across the policy classes
Revision Changes Path
1.1 jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/runtime/AbstractPolicy.java
Index: AbstractPolicy.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE.txt file.
*/
package org.apache.excalibur.policy.runtime;
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
/**
* Abstract policy extended in avalon.
*
* @author <a href="mailto:peter at apache.org">Peter Donald</a>
*/
abstract class AbstractPolicy
extends Policy
{
private final ArrayList m_entries = new ArrayList();
/**
* Overide so we can have a per-application security policy with
* no side-effects to other applications.
*
* @param codeSource the codeSource to get permissions for
* @return the PermissionCollection
*/
public PermissionCollection getPermissions( CodeSource codeSource )
{
codeSource = normalize( codeSource );
if( isDebugEnabled() )
{
debug( "getPermissions(" + codeSource.getLocation() + ");" );
}
final Permissions permissions = new Permissions();
final int size = m_entries.size();
for( int i = 0; i < size; i++ )
{
final PolicyEntry entry = (PolicyEntry)m_entries.get( i );
if( entry.getCodeSource().implies( codeSource ) )
{
copyPermissions( permissions, entry.getPermissions() );
}
}
return permissions;
}
/**
* Refresh policy. Ignored in this implementation.
*/
public void refresh()
{
}
/**
* Create a permission set for a codeBase.
* These are read-write permissions and can be written till until the
* time in which they are applied to code.
*
* @param location the location of codes to apply permission set to.
* @param signers a comma seperated string of thos who signed codebase
* @return the new permission set
* @throws MalformedURLException if location string is malformed
*/
protected Permissions createPermissionSetFor( final String location,
final Certificate[] signers )
throws MalformedURLException
{
return createPermissionSetFor( new URL( location ), signers );
}
/**
* Create permission set for a codebase and a set of certificates
*/
protected Permissions createPermissionSetFor( final URL url,
final Certificate[] signers )
{
if( isDebugEnabled() )
{
debug( "createPermissionSetFor(" + url + ");" );
}
CodeSource codeSource = new CodeSource( url, signers );
codeSource = normalize( codeSource );
final PolicyEntry entry = new PolicyEntry( codeSource, new Permissions() );
m_entries.add( entry );
return entry.getPermissions();
}
/**
* Normalizing CodeSource involves removing relative addressing
* (like .. and .) for file urls.
*
* @param codeSource the codeSource to be normalized
* @return the normalized codeSource
*/
private CodeSource normalize( final CodeSource codeSource )
{
final URL initialLocation = codeSource.getLocation();
// This is a bit of a h ack. I don't know why CodeSource should behave like this
// Fear not, this only seems to be a problem for home grown classloaders.
// - Paul Hammant, Nov 2000
if( null == initialLocation )
{
return codeSource;
}
String location = null;
if( !initialLocation.getProtocol().equalsIgnoreCase( "file" ) )
{
location = initialLocation.getFile();
location = normalize( location );
}
else
{
final File file = new File( initialLocation.getFile() );
location = file.getAbsoluteFile().toString().replace( File.separatorChar, '/' );
location = normalize( location );
}
URL finalLocation = null;
try
{
finalLocation = new URL( initialLocation.getProtocol(),
initialLocation.getHost(),
initialLocation.getPort(),
location );
}
catch( final MalformedURLException mue )
{
error( "Error building codeBase", mue );
}
return new CodeSource( finalLocation, codeSource.getCertificates() );
}
/**
* Utility method to cpoy permissions from specified source to specified destination.
*
* @param destination the destination of permissions
* @param source the source of permissions
*/
private void copyPermissions( final Permissions destination,
final Permissions source )
{
final Enumeration enum = source.elements();
while( enum.hasMoreElements() )
{
destination.add( (Permission)enum.nextElement() );
}
}
/**
* Error occured in policy. Subclasses should overide.
*/
protected void error( final String message,
final Throwable throwable )
{
System.err.println( message );
}
/**
* Print out a debug message.
*/
protected void debug( final String message )
{
System.out.println( message );
}
/**
* Return true if we should print debug information.
*/
protected boolean isDebugEnabled()
{
return false;
}
/**
* Normalize a path. That means:
* <ul>
* <li>changes to unix style if under windows</li>
* <li>eliminates "/../" and "/./"</li>
* <li>if path is absolute (starts with '/') and there are
* too many occurences of "../" (would then have some kind
* of 'negative' path) returns null.</li>
* <li>If path is relative, the exceeding ../ are kept at
* the begining of the path.</li>
* </ul>
* <br><br>
*
* <b>Note:</b> note that this method has been tested with unix and windows only.
*
* <p>Eg:</p>
* <pre>
* /foo// --> /foo/
* /foo/./ --> /foo/
* /foo/../bar --> /bar
* /foo/../bar/ --> /bar/
* /foo/../bar/../baz --> /baz
* //foo//./bar --> /foo/bar
* /../ --> null
* </pre>
*
* @param path the path to be normalized.
* @return the normalized path or null.
* @throws NullPointerException if path is null.
*/
protected static final String normalize( String path )
{
if( path.length() < 2 )
{
return path;
}
StringBuffer buff = new StringBuffer( path );
int length = path.length();
// this whole prefix thing is for windows compatibility only.
String prefix = null;
if( length > 2 && buff.charAt( 1 ) == ':' )
{
prefix = path.substring( 0, 2 );
buff.delete( 0, 2 );
path = path.substring( 2 );
length -= 2;
}
boolean startsWithSlash = length > 0 && (buff.charAt( 0 ) == '/' || buff.charAt( 0 ) == '\\');
boolean expStart = true;
int ptCount = 0;
int lastSlash = length + 1;
int upLevel = 0;
for( int i = length - 1; i >= 0; i-- )
switch( path.charAt( i ) )
{
case '\\':
buff.setCharAt( i, '/' );
case '/':
if( lastSlash == i + 1 )
{
buff.deleteCharAt( i );
}
switch( ptCount )
{
case 1:
buff.delete( i, lastSlash );
break;
case 2:
upLevel++;
break;
default:
if( upLevel > 0 && lastSlash != i + 1 )
{
buff.delete( i, lastSlash + 3 );
upLevel--;
}
break;
}
ptCount = 0;
expStart = true;
lastSlash = i;
break;
case '.':
if( expStart )
{
ptCount++;
}
break;
default:
ptCount = 0;
expStart = false;
break;
}
switch( ptCount )
{
case 1:
buff.delete( 0, lastSlash );
break;
case 2:
break;
default:
if( upLevel > 0 )
{
if( startsWithSlash )
{
return null;
}
else
{
upLevel = 1;
}
}
while( upLevel > 0 )
{
buff.delete( 0, lastSlash + 3 );
upLevel--;
}
break;
}
length = buff.length();
boolean isLengthNull = length == 0;
char firstChar = isLengthNull?(char)0:buff.charAt( 0 );
if( !startsWithSlash && !isLengthNull && firstChar == '/' )
{
buff.deleteCharAt( 0 );
}
else if( startsWithSlash &&
(isLengthNull || (!isLengthNull && firstChar != '/')) )
{
buff.insert( 0, '/' );
}
if( prefix != null )
{
buff.insert( 0, prefix );
}
return buff.toString();
}
}
1.1 jakarta-avalon-excalibur/loader/src/java/org/apache/excalibur/policy/runtime/PolicyEntry.java
Index: PolicyEntry.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE.txt file.
*/
package org.apache.excalibur.policy.runtime;
import java.security.CodeSource;
import java.security.Permissions;
/**
* Internal Policy Entry holder class.
* Holds information about an entry in policy file.
*/
final class PolicyEntry
{
/**
* The code source that entry is about.
*/
private final CodeSource m_codeSource;
/**
* the set of permissions for code source.
*/
private final Permissions m_permissions;
public PolicyEntry( final CodeSource codeSource,
final Permissions permissions )
{
m_codeSource = codeSource;
m_permissions = permissions;
}
public CodeSource getCodeSource()
{
return m_codeSource;
}
public Permissions getPermissions()
{
return m_permissions;
}
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>