You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avalon.apache.org by do...@apache.org on 2001/02/26 01:40:09 UTC
cvs commit: jakarta-avalon/proposal/4.0/src/java/org/apache/aut/security AbstractPolicy.java PolicyClassLoader.java
donaldp 01/02/25 16:40:09
Added: proposal/4.0/src/java/org/apache/aut/security
AbstractPolicy.java PolicyClassLoader.java
Log:
Added security util to aut
Revision Changes Path
1.1 jakarta-avalon/proposal/4.0/src/java/org/apache/aut/security/AbstractPolicy.java
Index: AbstractPolicy.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE file.
*/
package org.apache.aut.security;
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.PropertyPermission;
import org.apache.aut.io.FileUtil;
import org.apache.avalon.Loggable;
import org.apache.avalon.component.Component;
import org.apache.log.Logger;
/**
* Abstract policy extended in avalon.
*
* @author <a href="mailto:donaldp@apache.org">Peter Donald</a>
*/
public abstract class AbstractPolicy
extends Policy
implements Component, Loggable
{
protected final static boolean DEBUG = true;
protected final ArrayList m_entries = new ArrayList();
protected Logger m_logger;
/**
* Internal Policy Entry holder class.
*/
protected final static class PolicyEntry
{
CodeSource m_codeSource;
Permissions m_permissions;
}
public void setLogger( final Logger logger )
{
m_logger = logger;
}
/**
* Overide so we can have a per-application security policy with
* no side-effects to other applications.
*
* @param codeSource the codeSource to get permissions for
* @return the PermissionCollection
*/
public PermissionCollection getPermissions( CodeSource codeSource )
{
codeSource = normalize( codeSource );
getLogger().debug( "getPermissions(" + codeSource.getLocation() + ");" );
final Permissions permissions = new Permissions();
final int size = m_entries.size();
for( int i = 0; i < size; i++ )
{
final PolicyEntry entry = (PolicyEntry)m_entries.get( i );
if( entry.m_codeSource.implies( codeSource ) )
{
if( DEBUG )
{
getLogger().debug( entry.m_codeSource.getLocation() + " implies " +
codeSource.getLocation() );
}
copyPermissions( permissions, entry.m_permissions );
}
}
if( DEBUG )
{
getLogger().debug( codeSource.getLocation() + " permissions = " + permissions );
}
return permissions;
}
/**
* Refresh policy. Ignored in this implementation.
*/
public void refresh()
{
}
/**
* Normalizing CodeSource involves removing relative addressing
* (like .. and .) for file urls.
*
* @param codeSource the codeSource to be normalized
* @return the normalized codeSource
*/
protected CodeSource normalize( final CodeSource codeSource )
{
final URL initialLocation = codeSource.getLocation();
// This is a bit of a hack. I don't know why CodeSource should behave like this
// Fear not, this only seems to be a problem for home grown classloaders.
// - Paul Hammant, Nov 2000
if( null == initialLocation ) return codeSource;
String location = null;
if( !initialLocation.getProtocol().equalsIgnoreCase( "file" ) )
{
location = initialLocation.getFile();
location = FileUtil.normalize( location );
}
else
{
final File file = new File( initialLocation.getFile() );
location = file.getAbsoluteFile().toString().replace( File.separatorChar, '/' );
location = FileUtil.normalize( location );
}
URL finalLocation = null;
try
{
finalLocation = new URL( initialLocation.getProtocol(),
initialLocation.getHost(),
initialLocation.getPort(),
location );
}
catch( final MalformedURLException mue )
{
getLogger().warn( "Error building codeBase", mue );
}
return new CodeSource( finalLocation, codeSource.getCertificates() );
}
protected void copyPermissions( final Permissions destination, final Permissions src )
{
final Enumeration enum = src.elements();
while( enum.hasMoreElements() )
{
destination.add( (Permission)enum.nextElement() );
}
}
/**
* Create a permission set for a codeBase.
* These are read-write permissions and can be written till until the
* time in which they are applied to code.
*
* @param location the location of codes to apply permission set to.
* @param signers a comma seperated string of thos who signed codebase
* @return the new permission set
* @exception MalformedURLException if location string is malformed
*/
protected Permissions createPermissionSetFor( final String location,
final Certificate[] signers )
throws MalformedURLException
{
final PolicyEntry entry = new PolicyEntry();
entry.m_codeSource = new CodeSource( new URL( location ), signers );
entry.m_codeSource = normalize( entry.m_codeSource );
getLogger().debug( "createPermissionSetFor(" +
entry.m_codeSource.getLocation() + ");" );
entry.m_permissions = new Permissions();
m_entries.add( entry );
return entry.m_permissions;
}
protected final Logger getLogger()
{
return m_logger;
}
}
1.1 jakarta-avalon/proposal/4.0/src/java/org/apache/aut/security/PolicyClassLoader.java
Index: PolicyClassLoader.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE file.
*/
package org.apache.aut.security;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
/**
* Classloader that applies correct policy information.
*
* @author <a href="mailto:donaldp@apache.org">Peter Donald</a>
*/
public class PolicyClassLoader
extends URLClassLoader
{
protected Policy m_policy;
public PolicyClassLoader( final URL[] urls,
final ClassLoader classLoader,
final Policy policy )
{
super( urls, classLoader );
m_policy = policy;
}
/**
* Overide so we can have a per-application security policy with
* no side-effects to other applications.
*
* @param codeSource the codeSource to get permissions for
* @return the PermissionCollection
*/
protected PermissionCollection getPermissions( final CodeSource codeSource )
{
if( null == m_policy )
{
final Permissions permissions = new Permissions();
permissions.add( new java.security.AllPermission() );
return permissions;
}
else
{
return m_policy.getPermissions( codeSource );
}
}
}