avalon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dona...@apache.org
Subject cvs commit: jakarta-avalon/proposal/4.0/src/java/org/apache/aut/security AbstractPolicy.java PolicyClassLoader.java
Date Mon, 26 Feb 2001 00:40:09 GMT
donaldp     01/02/25 16:40:09

  Added:       proposal/4.0/src/java/org/apache/aut/security
                        AbstractPolicy.java PolicyClassLoader.java
  Log:
  Added security util to aut
  
  Revision  Changes    Path
  1.1                  jakarta-avalon/proposal/4.0/src/java/org/apache/aut/security/AbstractPolicy.java
  
  Index: AbstractPolicy.java
  ===================================================================
  /* 
   * Copyright (C) The Apache Software Foundation. All rights reserved. 
   * 
   * This software is published under the terms of the Apache Software License 
   * version 1.1, a copy of which has been included with this distribution in 
   * the LICENSE file. 
   */
  package org.apache.aut.security;
  
  import java.io.File;
  import java.net.MalformedURLException;
  import java.net.URL;
  import java.security.AccessController;
  import java.security.CodeSource;
  import java.security.Permission;
  import java.security.PermissionCollection;
  import java.security.Permissions;
  import java.security.Policy;
  import java.security.PrivilegedActionException;
  import java.security.PrivilegedExceptionAction;
  import java.security.cert.Certificate;
  import java.util.ArrayList;
  import java.util.Enumeration;
  import java.util.PropertyPermission;
  import org.apache.aut.io.FileUtil;
  import org.apache.avalon.Loggable;
  import org.apache.avalon.component.Component;
  import org.apache.log.Logger;
  
  /**
   * Abstract policy extended in avalon.
   * 
   * @author <a href="mailto:donaldp@apache.org">Peter Donald</a>
   */
  public abstract class AbstractPolicy
      extends Policy
      implements Component, Loggable
  {
      protected final static boolean     DEBUG         = true;
  
      protected final ArrayList        m_entries     = new ArrayList();
      
      protected Logger                 m_logger;
  
      /**
       * Internal Policy Entry holder class.
       */
      protected final static class PolicyEntry
      {
          CodeSource                      m_codeSource;
          Permissions                     m_permissions;
      }
  
      public void setLogger( final Logger logger )
      {
          m_logger = logger;
      }
  
      /**
       * Overide so we can have a per-application security policy with 
       * no side-effects to other applications.
       *
       * @param codeSource the codeSource to get permissions for 
       * @return the PermissionCollection
       */
      public PermissionCollection getPermissions( CodeSource codeSource )
      {
          codeSource = normalize( codeSource );
  
          getLogger().debug( "getPermissions(" + codeSource.getLocation() + ");" );
          
          final Permissions permissions = new Permissions();
          final int size = m_entries.size();
          
          for( int i = 0; i < size; i++ )
          {
              final PolicyEntry entry = (PolicyEntry)m_entries.get( i );
              
              if( entry.m_codeSource.implies( codeSource ) )
              {
                  if( DEBUG )
                  {
                      getLogger().debug( entry.m_codeSource.getLocation() + " implies " +
                                         codeSource.getLocation() );
                  }
  
                  copyPermissions( permissions, entry.m_permissions );
              }
          }
          
          if( DEBUG )
          {
              getLogger().debug( codeSource.getLocation() + " permissions = " + permissions
);
          }
          
          return permissions;        
      }
  
      /**
       * Refresh policy. Ignored in this implementation.
       */
      public void refresh()
      {
      }
      
      /**
       * Normalizing CodeSource involves removing relative addressing 
       * (like .. and .) for file urls.
       *
       * @param codeSource the codeSource to be normalized
       * @return the normalized codeSource
       */
      protected CodeSource normalize( final CodeSource codeSource )
      {
          final URL initialLocation = codeSource.getLocation();
          
          // This is a bit of a hack.  I don't know why CodeSource should behave like this
          // Fear not, this only seems to be a problem for home grown classloaders.
          // - Paul Hammant, Nov 2000
          if( null == initialLocation ) return codeSource;
  
          String location = null;
          
          if( !initialLocation.getProtocol().equalsIgnoreCase( "file" ) )
          {
              location = initialLocation.getFile();
              location = FileUtil.normalize( location );
          }
          else
          {
              final File file = new File( initialLocation.getFile() );
              location = file.getAbsoluteFile().toString().replace( File.separatorChar, '/'
);
              location =  FileUtil.normalize( location );
          }
          
          URL finalLocation = null;
          
          try
          {
              finalLocation = new URL( initialLocation.getProtocol(),
                                       initialLocation.getHost(),
                                       initialLocation.getPort(),
                                       location );
          }
          catch( final MalformedURLException mue ) 
          {
              getLogger().warn( "Error building codeBase", mue );
          }
  
          return new CodeSource( finalLocation, codeSource.getCertificates() );
      }
  
      protected void copyPermissions( final Permissions destination, final Permissions src
)
      {
          final Enumeration enum = src.elements();
          while( enum.hasMoreElements() )
          {
              destination.add( (Permission)enum.nextElement() );
          }
      }
      
      /**
       * Create a permission set for a codeBase. 
       * These are read-write permissions and can be written till until the 
       * time in which they are applied to code.
       *
       * @param location the location of codes to apply permission set to.
       * @param signers a comma seperated string of thos who signed codebase
       * @return the new permission set
       * @exception MalformedURLException if location string is malformed
       */
      protected Permissions createPermissionSetFor( final String location, 
                                                    final Certificate[] signers )
          throws MalformedURLException
      {
          final PolicyEntry entry = new PolicyEntry();
          entry.m_codeSource = new CodeSource( new URL( location ), signers );
          entry.m_codeSource = normalize( entry.m_codeSource );
          
          getLogger().debug( "createPermissionSetFor(" + 
                             entry.m_codeSource.getLocation() + ");" );
          
          entry.m_permissions = new Permissions();
          
          m_entries.add( entry );
          return entry.m_permissions;
      }   
  
      protected final Logger getLogger()
      {
          return m_logger;
      }
  }
  
  
  
  1.1                  jakarta-avalon/proposal/4.0/src/java/org/apache/aut/security/PolicyClassLoader.java
  
  Index: PolicyClassLoader.java
  ===================================================================
  /* 
   * Copyright (C) The Apache Software Foundation. All rights reserved. 
   * 
   * This software is published under the terms of the Apache Software License 
   * version 1.1, a copy of which has been included with this distribution in 
   * the LICENSE file. 
   */
  package org.apache.aut.security;
  
  import java.net.URL;
  import java.net.URLClassLoader;
  import java.security.CodeSource;
  import java.security.PermissionCollection;
  import java.security.Permissions;
  import java.security.Policy;
  
  /**
   * Classloader that applies correct policy information.
   * 
   * @author <a href="mailto:donaldp@apache.org">Peter Donald</a>
   */
  public class PolicyClassLoader
      extends URLClassLoader
  {
      protected Policy      m_policy;
  
      public PolicyClassLoader( final URL[] urls, 
                                final ClassLoader classLoader, 
                                final Policy policy )
      {
          super( urls, classLoader );
          m_policy = policy;
      }
  
      /**
       * Overide so we can have a per-application security policy with 
       * no side-effects to other applications.
       *
       * @param codeSource the codeSource to get permissions for 
       * @return the PermissionCollection
       */
      protected PermissionCollection getPermissions( final CodeSource codeSource )
      {
          if( null == m_policy )
          {
              final Permissions permissions = new Permissions();
              permissions.add( new java.security.AllPermission() );
              return permissions;
          }
          else
          {
              return m_policy.getPermissions( codeSource );
          }
      }
  }
  
  
  

Mime
View raw message