xmlgraphics-batik-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vha...@apache.org
Subject cvs commit: xml-batik/sources/org/apache/batik/util ApplicationSecurityEnforcer.java
Date Mon, 17 Jun 2002 08:07:39 GMT
vhardy      2002/06/17 01:07:39

  Modified:    resources/org/apache/batik/apps/svgbrowser/resources
                        GUI.properties svgbrowser.bin.policy
                        svgbrowser.policy
               sources/org/apache/batik/apps/svgbrowser Main.java
                        PreferenceDialog.java
               sources/org/apache/batik/util
                        ApplicationSecurityEnforcer.java
  Added:       test-resources/org/apache/batik/bridge scriptPermissions.svg
  Log:
  Additional Configuration options for security settings in Squiggle.
  
  Now, it is possible to:
  
  - Enable/Disable secure scripting
  
  - When secure scripting is enabled, scripts have a limited set of 
    permissions. Two permissions can be granted optionally:
     + access to the file system
     + access to the network with no limitations
  
    A finer granularity can be achieved by specifying a custom 
    security policy file through the command line option (the 
    java.security.policy system property). A custom security 
    policy file will take precedence over the one generated by
    Squiggle.
  
  Revision  Changes    Path
  1.1                  xml-batik/test-resources/org/apache/batik/bridge/scriptPermissions.svg
  
  Index: scriptPermissions.svg
  ===================================================================
  <?xml version="1.0" standalone="no"?>
  <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN"
  "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
  
  <!-- ========================================================================= -->
  <!-- Copyright (C) The Apache Software Foundation. All rights reserved.        -->
  <!--                                                                           -->
  <!-- This software is published under the terms of the Apache Software License -->
  <!-- version 1.1, a copy of which has been included with this distribution in  -->
  <!-- the LICENSE file.                                                         -->
  <!-- ========================================================================= -->
  
  <!-- ========================================================================= -->
  <!-- Checks that access to critical functions is not allowed.                  -->
  <!--                                                                           -->
  <!-- @author vincent.hardy@sun.com                                             -->
  <!-- @version $Id: scriptPermissions.svg,v 1.1 2002/06/17 08:07:38 vhardy Exp $   -->
  <!-- ========================================================================= -->
  
  <svg xmlns="http://www.w3.org/2000/svg" 
       xmlns:xlink="http://www.w3.org/1999/xlink" 
       xmlns:test="http://xml.apache.org/batik/test"
       width="450" height="500" viewBox="0 0 450 500">
  
      <test:testResult id="testResult" result="passed"/>
      <script type="text/ecmascript"><![CDATA[
  
      var insertAt = "";
      var curURI = "";
  
      function insertContentAt(uri, insertionPoint) {
          insertAt = insertionPoint;
          curURI = uri;
          getURL(uri, onInsert);
      }
  
      function onInsert(status) {
          if (status.success == false) {
              alert("Could not get " + curURI);
              return;
          }
  
          var insertionPoint = document.getElementById(insertAt);
  
          if (insertionPoint == null) {
              alert("Could not find : " + insertAt);
              return;
          }
  
          var svgContent = status.content;
  
          var svgContentRoot = parseXML(svgContent, document);
  
          if (svgContentRoot == null) {
              alert("Could not parse content from : " + insertAt);
              return;
          }
  
          insertionPoint.appendChild(svgContentRoot);
      }
      ]]></script>
  
      <g id="insertionPoint">
      </g>
  
      <g transform="translate(225, 100)">
          <style type="text/css"><![CDATA[
  
          .testButton {
              fill: white;
              fill-opacity: .5;
              stroke: black;
              shape-rendering: crispEdges;
          }
  
          .buttonLabel {
              fill: black;
              text-anchor: middle;
          }
  
          .title {
              text-anchor: middle;
          }
  
          ]]>
          </style>
  
          <defs>
              <rect class="testButton" id="testButton" x="-60" y="-20" width="120" height="30"
/>
          </defs>
  
          <text transform="translate(0,0)" class="title" y="-40">Click on one of the
following buttons 
              <tspan x="0" dy="1.2em">to test unsecure content insertion</tspan>
              <tspan x="0" dy="1.2em">(the result depends on the security settings)</tspan></text>
  
          <g transform="translate(0,120)">
              <use xlink:href="#testButton" onclick="insertContentAt('http://nagoya.apache.org/batik_1.1/batik-1.1/samples/asf-logo.svg',
'insertionPoint')" />
              <text class="buttonLabel">Network Access</text>
          </g>
          
          <g transform="translate(0,160)">
              <use xlink:href="#testButton" onclick="insertContentAt('../../../../../samples/batikFX.svg',
'insertionPoint')" />
              <text class="buttonLabel">File System Access</text>
          </g>
          
      </g>
  </svg>
  
  
  
  1.52      +8 -3      xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/GUI.properties
  
  Index: GUI.properties
  ===================================================================
  RCS file: /home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/GUI.properties,v
  retrieving revision 1.51
  retrieving revision 1.52
  diff -u -r1.51 -r1.52
  --- GUI.properties	14 Jun 2002 13:12:25 -0000	1.51
  +++ GUI.properties	17 Jun 2002 08:07:38 -0000	1.52
  @@ -403,7 +403,10 @@
   PreferenceDialog.label.show.debug.trace = Show Debug Trace
   PreferenceDialog.label.selection.xor.mode = Display selection overlay using XOR mode
   PreferenceDialog.label.is.xml.parser.validating = Use a validating XML parser
  -PreferenceDialog.label.enforce.secure.scripting = Enforce secure scripting
  +PreferenceDialog.label.enforce.secure.scripting = Enforce secure scripting:
  +PreferenceDialog.label.secure.scripting.toggle = On
  +PreferenceDialog.label.grant.script.file.access = Grant scripts access to file system
  +PreferenceDialog.label.grant.script.network.access = Grant scripts access to all network
   PreferenceDialog.label.load.java = Java jar files
   PreferenceDialog.label.load.ecmascript = Ecmascript/Javascript
   PreferenceDialog.label.constrain.script.origin = Scripts constrained to same origin as
document
  @@ -419,7 +422,9 @@
   PreferenceDialog.label.origin.none = Not allowed
   PreferenceDialog.label.script.origin = Script Origin:
   PreferenceDialog.label.resource.origin = External Resources Origin:
  -PreferenceDialog.title.behavior = Optional Browser Behaviors
  +PreferenceDialog.title.browser.options = Browser Options
  +PreferenceDialog.title.behavior = Optional Behaviors
  +PreferenceDialog.title.security = Security Settings
   PreferenceDialog.title.network = Network Options
   PreferenceDialog.title.dialog = Preferences
   
  
  
  
  1.6       +3 -0      xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy
  
  Index: svgbrowser.bin.policy
  ===================================================================
  RCS file: /home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.bin.policy,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- svgbrowser.bin.policy	14 May 2002 09:42:23 -0000	1.5
  +++ svgbrowser.bin.policy	17 Jun 2002 08:07:38 -0000	1.6
  @@ -1,3 +1,6 @@
  +/* AUTOMATICALLY GENERATED */
  +/* DO NOT EDIT */
  +
   grant codeBase "${app.jar.base}/lib/crimson-parser.jar" {
     permission java.security.AllPermission;
   };
  
  
  
  1.5       +1 -1      xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy
  
  Index: svgbrowser.policy
  ===================================================================
  RCS file: /home/cvs/xml-batik/resources/org/apache/batik/apps/svgbrowser/resources/svgbrowser.policy,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- svgbrowser.policy	14 May 2002 08:57:32 -0000	1.4
  +++ svgbrowser.policy	17 Jun 2002 08:07:38 -0000	1.5
  @@ -1,4 +1,4 @@
  -/* AUTOMATICALLY GENERATED ON Wed Apr 17 13:44:15 CEST 2002*/
  +/* AUTOMATICALLY GENERATED */
   /* DO NOT EDIT */
   
   grant codeBase "${app.dev.base}/classes/" {
  
  
  
  1.35      +126 -8    xml-batik/sources/org/apache/batik/apps/svgbrowser/Main.java
  
  Index: Main.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/Main.java,v
  retrieving revision 1.34
  retrieving revision 1.35
  diff -u -r1.34 -r1.35
  --- Main.java	14 Jun 2002 13:12:24 -0000	1.34
  +++ Main.java	17 Jun 2002 08:07:39 -0000	1.35
  @@ -13,9 +13,14 @@
   
   import java.awt.event.ActionEvent;
   
  +
  +import java.io.BufferedReader;
   import java.io.File;
  +import java.io.FileWriter;
   import java.io.IOException;
  -
  +import java.io.InputStreamReader;
  +import java.io.Reader;
  +import java.io.Writer;
   import java.security.Policy;
   
   import java.util.HashMap;
  @@ -68,6 +73,44 @@
           = ".load";
   
       /**
  +     * User home property
  +     */
  +    public static final String PROPERTY_USER_HOME = "user.home";
  +
  +    /**
  +     * System property for specifying an additional policy file.
  +     */
  +    public static final String PROPERTY_JAVA_SECURITY_POLICY 
  +        = "java.security.policy";
  +
  +    /**
  +     * Batik configuration sub-directory
  +     */
  +    public static final String BATIK_CONFIGURATION_SUBDIRECTORY = ".batik";
  +
  +    /**
  +     * Name of the Squiggle configuration file
  +     */
  +    public static final String SQUIGGLE_CONFIGURATION_FILE = "preferences.xml";
  +
  +    /**
  +     * Name of the Squiggle policy file
  +     */
  +    public static final String SQUIGGLE_POLICY_FILE = "__svgbrowser.policy";
  +
  +    /**
  +     * Entry for granting network access to scripts
  +     */
  +    public static final String POLICY_GRANT_SCRIPT_NETWORK_ACCESS
  +        = "grant {\n  permission java.net.SocketPermission \"*\", \"listen, connect, resolve,
accept\";\n};\n\n";
  +
  +    /**
  +     * Entry for granting file system access to scripts
  +     */
  +    public static final String POLICY_GRANT_SCRIPT_FILE_ACCESS
  +        = "grant {\n  permission java.io.FilePermission \"<<ALL FILES>>\",
\"read\";\n};\n\n";
  +
  +    /**
        * Creates a viewer frame and shows it..
        * @param args The command-line arguments.
        */
  @@ -124,6 +167,14 @@
       protected String[] arguments;
   
       /**
  +     * Controls whether the application can override the 
  +     * system security policy property. This is done when there
  +     * was no initial security policy specified when the application
  +     * stated, in which case Batik will use that property.
  +     */
  +    protected boolean overrideSecurityPolicy = false;
  +
  +    /**
        * Script security enforcement is delegated to the 
        * security utility 
        */
  @@ -181,6 +232,10 @@
                        Boolean.FALSE);
           defaults.put(PreferenceDialog.PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING,
                        Boolean.TRUE);
  +        defaults.put(PreferenceDialog.PREFERENCE_KEY_GRANT_SCRIPT_FILE_ACCESS,
  +                     Boolean.FALSE);
  +        defaults.put(PreferenceDialog.PREFERENCE_KEY_GRANT_SCRIPT_NETWORK_ACCESS,
  +                     Boolean.FALSE);
           defaults.put(PreferenceDialog.PREFERENCE_KEY_LOAD_JAVA,
                        Boolean.TRUE);
           defaults.put(PreferenceDialog.PREFERENCE_KEY_LOAD_ECMASCRIPT,
  @@ -196,10 +251,10 @@
                                                 SQUIGGLE_JAR_NAME);
                                                 
           try {
  -            preferenceManager = new XMLPreferenceManager("preferences.xml",
  +            preferenceManager = new XMLPreferenceManager(SQUIGGLE_CONFIGURATION_FILE,
                                                            defaults);
  -            String dir = System.getProperty("user.home");
  -            File f = new File(dir, ".batik");
  +            String dir = System.getProperty(PROPERTY_USER_HOME);
  +            File f = new File(dir, BATIK_CONFIGURATION_SUBDIRECTORY);
               f.mkdir();
               preferenceManager.setPreferenceDirectory(f.getCanonicalPath());
               preferenceManager.load();
  @@ -250,12 +305,72 @@
           });
           c.setSize(100, 100);
           c.loadSVGDocument(Main.class.getResource("resources/init.svg").toString());
  -
  -                                              
                                                              
       }
   
       /**
  +     * Installs a custom policy file in the '.batik' directory. This is initialized 
  +     * with the content of the policy file coming with the distribution
  +     */
  +    public void installCustomPolicyFile() throws IOException {
  +        String securityPolicyProperty 
  +            = System.getProperty(PROPERTY_JAVA_SECURITY_POLICY);
  +
  +        if (overrideSecurityPolicy
  +            ||
  +            securityPolicyProperty == null
  +            ||
  +            "".equals(securityPolicyProperty)) {
  +            // Access default policy file
  +            ParsedURL policyURL = new ParsedURL(securityEnforcer.getPolicyURL());
  +            
  +            // Override the user policy 
  +            String dir = System.getProperty(PROPERTY_USER_HOME);
  +            File batikConfigDir = new File(dir, BATIK_CONFIGURATION_SUBDIRECTORY);
  +            File policyFile = new File(batikConfigDir, SQUIGGLE_POLICY_FILE);
  +            
  +            // Copy original policy file into local policy file
  +            Reader r = new BufferedReader(new InputStreamReader(policyURL.openStream()));
  +            Writer w = new FileWriter(policyFile);
  +            
  +            char[] buf = new char[1024];
  +            int n = 0;
  +            while ( (n=r.read(buf, 0, buf.length)) != -1 ) {
  +                w.write(buf, 0, n);
  +            }
  +            
  +            r.close();
  +            
  +            // Now, append additional grants depending on the security
  +            // settings
  +            boolean grantScriptNetworkAccess 
  +                = preferenceManager.getBoolean
  +                (PreferenceDialog.PREFERENCE_KEY_GRANT_SCRIPT_NETWORK_ACCESS);
  +            boolean grantScriptFileAccess
  +                = preferenceManager.getBoolean
  +                (PreferenceDialog.PREFERENCE_KEY_GRANT_SCRIPT_FILE_ACCESS);
  +            
  +            if (grantScriptNetworkAccess) {
  +                w.write(POLICY_GRANT_SCRIPT_NETWORK_ACCESS);
  +            }
  +            
  +            if (grantScriptFileAccess) {
  +                w.write(POLICY_GRANT_SCRIPT_FILE_ACCESS);
  +            }
  +            
  +            w.close();
  +            
  +            // We now use the JAVA_SECURITY_POLICY property, so 
  +            // we allow override on subsequent calls.
  +            overrideSecurityPolicy = true;
  +            
  +            System.setProperty(PROPERTY_JAVA_SECURITY_POLICY,
  +                               policyFile.toURL().toString());
  +            
  +        }
  +    }
  +
  +    /**
        * Runs the application.
        */
       public void run() {
  @@ -490,7 +605,7 @@
           }
       }
   
  -    private void setPreferences() {
  +    private void setPreferences() throws IOException {
           Iterator it = viewerFrames.iterator();
           while (it.hasNext()) {
               setPreferences((JSVGViewerFrame)it.next());
  @@ -501,10 +616,13 @@
           System.setProperty("proxyPort", preferenceManager.getString
                              (PreferenceDialog.PREFERENCE_KEY_PROXY_PORT));
   
  +        installCustomPolicyFile();
  +
           securityEnforcer.enforceSecurity
               (preferenceManager.getBoolean
                (PreferenceDialog.PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING)
                );
  +
       }
   
       private void setPreferences(JSVGViewerFrame vf) {
  
  
  
  1.16      +82 -17    xml-batik/sources/org/apache/batik/apps/svgbrowser/PreferenceDialog.java
  
  Index: PreferenceDialog.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/apps/svgbrowser/PreferenceDialog.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- PreferenceDialog.java	14 Jun 2002 13:12:24 -0000	1.15
  +++ PreferenceDialog.java	17 Jun 2002 08:07:39 -0000	1.16
  @@ -132,6 +132,15 @@
       public static final String LABEL_ENFORCE_SECURE_SCRIPTING
           = "PreferenceDialog.label.enforce.secure.scripting";
   
  +    public static final String LABEL_SECURE_SCRIPTING_TOGGLE
  +        = "PreferenceDialog.label.secure.scripting.toggle";
  +
  +    public static final String LABEL_GRANT_SCRIPT_FILE_ACCESS
  +        = "PreferenceDialog.label.grant.script.file.access";
  +
  +    public static final String LABEL_GRANT_SCRIPT_NETWORK_ACCESS
  +        = "PreferenceDialog.label.grant.script.network.access";
  +
       public static final String LABEL_LOAD_JAVA
           = "PreferenceDialog.label.load.java";
   
  @@ -171,9 +180,15 @@
       public static final String LABEL_CANCEL
           = "PreferenceDialog.label.cancel";
   
  +    public static final String TITLE_BROWSER_OPTIONS
  +        = "PreferenceDialog.title.browser.options";
  +
       public static final String TITLE_BEHAVIOR
           = "PreferenceDialog.title.behavior";
   
  +    public static final String TITLE_SECURITY
  +        = "PreferenceDialog.title.security";
  +
       public static final String TITLE_NETWORK
           = "PreferenceDialog.title.network";
   
  @@ -233,6 +248,12 @@
       public static final String PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING
           = "preference.key.enforce.secure.scripting";
   
  +    public static final String PREFERENCE_KEY_GRANT_SCRIPT_FILE_ACCESS
  +        = "preference.key.grant.script.file.access";
  +
  +    public static final String PREFERENCE_KEY_GRANT_SCRIPT_NETWORK_ACCESS
  +        = "preferenced.key.grant.script.network.access";
  +
       public static final String PREFERENCE_KEY_LOAD_ECMASCRIPT
           = "preference.key.load.ecmascript";
   
  @@ -280,6 +301,10 @@
   
       protected JCheckBox enforceSecureScripting;
   
  +    protected JCheckBox grantScriptFileAccess;
  +
  +    protected JCheckBox grantScriptNetworkAccess;
  +
       protected JCheckBox loadJava;
   
       protected JCheckBox loadEcmascript;
  @@ -350,6 +375,8 @@
   
           isXMLParserValidating.setSelected(model.getBoolean(PREFERENCE_KEY_IS_XML_PARSER_VALIDATING));
           enforceSecureScripting.setSelected(model.getBoolean(PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING));
  +        grantScriptFileAccess.setSelected(model.getBoolean(PREFERENCE_KEY_GRANT_SCRIPT_FILE_ACCESS));
  +        grantScriptNetworkAccess.setSelected(model.getBoolean(PREFERENCE_KEY_GRANT_SCRIPT_NETWORK_ACCESS));
           loadJava.setSelected(model.getBoolean(PREFERENCE_KEY_LOAD_JAVA));
           loadEcmascript.setSelected(model.getBoolean(PREFERENCE_KEY_LOAD_ECMASCRIPT));
   
  @@ -422,6 +449,10 @@
                            isXMLParserValidating.isSelected());
           model.setBoolean(PREFERENCE_KEY_ENFORCE_SECURE_SCRIPTING,
                            enforceSecureScripting.isSelected());
  +        model.setBoolean(PREFERENCE_KEY_GRANT_SCRIPT_FILE_ACCESS,
  +                         grantScriptFileAccess.isSelected());
  +        model.setBoolean(PREFERENCE_KEY_GRANT_SCRIPT_NETWORK_ACCESS,
  +                         grantScriptNetworkAccess.isSelected());
           model.setBoolean(PREFERENCE_KEY_LOAD_JAVA,
                            loadJava.isSelected());
           model.setBoolean(PREFERENCE_KEY_LOAD_ECMASCRIPT,
  @@ -611,7 +642,25 @@
               = new JCheckBox(Resources.getString(LABEL_IS_XML_PARSER_VALIDATING));
   
           enforceSecureScripting
  -            = new JCheckBox(Resources.getString(LABEL_ENFORCE_SECURE_SCRIPTING));
  +            = new JCheckBox(Resources.getString(LABEL_SECURE_SCRIPTING_TOGGLE));
  +
  +        grantScriptFileAccess
  +            = new JCheckBox(Resources.getString(LABEL_GRANT_SCRIPT_FILE_ACCESS));
  +        
  +        grantScriptNetworkAccess
  +            = new JCheckBox(Resources.getString(LABEL_GRANT_SCRIPT_NETWORK_ACCESS));
  +
  +        JGridBagPanel scriptSecurityPanel = new JGridBagPanel();
  +        scriptSecurityPanel.add(enforceSecureScripting,    0, 0, 1, 1, WEST, HORIZONTAL,
1, 0);
  +        scriptSecurityPanel.add(grantScriptFileAccess,    1, 0, 1, 1, WEST, HORIZONTAL,
1, 0);
  +        scriptSecurityPanel.add(grantScriptNetworkAccess, 1, 1, 1, 1, WEST, HORIZONTAL,
1, 0);
  +        
  +        enforceSecureScripting.addActionListener(new ActionListener() {
  +                public void actionPerformed(ActionEvent e) {
  +                    grantScriptFileAccess.setEnabled(enforceSecureScripting.isSelected());
  +                    grantScriptNetworkAccess.setEnabled(enforceSecureScripting.isSelected());
  +                }
  +            });
   
           loadJava
               = new JCheckBox(Resources.getString(LABEL_LOAD_JAVA));
  @@ -619,9 +668,9 @@
           loadEcmascript
               = new JCheckBox(Resources.getString(LABEL_LOAD_ECMASCRIPT));
   
  -        JPanel loadScriptPanel = new JPanel();
  -        loadScriptPanel.add(loadJava);
  -        loadScriptPanel.add(loadEcmascript);
  +        JGridBagPanel loadScriptPanel = new JGridBagPanel();
  +        loadScriptPanel.add(loadJava, 0, 0, 1, 1, WEST, NONE, 1, 0);
  +        loadScriptPanel.add(loadEcmascript, 1, 0, 1, 1, WEST, NONE, 1, 0);
   
           JPanel scriptOriginPanel = new JPanel();
   
  @@ -671,27 +720,43 @@
           resourceOriginGroup.add(rb);
           resourceOriginPanel.add(rb);
   
  +        JTabbedPane browserOptions = new JTabbedPane();
  +        // browserOptions.setBorder(BorderFactory.createEmptyBorder(5,5,5,5));
  +
           p.add(showRendering,    0, 0, 2, 1, WEST, HORIZONTAL, 1, 0);
           p.add(autoAdjustWindow, 0, 1, 2, 1, WEST, HORIZONTAL, 1, 0);
           p.add(enableDoubleBuffering, 0, 2, 2, 1, WEST, HORIZONTAL, 1, 0);
           p.add(showDebugTrace,   0, 3, 2, 1, WEST, HORIZONTAL, 1, 0);
           p.add(selectionXorMode,   0, 4, 2, 1, WEST, HORIZONTAL, 1, 0);
           p.add(isXMLParserValidating,   0, 5, 2, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(enforceSecureScripting, 0, 6, 2, 1, WEST, HORIZONTAL, 1, 0);
  -        p.add(new JLabel(Resources.getString(LABEL_LOAD_SCRIPTS)), 0, 7, 1, 1, WEST, NONE,
0, 0);
  -        p.add(loadScriptPanel, 1, 7, 1, 1, WEST, NONE, 1, 0);
  -        p.add(new JLabel(Resources.getString(LABEL_SCRIPT_ORIGIN)), 0, 8, 1, 1, WEST, NONE,
0, 0);
  -        p.add(scriptOriginPanel, 1, 8, 1, 1, WEST, NONE, 1, 0);
  +        p.add(new JLabel(), 0, 11, 2, 1, WEST, BOTH, 1, 1); 
  +
  +        browserOptions.addTab(Resources.getString(TITLE_BEHAVIOR), p);
  +        p.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
  +
  +        p = new JGridBagPanel();
  +        p.add(new JLabel(Resources.getString(LABEL_ENFORCE_SECURE_SCRIPTING)), 0, 6, 1,
1, NORTHWEST, NONE, 0, 0);
  +        p.add(scriptSecurityPanel, 1, 6, 1, 1, WEST, NONE, 0, 0);
  +        p.add(new JLabel(Resources.getString(LABEL_LOAD_SCRIPTS)), 0, 8, 1, 1, WEST, NONE,
0, 0);
  +        p.add(loadScriptPanel, 1, 8, 1, 1, WEST, NONE, 1, 0);
  +        p.add(new JLabel(Resources.getString(LABEL_SCRIPT_ORIGIN)), 0, 9, 1, 1, WEST, NONE,
0, 0);
  +        p.add(scriptOriginPanel, 1, 9, 1, 1, WEST, NONE, 1, 0);
           p.add(new JLabel(Resources.getString(LABEL_RESOURCE_ORIGIN)), 0, 10, 1, 1, WEST,
NONE, 0, 0);
  -        p.add(resourceOriginPanel, 1, 10, 1, 1, WEST, NONE, 1, 0);
  +        p.add(resourceOriginPanel, 1, 10, 1, 1, WEST, NONE, 1, 0); 
  +        p.add(new JLabel(), 0, 11, 2, 1, WEST, BOTH, 1, 1); 
   
  -        p.setBorder(BorderFactory.createCompoundBorder
  -                    (BorderFactory.createTitledBorder
  -                     (BorderFactory.createEtchedBorder(),
  -                     Resources.getString(TITLE_BEHAVIOR)),
  -                     BorderFactory.createEmptyBorder(10, 10, 10, 10)));
  +        browserOptions.addTab(Resources.getString(TITLE_SECURITY), p);
  +        p.setBorder(BorderFactory.createEmptyBorder(10, 10, 10, 10));
   
  -        return p;
  +        JGridBagPanel borderedPanel = new JGridBagPanel();
  +        borderedPanel.add(browserOptions, 0, 0, 1, 1, WEST, BOTH, 1, 1);
  +        borderedPanel.setBorder(BorderFactory.createCompoundBorder
  +                                (BorderFactory.createTitledBorder
  +                                 (BorderFactory.createEtchedBorder(),
  +                                  Resources.getString(TITLE_BROWSER_OPTIONS)),
  +                                 BorderFactory.createEmptyBorder(10, 10, 10, 10)));
  +        
  +        return borderedPanel;
       }
   
       protected Component buildNetwork(){
  
  
  
  1.8       +25 -12    xml-batik/sources/org/apache/batik/util/ApplicationSecurityEnforcer.java
  
  Index: ApplicationSecurityEnforcer.java
  ===================================================================
  RCS file: /home/cvs/xml-batik/sources/org/apache/batik/util/ApplicationSecurityEnforcer.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- ApplicationSecurityEnforcer.java	29 May 2002 14:20:43 -0000	1.7
  +++ ApplicationSecurityEnforcer.java	17 Jun 2002 08:07:39 -0000	1.8
  @@ -146,10 +146,12 @@
           }
           
           if (enforce) {
  -            // We want to install a SecurityManager.
  -            if (sm == null) {
  -                installSecurityManager();
  -            }
  +            // We first set the security manager to null to
  +            // force reloading of the policy file in case there
  +            // has been a change since it was last enforced (this
  +            // may happen with dynamically generated policy files).
  +            System.setSecurityManager(null);
  +            installSecurityManager();
           } else {
               if (sm != null) {
                   System.setSecurityManager(null);
  @@ -159,6 +161,23 @@
       }
   
       /**
  +     * Returns the url for the default policy. This never 
  +     * returns null, but it may throw a NullPointerException
  +     */
  +    public URL getPolicyURL() {
  +        ClassLoader cl = appMainClass.getClassLoader();
  +        URL policyURL = cl.getResource(securityPolicy);
  +        
  +        if (policyURL == null) {
  +            throw new NullPointerException
  +                (Messages.formatMessage(EXCEPTION_NO_POLICY_FILE,
  +                                        new Object[]{securityPolicy}));
  +        }
  +
  +        return policyURL;
  +    }
  +
  +    /**
        * Installs a SecurityManager on behalf of the application
        */
       public void installSecurityManager(){
  @@ -177,13 +196,7 @@
           if (securityPolicyProperty == null || securityPolicyProperty.equals("")) {
               // Specify app's security policy in the
               // system property. 
  -            URL policyURL = cl.getResource(securityPolicy);
  -            
  -            if (policyURL == null) {
  -                throw new NullPointerException
  -                    (Messages.formatMessage(EXCEPTION_NO_POLICY_FILE,
  -                                        new Object[]{securityPolicy}));
  -            }
  +            URL policyURL = getPolicyURL();
               
               System.setProperty(PROPERTY_JAVA_SECURITY_POLICY,
                                  policyURL.toString());
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: batik-dev-help@xml.apache.org


Mime
View raw message