Logo Search packages:      
Sourcecode: icedtea-web version File versions  Download package

void net::sourceforge::jnlp::runtime::JNLPSecurityManager::checkPermission ( Permission  perm  )  [inline]

Throws a SecurityException if the permission is denied, otherwise return normally. This method always denies permission to change the security manager or policy.

Definition at line 236 of file JNLPSecurityManager.java.

References addPermission(), askPermission(), getApplication(), net::sourceforge::jnlp::JNLPFile::getSourceLocation(), and inTrustedCallChain().

                                                 {
        String name = perm.getName();

        // Enable this manually -- it'll produce too much output for -verbose
        // otherwise.
        //      if (true)
        //        System.out.println("Checking permission: " + perm.toString());

        if (!JNLPRuntime.isWebstartApplication() &&
              ("setPolicy".equals(name) || "setSecurityManager".equals(name)))
            throw new SecurityException(R("RCantReplaceSM"));

        try {
            // deny all permissions to stopped applications
                // The call to getApplication() below might not work if an
                // application hasn't been fully initialized yet.
//            if (JNLPRuntime.isDebug()) {
//                if (!"getClassLoader".equals(name)) {
//                    ApplicationInstance app = getApplication();
//                    if (app != null && !app.isRunning())
//                        throw new SecurityException(R("RDenyStopped"));
//                }
//            }

                        try {
                                super.checkPermission(perm);
                        } catch (SecurityException se) {

                                //This section is a special case for dealing with SocketPermissions.
                                if (JNLPRuntime.isDebug())
                                        System.err.println("Requesting permission: " + perm.toString());

                                //Change this SocketPermission's action to connect and accept
                                //(and resolve). This is to avoid asking for connect permission
                                //on every address resolve.
                                Permission tmpPerm = null;
                                if (perm instanceof SocketPermission) {
                                        tmpPerm = new SocketPermission(perm.getName(),
                                                        SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);

                                        // before proceeding, check if we are trying to connect to same origin
                                        ApplicationInstance app = getApplication();
                                        JNLPFile file = app.getJNLPFile();

                                        String srcHost =  file.getSourceLocation().getAuthority();
                                        String destHost = name;

                                        // host = abc.xyz.com or abc.xyz.com:<port>
                                        if (destHost.indexOf(':') >= 0)
                                                destHost = destHost.substring(0, destHost.indexOf(':'));

                                        // host = abc.xyz.com
                                        String[] hostComponents = destHost.split("\\.");

                                        int length = hostComponents.length;
                                        if (length >= 2) {

                                                // address is in xxx.xxx.xxx format
                                                destHost = hostComponents[length -2] + "." + hostComponents[length -1];

                                                // host = xyz.com i.e. origin
                                                boolean isDestHostName = false;

                                                // make sure that it is not an ip address
                                                try {
                                                        Integer.parseInt(hostComponents[length -1]);
                                                } catch (NumberFormatException e) {
                                                        isDestHostName = true;
                                                }

                                                if (isDestHostName) {
                                                        // okay, destination is hostname. Now figure out if it is a subset of origin
                                                        if (srcHost.endsWith(destHost)) {
                                                                addPermission(tmpPerm);
                                                                return;
                                                        }
                                                }
                                        }

                                } else if (perm instanceof SecurityPermission) {

                                    // JCE's initialization requires putProviderProperty permission
                                    if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
                                        if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
                                            return;
                                        }
                                    }

                                } else if (perm instanceof RuntimePermission) {

                                    // KeyGenerator's init method requires internal spec access
                                    if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
                                        if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
                                            return;
                                        }
                                    }

                                } else {
                                    tmpPerm = perm;
                                }

                                if (tmpPerm != null) {
                                    //askPermission will only prompt the user on SocketPermission
                                    //meaning we're denying all other SecurityExceptions that may arise.
                                    if (askPermission(tmpPerm)) {
                                        addPermission(tmpPerm);
                                        //return quietly.
                                    } else {
                                        throw se;
                                    }
                                }
                        }
        }
        catch (SecurityException ex) {
            if (JNLPRuntime.isDebug()) {
                System.out.println("Denying permission: "+perm);
            }
            throw ex;
        }
    }


Generated by  Doxygen 1.6.0   Back to index