5 files changed, 43 insertions, 6 deletions

diff --git a/netx/net/sourceforge/jnlp/SecurityDesc.java b/netx/net/sourceforge/jnlp/SecurityDesc.java
index 7613017..ee5ea5f 100644
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java
@@ -58,6 +58,8 @@ public class SecurityDesc {
     /** the JNLP file */
     private JNLPFile file;
 
+    private final Policy customTrustedPolicy;
+
     // We go by the rules here:
     // http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/properties.html
 
@@ -151,6 +153,33 @@ public class SecurityDesc {
 
         String key = DeploymentConfiguration.KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING;
         grantAwtPermissions = Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(key));
+
+        customTrustedPolicy = getCustomTrustedPolicy();
+    }
+
+    /**
+     * Returns a Policy object that represents a custom policy to use instead
+     * of granting {@link AllPermission} to a {@link CodeSource}
+     *
+     * @return a {@link Policy} object to delegate to. May be null, which
+     * indicates that no policy exists and AllPermissions should be granted
+     * instead.
+     */
+    private Policy getCustomTrustedPolicy() {
+        String key = DeploymentConfiguration.KEY_SECURITY_TRUSTED_POLICY;
+        String policyLocation = JNLPRuntime.getConfiguration().getProperty(key);
+
+        Policy policy = null;
+        if (policyLocation != null) {
+            try {
+                URI policyUri = new URI("file://" + policyLocation);
+                policy = Policy.getInstance("JavaPolicy", new URIParameter(policyUri));
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+        // return the appropriate policy, or null
+        return policy;
     }
 
     /**
@@ -164,15 +193,21 @@ public class SecurityDesc {
     /**
      * Returns a PermissionCollection containing the basic
      * permissions granted depending on the security type.
+     *
+     * @param cs the CodeSource to get permissions for
      */
-    public PermissionCollection getPermissions() {
+    public PermissionCollection getPermissions(CodeSource cs) {
         PermissionCollection permissions = getSandBoxPermissions();
 
         // discard sandbox, give all
         if (type == ALL_PERMISSIONS) {
             permissions = new Permissions();
-            permissions.add(new AllPermission());
-            return permissions;
+            if (customTrustedPolicy == null) {
+                permissions.add(new AllPermission());
+                return permissions;
+            } else {
+                return customTrustedPolicy.getPermissions(cs);
+            }
         }
 
         // add j2ee to sandbox if needed
diff --git a/netx/net/sourceforge/jnlp/config/Defaults.java b/netx/net/sourceforge/jnlp/config/Defaults.java
index 8ab8347..48bec09 100644
--- a/netx/net/sourceforge/jnlp/config/Defaults.java
+++ b/netx/net/sourceforge/jnlp/config/Defaults.java
@@ -209,7 +209,7 @@ public class Defaults {
                         String.valueOf(true)
                 },
                 {
-                        "deployment.security.trusted.policy",
+                        DeploymentConfiguration.KEY_SECURITY_TRUSTED_POLICY,
                         BasicValueValidators.getFilePathValidator(),
                         null
                 },
diff --git a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
index a07df1f..ded5923 100644
--- a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
+++ b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
@@ -104,6 +104,8 @@ public final class DeploymentConfiguration {
     /** Boolean. Only show security prompts to user if true */
     public static final String KEY_SECURITY_PROMPT_USER = "deployment.security.askgrantdialog.show";
 
+    public static final String KEY_SECURITY_TRUSTED_POLICY = "deployment.security.trusted.policy";
+
     /** Boolean. Only give AWTPermission("showWindowWithoutWarningBanner") if true */
     public static final String KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING = "deployment.security.sandbox.awtwarningwindow";
 
diff --git a/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java b/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
index de7bfb4..19dede5 100644
--- a/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
+++ b/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
@@ -225,7 +225,7 @@ public class ApplicationInstance {
         JNLPClassLoader loader = (JNLPClassLoader) this.loader;
         SecurityDesc s = loader.getSecurity();
 
-        ProtectionDomain pd = new ProtectionDomain(cs, s.getPermissions(), null, null);
+        ProtectionDomain pd = new ProtectionDomain(cs, s.getPermissions(cs), null, null);
 
         // Add to hashmap
         AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { pd });
diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
index 486ddff..ebea041 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
@@ -578,7 +578,7 @@ public class JNLPClassLoader extends URLClassLoader {
                     (getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) ||
                      getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS))) {
 
-                permissions = getCodeSourceSecurity(cs.getLocation()).getPermissions();
+                permissions = getCodeSourceSecurity(cs.getLocation()).getPermissions(cs);
             }
 
             Enumeration<Permission> e = permissions.elements();