From c4bef6cad39892b850022c8f85c1edd97b0c7b40 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Fri, 17 Jan 2014 13:43:09 -0500 Subject: Added PolicyPanel to itweb-settings for custom policies Added itweb-settings panel to explain custom policy files and allow launching a policy editor for user's policy file. * netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java: (createMainSettingsPanel, createPolicySettingsPanel) added PolicyPanel * netx/net/sourceforge/jnlp/resources/Messages.properties: new messages for PolicyPanel * netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java: new panel to allow launching of external policy editor * tests/reproducers/simple/CustomPolicies/resources/CustomPolicies.html: new test to ensure custom user policy files work correctly * tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplet.jnlp * tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplication.jnlp * tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesJnlpHref.html * tests/reproducers/simple/CustomPolicies/srcs/CustomPolicies.java * tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java --- .../jnlp/controlpanel/ControlPanel.java | 7 +- .../sourceforge/jnlp/controlpanel/PolicyPanel.java | 239 +++++++++++++++++++++ .../sourceforge/jnlp/resources/Messages.properties | 10 + 3 files changed, 255 insertions(+), 1 deletion(-) create mode 100644 netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java (limited to 'netx/net/sourceforge') diff --git a/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java b/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java index 3caa4a2..bccf24b 100644 --- a/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java +++ b/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java @@ -264,7 +264,8 @@ public class ControlPanel extends JFrame { // new SettingsPanel(Translator.R("CPTabRuntimes"), createRuntimesSettingsPanel()), new SettingsPanel(Translator.R("CPTabSecurity"), createSecuritySettingsPanel()), //todo refactor to work with tmp file and apply as asu designed it - new SettingsPanel(Translator.R("APPEXTSECControlPanelExtendedAppletSecurityTitle"), new UnsignedAppletsTrustingListPanel(DeploymentConfiguration.getAppletTrustGlobalSettingsPath(),DeploymentConfiguration.getAppletTrustUserSettingsPath(), this.config) ) + new SettingsPanel(Translator.R("CPTabPolicy"), createPolicySettingsPanel()), + new SettingsPanel(Translator.R("APPEXTSECControlPanelExtendedAppletSecurityTitle"), new UnsignedAppletsTrustingListPanel(DeploymentConfiguration.getAppletTrustGlobalSettingsPath(), DeploymentConfiguration.getAppletTrustUserSettingsPath(), this.config)) }; // Add panels. @@ -357,6 +358,10 @@ public class ControlPanel extends JFrame { return new SecuritySettingsPanel(this.config); } + private JPanel createPolicySettingsPanel() { + return new PolicyPanel(this, this.config); + } + private JPanel createJVMSettingsPanel() { return new JVMPanel(this.config); } diff --git a/netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java b/netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java new file mode 100644 index 0000000..c75611d --- /dev/null +++ b/netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java @@ -0,0 +1,239 @@ +package net.sourceforge.jnlp.controlpanel; + +import static net.sourceforge.jnlp.runtime.Translator.R; + +import java.awt.Component; +import java.awt.Dimension; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.io.File; +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import javax.swing.Box; +import javax.swing.JButton; +import javax.swing.JFrame; +import javax.swing.JLabel; +import javax.swing.JOptionPane; +import javax.swing.JTextField; +import javax.swing.SwingUtilities; + +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.config.DirectoryValidator; +import net.sourceforge.jnlp.config.DirectoryValidator.DirectoryCheckResults; +import net.sourceforge.jnlp.util.FileUtils; +import net.sourceforge.jnlp.util.logging.OutputController; +import sun.security.tools.policytool.PolicyTool; + +public class PolicyPanel extends NamedBorderPanel { + + private enum OpenFileResult { + SUCCESS, FAILURE, CANT_CREATE, CANT_WRITE, NOT_FILE + } + + public PolicyPanel(final JFrame frame, final DeploymentConfiguration config) { + super(R("CPHeadPolicy"), new GridBagLayout()); + addComponents(frame, config); + } + + private void addComponents(final JFrame frame, final DeploymentConfiguration config) { + JLabel aboutLabel = new JLabel("" + R("CPPolicyDetail") + ""); + + final String fileUrlString = config.getProperty(DeploymentConfiguration.KEY_USER_SECURITY_POLICY); + JButton showUserPolicyButton = new JButton(R("CPButPolicy")); + showUserPolicyButton.addActionListener(new ViewPolicyButtonAction(frame, fileUrlString)); + + String pathPart = localFilePathFromUrlString(fileUrlString); + showUserPolicyButton.setToolTipText(R("CPPolicyTooltip", FileUtils.displayablePath(pathPart, 60))); + + JTextField locationField = new JTextField(pathPart); + locationField.setEditable(false); + + GridBagConstraints c = new GridBagConstraints(); + c.fill = GridBagConstraints.BOTH; + c.gridx = 1; + c.gridy = 0; + c.weightx = 1; + add(aboutLabel, c); + + c.weighty = 0; + c.weightx = 0; + c.gridy++; + add(locationField, c); + + c.fill = GridBagConstraints.NONE; + c.gridx++; + add(showUserPolicyButton, c); + + /* Keep all the elements at the top of the panel (Extra padding) */ + c.fill = GridBagConstraints.BOTH; + Component filler1 = Box.createRigidArea(new Dimension(240, 1)); + Component filler2 = Box.createRigidArea(new Dimension(1, 1)); + c.gridx++; + add(filler1, c); + c.gridx--; + c.weighty = 1; + c.gridy++; + add(filler2, c); + } + + /** + * Launch the policytool for a specified file path + * @param filePath the policy file path to be opened with policytool + */ + private static void launchPolicyTool(final JFrame frame, final String filePath) { + try { + final File policyFile = new File(filePath).getCanonicalFile(); + OpenFileResult result = canOpenPolicyFile(policyFile); + if (result == OpenFileResult.SUCCESS) { + PolicyTool.main(new String[] { "-file", policyFile.getPath() }); + } else if (result == OpenFileResult.CANT_WRITE) { + showReadOnlyDialog(frame); + PolicyTool.main(new String[] { "-file", policyFile.getPath() }); + } else { + showCouldNotOpenFileDialog(frame, policyFile.getPath(), result); + } + } catch (IOException e) { + OutputController.getLogger().log(e); + showCouldNotOpenFileDialog(frame, filePath); + } + } + + /** + * Verify that a given file object points to a real, accessible plain file. + * As a side effect, if the file is accessible but does not yet exist, it will be created + * as an empty plain file. + * @param policyFile the file to verify + * @throws IOException if the file is not accessible + */ + private static OpenFileResult canOpenPolicyFile(final File policyFile) { + DirectoryCheckResults dcr = testPolicyFileDirectory(policyFile); + if (dcr.getFailures() == 0) { + if (policyFile.isDirectory()) + return OpenFileResult.NOT_FILE; + try { + if (!policyFile.exists() && !policyFile.createNewFile()) { + return OpenFileResult.CANT_CREATE; + } + } catch (IOException e) { + return OpenFileResult.CANT_CREATE; + } + boolean read = policyFile.canRead(), write = policyFile.canWrite(); + if (read && write) + return OpenFileResult.SUCCESS; + else if (read) + return OpenFileResult.CANT_WRITE; + else + return OpenFileResult.FAILURE; + } + return OpenFileResult.FAILURE; + } + + /** + * Ensure that the parent directory of the Policy File exists and that we are + * able to create and access files within this directory + * @param policyFile the location of the policy file + * @return an object representing the results of the test + */ + private static DirectoryCheckResults testPolicyFileDirectory(final File policyFile) { + List policyDirectory = new ArrayList(); + policyDirectory.add(policyFile.getParentFile()); + DirectoryValidator validator = new DirectoryValidator(policyDirectory); + DirectoryCheckResults result = validator.ensureDirs(); + + return result; + } + + private static void showCouldNotOpenFileDialog(final JFrame frame, final String filePath) { + showCouldNotOpenFileDialog(frame, filePath, OpenFileResult.FAILURE); + } + + private static void showCouldNotOpenFileDialog(final JFrame frame, final String filePath, final OpenFileResult reason) { + String message; + switch (reason) { + case CANT_CREATE: + message = R("RCantCreateFile", filePath); + break; + case CANT_WRITE: + message = R("RCantWriteFile", filePath); + break; + case NOT_FILE: + message = R("RExpectedFile", filePath); + break; + default: + message = R("RCantOpenFile", filePath); + break; + } + showCouldNotOpenFileDialog(frame, filePath, message); + } + + /** + * Show a dialog informing the user that the policy file could not be opened + * @param frame the parent frame for this dialog + * @param filePath the path to the file we tried to open + * @param message the specific reason the file could not be opened + */ + private static void showCouldNotOpenFileDialog(final JFrame frame, final String filePath, final String message) { + OutputController.getLogger().log(OutputController.Level.ERROR_ALL, "Could not open user JNLP policy"); + JOptionPane.showMessageDialog(frame, message, R("Error"), JOptionPane.ERROR_MESSAGE); + } + + /** + * Show a dialog informing the user that the policy file is currently read-only + * @param frame the parent frame for this dialog + */ + private static void showReadOnlyDialog(final JFrame frame) { + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "Opening user JNLP policy read-only"); + JOptionPane.showMessageDialog(frame, R("RFileReadOnly"), R("Warning"), JOptionPane.WARNING_MESSAGE); + } + + /** + * Loosely attempt to get the path part of a file URL string. If this fails, + * simply return back the input. This is only intended to be used for displaying + * GUI elements such as the CPPolicyTooltip. + * @param url the String representing the URL whose path is desired + * @return a String representing the local filepath of the given file:/ URL + */ + private static String localFilePathFromUrlString(String url) { + try { + URL u = new URL(url); + return u.getPath(); + } catch (MalformedURLException e) { + return url; + } + } + + /* + * Implements the action to be performed when the "View Policy" button is clicked + */ + private class ViewPolicyButtonAction implements ActionListener { + private final JFrame frame; + private final String fileUrlString; + + public ViewPolicyButtonAction(final JFrame frame, final String fileUrlString) { + this.fileUrlString = fileUrlString; + this.frame = frame; + } + + @Override + public void actionPerformed(ActionEvent event) { + try { + final URL fileUrl = new URL(fileUrlString); + SwingUtilities.invokeLater(new Runnable() { + @Override + public void run() { + launchPolicyTool(frame, fileUrl.getPath()); + } + }); + } catch (MalformedURLException ex) { + OutputController.getLogger().log(ex); + showCouldNotOpenFileDialog(frame, fileUrlString); + } + } + } +} diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties index be28762..bff5e34 100644 --- a/netx/net/sourceforge/jnlp/resources/Messages.properties +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties @@ -21,6 +21,7 @@ AFileOnTheMachine=a file on the machine AlwaysAllowAction=Always allow this action Usage=Usage: Error=Error +Warning=Warning Continue=Do you want to continue? Field=Field @@ -159,6 +160,10 @@ RExitTaken=Exit class already set and caller is not exit class. RCantReplaceSM=Changing the SecurityManager is not allowed. RCantCreateFile=Cant create file {0} RCantDeleteFile=Cant delete file {0} +RCantOpenFile=Could not open file {0} +RCantWriteFile=Could not write to file {0} +RFileReadOnly=Opening file in read-only mode +RExpectedFile=Expected {0} to be a file but it was not RRemoveRPermFailed=Removing read permission on file {0} failed RRemoveWPermFailed=Removing write permissions on file {0} failed RRemoveXPermFailed=Removing execute permissions on file {0} failed @@ -353,6 +358,8 @@ CPJVMNotokMessage1=You have entered invalid JDK value ({0}) with followin CPJVMNotokMessage2=You might be seeing this message because:
* Some validity tests have not been passed
* Non-OpenJDK is detected
With invalid JDK IcedTea-Web will probably not be able to start.
You will have to modify or remove {0} property in your configuration file {1}.
You should try to search for OpenJDK in your system or be sure you know what you are doing. CPJVMconfirmInvalidJdkTitle=Confirm invalid JDK CPJVMconfirmReset=Reset to default? +CPPolicyDetail=View or edit your user-level Java Policy File. This allows you to grant or deny runtime permissions to applets regardless of the standard security sandboxing rules. +CPPolicyTooltip=Open {0} in policy editor # Control Panel - Buttons CPButAbout=About... @@ -360,6 +367,7 @@ CPButNetworkSettings=Network Settings... CPButSettings=Settings... CPButView=View... CPButCertificates=Certificates... +CPButPolicy=View/Edit with Policy Tool # Control Panel - Headers CPHead=IcedTea-Web Control Panel @@ -372,6 +380,7 @@ CPHeadDebugging=\u00a0Debugging\u00a0Settings\u00a0 CPHeadDesktopIntegration=\u00a0Desktop\u00a0Integrations\u00a0 CPHeadSecurity=\u00a0Security\u00a0Settings\u00a0 CPHeadJVMSettings=\u00a0JVM\u00a0Settings\u00a0 +CPHeadPolicy=\u00a0Custom\u00a0Policy\u00a0Settings\u00a0 # Control Panel - Tabs CPTabAbout=About IcedTea-Web @@ -384,6 +393,7 @@ CPTabNetwork=Network CPTabRuntimes=Runtimes CPTabSecurity=Security CPTabJVMSettings=JVM Settings +CPTabPolicy=Policy Settings # Control Panel - AboutPanel CPAboutInfo=This is the control panel for setting deployments.properties.
Not all options will take effect until implemented.
The use of multiple JREs is currently limited to OpenJDK.
-- cgit v1.2.3