From 9442ab7eeeea16d996cb164b7b61d9c60336397b Mon Sep 17 00:00:00 2001
From: Jesse McConnell <jesse.mcconnell@gmail.com>
Date: Fri, 22 May 2009 21:20:14 +0000
Subject: [PATCH] [BUG 277551] initial integration for the OPTIONS=policy
 mechanism, the wiring is here, need to find or write a policy file parser
 though, nothing seems appropraite license wise I have seen so far

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@263 7e9141cc-0065-0410-87d8-b60c137991c4
---
 .../org/eclipse/jetty/start/CustomPolicy.java | 72 +++++++++++++++++++
 .../java/org/eclipse/jetty/start/Main.java    | 36 +++++++---
 .../org/eclipse/jetty/start/start.config      |  4 +-
 3 files changed, 103 insertions(+), 9 deletions(-)
 create mode 100644 jetty-start/src/main/java/org/eclipse/jetty/start/CustomPolicy.java

diff --git a/jetty-start/src/main/java/org/eclipse/jetty/start/CustomPolicy.java b/jetty-start/src/main/java/org/eclipse/jetty/start/CustomPolicy.java
new file mode 100644
index 00000000000..370290c6d9f
--- /dev/null
+++ b/jetty-start/src/main/java/org/eclipse/jetty/start/CustomPolicy.java
@@ -0,0 +1,72 @@
+package org.eclipse.jetty.start;
+//========================================================================
+//Copyright (c) 2003-2009 Mort Bay Consulting Pty. Ltd.
+//------------------------------------------------------------------------
+//All rights reserved. This program and the accompanying materials
+//are made available under the terms of the Eclipse Public License v1.0
+//and Apache License v2.0 which accompanies this distribution.
+//The Eclipse Public License is available at 
+//http://www.eclipse.org/legal/epl-v10.html
+//The Apache License v2.0 is available at
+//http://www.opensource.org/licenses/apache2.0.php
+//You may elect to redistribute this code under either of these licenses. 
+//========================================================================
+
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.util.Set;
+
+/**
+ * CustomPolicy is initialized with a set file policy files which it parses for 
+ * policy information the same as any other PolicyFile implementation and proxies
+ * the system policy implementation if the local ones do not match
+ * 
+ * TODO wire in a mechanism to parse the policy files, can't believe there is no
+ * general way to do this..boggle, as it stands right now this will fail to load
+ * when using custom security policies as simply enabling the SecurityManager
+ * like we are kills normal jetty startup because it accesses a host of properties
+ * that need to be enabled in the jetty.policy file.
+ * 
+ * Thinking we should pull a default policy file from the start.jar next to the
+ * start.config file and also allow for a default one to be specified in 
+ * resources/jetty.policy of the distribution.
+ */
+public class CustomPolicy extends Policy 
+{
+	private static final Policy _originalPolicy = Policy.getPolicy();
+	
+	private Set<String> _policies;
+		
+	public CustomPolicy( Set<String> policies )
+	{
+		_policies = policies;
+	}
+	
+	public PermissionCollection getPermissions(ProtectionDomain domain) 
+	{
+		System.out.println ("CustomPolicy:getPermissions:" + domain );
+		return _originalPolicy.getPermissions(domain);
+	}
+
+	public boolean implies(ProtectionDomain domain, Permission permission) 
+	{
+		
+		System.out.println ("CustomPolicy:implies:" );
+		return _originalPolicy.implies(domain, permission);
+	}
+
+	public PermissionCollection getPermissions(CodeSource codesource) 
+	{
+		System.out.println ("CustomPolicy:" + codesource );
+		return _originalPolicy.getPermissions(codesource);
+	}
+
+	public void refresh() 
+	{
+		_originalPolicy.refresh();
+	}	
+	
+}
diff --git a/jetty-start/src/main/java/org/eclipse/jetty/start/Main.java b/jetty-start/src/main/java/org/eclipse/jetty/start/Main.java
index aef30922625..c86652df778 100644
--- a/jetty-start/src/main/java/org/eclipse/jetty/start/Main.java
+++ b/jetty-start/src/main/java/org/eclipse/jetty/start/Main.java
@@ -31,6 +31,7 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Hashtable;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -115,8 +116,9 @@ public class Main
     
     private boolean _showVersions=false;
     private List<String> _xml=new ArrayList<String>();
+    private Set<String> _activeOptions = new HashSet<String>();
     private Set<String> _options = new HashSet<String>();
-    
+    private Set<String> _policies = new HashSet<String>();     
     
     /*
     private String _config=System.getProperty("START","org/eclipse/jetty/start/start.config");
@@ -359,10 +361,9 @@ public class Main
         }
 
         List<String> section=null;
-        List<String> options=null;
         String o=getProperty("OPTIONS","default");
-        options=Arrays.asList((o.toString()+",*").split("[ ,]")); 
-        List<String> unsatisfied_options = new ArrayList<String>(options);
+        _activeOptions.addAll(Arrays.asList((o.toString()+",*").split("[ ,]")));
+        List<String> unsatisfied_options = new ArrayList<String>( _activeOptions );
         
         // Handle line by line
         String line=null;
@@ -382,7 +383,7 @@ public class Main
                 _options.addAll(section);
             }
             
-            if (section!=null && Collections.disjoint(section,options))
+            if (section!=null && Collections.disjoint(section,_activeOptions))
                 continue;
             if (section!=null)
                 unsatisfied_options.removeAll(section);
@@ -566,6 +567,17 @@ public class Main
                         _classpath.addClasspath(cn);
                     }                  
                 }
+                else if (subject.toLowerCase().endsWith(".policy"))
+                {
+                    //policy file to parse
+                    String cn=expand(subject.substring(0,subject.length()-5));
+                    if (cn!=null&&cn.length()>0)
+                    {
+                        if (DEBUG)
+                            System.err.println("  POLICY="+cn);
+                        _policies.add(cn);
+                    }                  
+                }
                 else
                 {
                     // single JAR file
@@ -669,9 +681,17 @@ public class Main
         // re-eval the policy now that env is set
         try
         {
-            Policy policy=Policy.getPolicy();
-            if (policy!=null)
-                policy.refresh();
+        	if ( _activeOptions.contains("policy") )
+        	{
+        		Policy.setPolicy( new CustomPolicy( _policies ) );
+        		System.setSecurityManager( new SecurityManager() );
+        	}
+        	else
+        	{
+        		Policy policy=Policy.getPolicy();
+        		if (policy!=null)
+        			policy.refresh();
+        	}
         }
         catch (Exception e)
         {
diff --git a/jetty-start/src/main/resources/org/eclipse/jetty/start/start.config b/jetty-start/src/main/resources/org/eclipse/jetty/start/start.config
index 45e149f40bd..a7abb3cfa16 100644
--- a/jetty-start/src/main/resources/org/eclipse/jetty/start/start.config
+++ b/jetty-start/src/main/resources/org/eclipse/jetty/start/start.config
@@ -142,7 +142,9 @@ $(jetty.home)/lib/jetty-annotations/**
 $(jetty.home)/lib/jetty-http-$(version).jar                                             ! available org.eclipse.jetty.http.HttpParser
 $(jetty.home)/lib/jetty-client-$(version).jar                                           ! available org.eclipse.jetty.client.HttpClient
        
-
+[All,policy]
+$(jetty.home)/resources/jetty.policy													always 
+# file://start.jar!org.eclipse.jetty.start.policy type reference to get core policy from inside start.jar?