[BUG 277551] initial integration for the OPTIONS=policy mechanism, the wiring is here, need to find or write a policy file parser though, nothing seems appropraite license wise I have seen so far
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@263 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
0b8640696d
commit
9442ab7eee
|
@ -0,0 +1,72 @@
|
|||
package org.eclipse.jetty.start;
|
||||
//========================================================================
|
||||
//Copyright (c) 2003-2009 Mort Bay Consulting Pty. Ltd.
|
||||
//------------------------------------------------------------------------
|
||||
//All rights reserved. This program and the accompanying materials
|
||||
//are made available under the terms of the Eclipse Public License v1.0
|
||||
//and Apache License v2.0 which accompanies this distribution.
|
||||
//The Eclipse Public License is available at
|
||||
//http://www.eclipse.org/legal/epl-v10.html
|
||||
//The Apache License v2.0 is available at
|
||||
//http://www.opensource.org/licenses/apache2.0.php
|
||||
//You may elect to redistribute this code under either of these licenses.
|
||||
//========================================================================
|
||||
|
||||
import java.security.CodeSource;
|
||||
import java.security.Permission;
|
||||
import java.security.PermissionCollection;
|
||||
import java.security.Policy;
|
||||
import java.security.ProtectionDomain;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* CustomPolicy is initialized with a set file policy files which it parses for
|
||||
* policy information the same as any other PolicyFile implementation and proxies
|
||||
* the system policy implementation if the local ones do not match
|
||||
*
|
||||
* TODO wire in a mechanism to parse the policy files, can't believe there is no
|
||||
* general way to do this..boggle, as it stands right now this will fail to load
|
||||
* when using custom security policies as simply enabling the SecurityManager
|
||||
* like we are kills normal jetty startup because it accesses a host of properties
|
||||
* that need to be enabled in the jetty.policy file.
|
||||
*
|
||||
* Thinking we should pull a default policy file from the start.jar next to the
|
||||
* start.config file and also allow for a default one to be specified in
|
||||
* resources/jetty.policy of the distribution.
|
||||
*/
|
||||
public class CustomPolicy extends Policy
|
||||
{
|
||||
private static final Policy _originalPolicy = Policy.getPolicy();
|
||||
|
||||
private Set<String> _policies;
|
||||
|
||||
public CustomPolicy( Set<String> policies )
|
||||
{
|
||||
_policies = policies;
|
||||
}
|
||||
|
||||
public PermissionCollection getPermissions(ProtectionDomain domain)
|
||||
{
|
||||
System.out.println ("CustomPolicy:getPermissions:" + domain );
|
||||
return _originalPolicy.getPermissions(domain);
|
||||
}
|
||||
|
||||
public boolean implies(ProtectionDomain domain, Permission permission)
|
||||
{
|
||||
|
||||
System.out.println ("CustomPolicy:implies:" );
|
||||
return _originalPolicy.implies(domain, permission);
|
||||
}
|
||||
|
||||
public PermissionCollection getPermissions(CodeSource codesource)
|
||||
{
|
||||
System.out.println ("CustomPolicy:" + codesource );
|
||||
return _originalPolicy.getPermissions(codesource);
|
||||
}
|
||||
|
||||
public void refresh()
|
||||
{
|
||||
_originalPolicy.refresh();
|
||||
}
|
||||
|
||||
}
|
|
@ -31,6 +31,7 @@ import java.util.Collections;
|
|||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Hashtable;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
@ -115,8 +116,9 @@ public class Main
|
|||
|
||||
private boolean _showVersions=false;
|
||||
private List<String> _xml=new ArrayList<String>();
|
||||
private Set<String> _activeOptions = new HashSet<String>();
|
||||
private Set<String> _options = new HashSet<String>();
|
||||
|
||||
private Set<String> _policies = new HashSet<String>();
|
||||
|
||||
/*
|
||||
private String _config=System.getProperty("START","org/eclipse/jetty/start/start.config");
|
||||
|
@ -359,10 +361,9 @@ public class Main
|
|||
}
|
||||
|
||||
List<String> section=null;
|
||||
List<String> options=null;
|
||||
String o=getProperty("OPTIONS","default");
|
||||
options=Arrays.asList((o.toString()+",*").split("[ ,]"));
|
||||
List<String> unsatisfied_options = new ArrayList<String>(options);
|
||||
_activeOptions.addAll(Arrays.asList((o.toString()+",*").split("[ ,]")));
|
||||
List<String> unsatisfied_options = new ArrayList<String>( _activeOptions );
|
||||
|
||||
// Handle line by line
|
||||
String line=null;
|
||||
|
@ -382,7 +383,7 @@ public class Main
|
|||
_options.addAll(section);
|
||||
}
|
||||
|
||||
if (section!=null && Collections.disjoint(section,options))
|
||||
if (section!=null && Collections.disjoint(section,_activeOptions))
|
||||
continue;
|
||||
if (section!=null)
|
||||
unsatisfied_options.removeAll(section);
|
||||
|
@ -566,6 +567,17 @@ public class Main
|
|||
_classpath.addClasspath(cn);
|
||||
}
|
||||
}
|
||||
else if (subject.toLowerCase().endsWith(".policy"))
|
||||
{
|
||||
//policy file to parse
|
||||
String cn=expand(subject.substring(0,subject.length()-5));
|
||||
if (cn!=null&&cn.length()>0)
|
||||
{
|
||||
if (DEBUG)
|
||||
System.err.println(" POLICY="+cn);
|
||||
_policies.add(cn);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// single JAR file
|
||||
|
@ -668,11 +680,19 @@ public class Main
|
|||
Thread.currentThread().setContextClassLoader(cl);
|
||||
// re-eval the policy now that env is set
|
||||
try
|
||||
{
|
||||
if ( _activeOptions.contains("policy") )
|
||||
{
|
||||
Policy.setPolicy( new CustomPolicy( _policies ) );
|
||||
System.setSecurityManager( new SecurityManager() );
|
||||
}
|
||||
else
|
||||
{
|
||||
Policy policy=Policy.getPolicy();
|
||||
if (policy!=null)
|
||||
policy.refresh();
|
||||
}
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
e.printStackTrace();
|
||||
|
|
|
@ -142,7 +142,9 @@ $(jetty.home)/lib/jetty-annotations/**
|
|||
$(jetty.home)/lib/jetty-http-$(version).jar ! available org.eclipse.jetty.http.HttpParser
|
||||
$(jetty.home)/lib/jetty-client-$(version).jar ! available org.eclipse.jetty.client.HttpClient
|
||||
|
||||
|
||||
[All,policy]
|
||||
$(jetty.home)/resources/jetty.policy always
|
||||
# file://start.jar!org.eclipse.jetty.start.policy type reference to get core policy from inside start.jar?
|
||||
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue