[BUG 277551] initial integration for the OPTIONS=policy mechanism, the wiring is here, need to find or write a policy file parser though, nothing seems appropraite license wise I have seen so far

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@263 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Jesse McConnell 2009-05-22 21:20:14 +00:00
parent 0b8640696d
commit 9442ab7eee
3 changed files with 103 additions and 9 deletions

View File

@ -0,0 +1,72 @@
package org.eclipse.jetty.start;
//========================================================================
//Copyright (c) 2003-2009 Mort Bay Consulting Pty. Ltd.
//------------------------------------------------------------------------
//All rights reserved. This program and the accompanying materials
//are made available under the terms of the Eclipse Public License v1.0
//and Apache License v2.0 which accompanies this distribution.
//The Eclipse Public License is available at
//http://www.eclipse.org/legal/epl-v10.html
//The Apache License v2.0 is available at
//http://www.opensource.org/licenses/apache2.0.php
//You may elect to redistribute this code under either of these licenses.
//========================================================================
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Set;
/**
* CustomPolicy is initialized with a set file policy files which it parses for
* policy information the same as any other PolicyFile implementation and proxies
* the system policy implementation if the local ones do not match
*
* TODO wire in a mechanism to parse the policy files, can't believe there is no
* general way to do this..boggle, as it stands right now this will fail to load
* when using custom security policies as simply enabling the SecurityManager
* like we are kills normal jetty startup because it accesses a host of properties
* that need to be enabled in the jetty.policy file.
*
* Thinking we should pull a default policy file from the start.jar next to the
* start.config file and also allow for a default one to be specified in
* resources/jetty.policy of the distribution.
*/
public class CustomPolicy extends Policy
{
private static final Policy _originalPolicy = Policy.getPolicy();
private Set<String> _policies;
public CustomPolicy( Set<String> policies )
{
_policies = policies;
}
public PermissionCollection getPermissions(ProtectionDomain domain)
{
System.out.println ("CustomPolicy:getPermissions:" + domain );
return _originalPolicy.getPermissions(domain);
}
public boolean implies(ProtectionDomain domain, Permission permission)
{
System.out.println ("CustomPolicy:implies:" );
return _originalPolicy.implies(domain, permission);
}
public PermissionCollection getPermissions(CodeSource codesource)
{
System.out.println ("CustomPolicy:" + codesource );
return _originalPolicy.getPermissions(codesource);
}
public void refresh()
{
_originalPolicy.refresh();
}
}

View File

@ -31,6 +31,7 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -115,8 +116,9 @@ public class Main
private boolean _showVersions=false;
private List<String> _xml=new ArrayList<String>();
private Set<String> _activeOptions = new HashSet<String>();
private Set<String> _options = new HashSet<String>();
private Set<String> _policies = new HashSet<String>();
/*
private String _config=System.getProperty("START","org/eclipse/jetty/start/start.config");
@ -359,10 +361,9 @@ public class Main
}
List<String> section=null;
List<String> options=null;
String o=getProperty("OPTIONS","default");
options=Arrays.asList((o.toString()+",*").split("[ ,]"));
List<String> unsatisfied_options = new ArrayList<String>(options);
_activeOptions.addAll(Arrays.asList((o.toString()+",*").split("[ ,]")));
List<String> unsatisfied_options = new ArrayList<String>( _activeOptions );
// Handle line by line
String line=null;
@ -382,7 +383,7 @@ public class Main
_options.addAll(section);
}
if (section!=null && Collections.disjoint(section,options))
if (section!=null && Collections.disjoint(section,_activeOptions))
continue;
if (section!=null)
unsatisfied_options.removeAll(section);
@ -566,6 +567,17 @@ public class Main
_classpath.addClasspath(cn);
}
}
else if (subject.toLowerCase().endsWith(".policy"))
{
//policy file to parse
String cn=expand(subject.substring(0,subject.length()-5));
if (cn!=null&&cn.length()>0)
{
if (DEBUG)
System.err.println(" POLICY="+cn);
_policies.add(cn);
}
}
else
{
// single JAR file
@ -668,11 +680,19 @@ public class Main
Thread.currentThread().setContextClassLoader(cl);
// re-eval the policy now that env is set
try
{
if ( _activeOptions.contains("policy") )
{
Policy.setPolicy( new CustomPolicy( _policies ) );
System.setSecurityManager( new SecurityManager() );
}
else
{
Policy policy=Policy.getPolicy();
if (policy!=null)
policy.refresh();
}
}
catch (Exception e)
{
e.printStackTrace();

View File

@ -142,7 +142,9 @@ $(jetty.home)/lib/jetty-annotations/**
$(jetty.home)/lib/jetty-http-$(version).jar ! available org.eclipse.jetty.http.HttpParser
$(jetty.home)/lib/jetty-client-$(version).jar ! available org.eclipse.jetty.client.HttpClient
[All,policy]
$(jetty.home)/resources/jetty.policy always
# file://start.jar!org.eclipse.jetty.start.policy type reference to get core policy from inside start.jar?