1 package org.eclipse.jetty.policy;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import java.io.File;
20 import java.io.FileInputStream;
21 import java.security.CodeSource;
22 import java.security.Permission;
23 import java.security.PermissionCollection;
24 import java.security.Permissions;
25 import java.security.Policy;
26 import java.security.Principal;
27 import java.security.ProtectionDomain;
28 import java.util.Collections;
29 import java.util.Enumeration;
30 import java.util.HashMap;
31 import java.util.Iterator;
32 import java.util.Map;
33 import java.util.Set;
34
35 import org.eclipse.jetty.policy.loader.DefaultPolicyLoader;
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58 public class JettyPolicy extends Policy
59 {
60
61 private Set<String> _policies;
62
63 private Map<ProtectionDomain, PolicyBlock> pdMapping =
64 Collections.synchronizedMap( new HashMap<ProtectionDomain, PolicyBlock>() );
65
66 private PolicyContext _context = new PolicyContext();
67
68 public JettyPolicy( Set<String> policies, Map<String,String> properties )
69 {
70 _policies = policies;
71 _context.setProperties( properties );
72
73
74 refresh();
75 }
76
77 public PermissionCollection getPermissions( ProtectionDomain domain )
78 {
79 PermissionCollection perms = new Permissions();
80
81 for ( Iterator<ProtectionDomain> i = pdMapping.keySet().iterator(); i.hasNext(); )
82 {
83 ProtectionDomain pd = (ProtectionDomain) i.next();
84
85 if ( pd.getCodeSource() == null || pd.getCodeSource().implies( domain.getCodeSource() ) && pd.getPrincipals() == null || validate( pd.getPrincipals(), domain.getPrincipals() ) )
86 {
87
88 if ( pdMapping.get( pd ) != null )
89 {
90 for ( Enumeration<Permission> e = pdMapping.get( pd ).getPermissions().elements(); e.hasMoreElements(); )
91 {
92 perms.add( e.nextElement() );
93 }
94 }
95
96
97 if ( pd.getPermissions() != null )
98 {
99 for ( Enumeration<Permission> e = pd.getPermissions().elements(); e.hasMoreElements(); )
100 {
101 perms.add( e.nextElement() );
102 }
103 }
104 }
105 }
106
107 return perms;
108 }
109
110 public PermissionCollection getPermissions( CodeSource codesource )
111 {
112 PermissionCollection perms = new Permissions();
113
114 for ( Iterator<ProtectionDomain> i = pdMapping.keySet().iterator(); i.hasNext(); )
115 {
116 ProtectionDomain pd = (ProtectionDomain) i.next();
117
118 if ( pd.getCodeSource() == null || pd.getCodeSource().implies( codesource ) )
119 {
120
121 if ( pdMapping.get( pd ) != null )
122 {
123 for ( Enumeration<Permission> e = pdMapping.get( pd ).getPermissions().elements(); e.hasMoreElements(); )
124 {
125 perms.add( e.nextElement() );
126 }
127 }
128
129
130 if ( pd.getPermissions() != null )
131 {
132 for ( Enumeration<Permission> e = pd.getPermissions().elements(); e.hasMoreElements(); )
133 {
134 perms.add( e.nextElement() );
135 }
136 }
137 }
138 }
139
140 return perms;
141 }
142
143 private static boolean validate( Principal[] permCerts, Principal[] classCerts )
144 {
145 if ( classCerts == null )
146 {
147 return false;
148 }
149
150 for ( int i = 0; i < permCerts.length; ++i )
151 {
152 boolean found = false;
153 for ( int j = 0; j < classCerts.length; ++j )
154 {
155 if ( permCerts[i].equals( classCerts[j] ) )
156 {
157 found = true;
158 break;
159 }
160 }
161
162 if ( found == false )
163 {
164 return false;
165 }
166 }
167
168 return true;
169 }
170
171 public void refresh()
172 {
173 try
174 {
175 pdMapping.clear();
176
177 for ( Iterator<String> i = _policies.iterator(); i.hasNext(); )
178 {
179 File policyFile = new File( i.next() );
180 pdMapping.putAll( DefaultPolicyLoader.load( new FileInputStream( policyFile ), _context ) );
181 }
182
183
184
185
186
187 }
188 catch ( Exception e )
189 {
190 e.printStackTrace();
191 }
192 }
193 }