Class ApplicationSecurityEnforcer


  • public class ApplicationSecurityEnforcer
    extends java.lang.Object
    This is a helper class which helps applications enforce secure script execution.
    It is used by the Squiggle browser as well as the rasterizer.
    This class can install a SecurityManager for an application and resolves whether the application runs in a development environment or from a jar file (in other words, it resolves code-base issues for the application).
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String APP_MAIN_CLASS_DIR
      Directory where classes are expanded in the development version
      protected java.lang.Class appMainClass
      The application's main entry point
      protected java.lang.String appMainClassRelativeURL
      The resource name for the application's main class
      static java.lang.String EXCEPTION_ALIEN_SECURITY_MANAGER
      Message for the SecurityException thrown when there is already a SecurityManager installed at the time Squiggle tries to install its own security settings.
      static java.lang.String EXCEPTION_NO_POLICY_FILE
      Message for the NullPointerException thrown when no policy file can be found.
      static java.lang.String JAR_PROTOCOL
      Files in a jar file have a URL with the jar protocol
      static java.lang.String JAR_URL_FILE_SEPARATOR
      Used in jar file urls to separate the jar file name from the referenced file
      protected BatikSecurityManager lastSecurityManagerInstalled
      Keeps track of the last SecurityManager installed
      static java.lang.String PROPERTY_APP_DEV_BASE
      System property for App's development base directory
      static java.lang.String PROPERTY_APP_JAR_BASE
      System property for App's jars base directory
      static java.lang.String PROPERTY_JAVA_SECURITY_POLICY
      System property for specifying an additional policy file.
      protected java.lang.String securityPolicy
      The application's security policy
    • Constructor Summary

      Constructors 
      Constructor Description
      ApplicationSecurityEnforcer​(java.lang.Class appMainClass, java.lang.String securityPolicy)
      Creates a new ApplicationSecurityEnforcer.
      ApplicationSecurityEnforcer​(java.lang.Class appMainClass, java.lang.String securityPolicy, java.lang.String appJarFile)
      Deprecated.
      This constructor is now deprecated.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void enforceSecurity​(boolean enforce)
      Enforces security by installing a SecurityManager.
      java.net.URL getPolicyURL()
      Returns the url for the default policy.
      void installSecurityManager()
      Installs a SecurityManager on behalf of the application
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • EXCEPTION_ALIEN_SECURITY_MANAGER

        public static final java.lang.String EXCEPTION_ALIEN_SECURITY_MANAGER
        Message for the SecurityException thrown when there is already a SecurityManager installed at the time Squiggle tries to install its own security settings.
        See Also:
        Constant Field Values
      • EXCEPTION_NO_POLICY_FILE

        public static final java.lang.String EXCEPTION_NO_POLICY_FILE
        Message for the NullPointerException thrown when no policy file can be found.
        See Also:
        Constant Field Values
      • PROPERTY_JAVA_SECURITY_POLICY

        public static final java.lang.String PROPERTY_JAVA_SECURITY_POLICY
        System property for specifying an additional policy file.
        See Also:
        Constant Field Values
      • JAR_PROTOCOL

        public static final java.lang.String JAR_PROTOCOL
        Files in a jar file have a URL with the jar protocol
        See Also:
        Constant Field Values
      • JAR_URL_FILE_SEPARATOR

        public static final java.lang.String JAR_URL_FILE_SEPARATOR
        Used in jar file urls to separate the jar file name from the referenced file
        See Also:
        Constant Field Values
      • PROPERTY_APP_DEV_BASE

        public static final java.lang.String PROPERTY_APP_DEV_BASE
        System property for App's development base directory
        See Also:
        Constant Field Values
      • PROPERTY_APP_JAR_BASE

        public static final java.lang.String PROPERTY_APP_JAR_BASE
        System property for App's jars base directory
        See Also:
        Constant Field Values
      • APP_MAIN_CLASS_DIR

        public static final java.lang.String APP_MAIN_CLASS_DIR
        Directory where classes are expanded in the development version
        See Also:
        Constant Field Values
      • appMainClass

        protected java.lang.Class appMainClass
        The application's main entry point
      • securityPolicy

        protected java.lang.String securityPolicy
        The application's security policy
      • appMainClassRelativeURL

        protected java.lang.String appMainClassRelativeURL
        The resource name for the application's main class
      • lastSecurityManagerInstalled

        protected BatikSecurityManager lastSecurityManagerInstalled
        Keeps track of the last SecurityManager installed
    • Constructor Detail

      • ApplicationSecurityEnforcer

        public ApplicationSecurityEnforcer​(java.lang.Class appMainClass,
                                           java.lang.String securityPolicy,
                                           java.lang.String appJarFile)
        Deprecated.
        This constructor is now deprecated. Use the two argument constructor instead as this version will be removed after the 1.5beta4 release.
        Creates a new ApplicationSecurityEnforcer.
        Parameters:
        appMainClass - class of the applications's main entry point
        securityPolicy - resource for the security policy which should be enforced for the application.
        appJarFile - the Jar file into which the application is packaged.
      • ApplicationSecurityEnforcer

        public ApplicationSecurityEnforcer​(java.lang.Class appMainClass,
                                           java.lang.String securityPolicy)
        Creates a new ApplicationSecurityEnforcer.
        Parameters:
        appMainClass - class of the applications's main entry point
        securityPolicy - resource for the security policy which should be enforced for the application.
    • Method Detail

      • enforceSecurity

        public void enforceSecurity​(boolean enforce)
        Enforces security by installing a SecurityManager. This will throw a SecurityException if installing a SecurityManager requires overriding an existing SecurityManager. In other words, this method will not install a new SecurityManager if there is already one it did not install in place.
      • getPolicyURL

        public java.net.URL getPolicyURL()
        Returns the url for the default policy. This never returns null, but it may throw a NullPointerException
      • installSecurityManager

        public void installSecurityManager()
        Installs a SecurityManager on behalf of the application