org.apache.batik.util
Class ApplicationSecurityEnforcer

java.lang.Object
  org.apache.batik.util.ApplicationSecurityEnforcer

public class ApplicationSecurityEnforcer
extends Object

This is a helper class which helps applications enforce secure script execution.
It is used by the Squiggle browser as well as the rasterizer.
This class can install a SecurityManager for an application and resolves whether the application runs in a development environment or from a jar file (in other words, it resolves code-base issues for the application).

Version:

$Id: ApplicationSecurityEnforcer.java 1733416 2016-03-03 07:07:13Z gadams $

Author:

Vincent Hardy

Field Summary

static String	APP_MAIN_CLASS_DIR Directory where classes are expanded in the development version
protected Class	appMainClass The application's main entry point
protected String	appMainClassRelativeURL The resource name for the application's main class
static String	EXCEPTION_ALIEN_SECURITY_MANAGER Message for the SecurityException thrown when there is already a SecurityManager installed at the time Squiggle tries to install its own security settings.
static String	EXCEPTION_NO_POLICY_FILE Message for the NullPointerException thrown when no policy file can be found.
static String	JAR_PROTOCOL Files in a jar file have a URL with the jar protocol
static String	JAR_URL_FILE_SEPARATOR Used in jar file urls to separate the jar file name from the referenced file
protected BatikSecurityManager	lastSecurityManagerInstalled Keeps track of the last SecurityManager installed
static String	PROPERTY_APP_DEV_BASE System property for App's development base directory
static String	PROPERTY_APP_JAR_BASE System property for App's jars base directory
static String	PROPERTY_JAVA_SECURITY_POLICY System property for specifying an additional policy file.
protected String	securityPolicy The application's security policy

Constructor Summary

ApplicationSecurityEnforcer(Class appMainClass, String securityPolicy)
Creates a new ApplicationSecurityEnforcer.

ApplicationSecurityEnforcer(Class appMainClass, String securityPolicy, String appJarFile)
Deprecated. This constructor is now deprecated. Use the two argument constructor instead as this version will be removed after the 1.5beta4 release.

Method Summary

void	enforceSecurity(boolean enforce) Enforces security by installing a SecurityManager.
URL	getPolicyURL() Returns the url for the default policy.
void	installSecurityManager() Installs a SecurityManager on behalf of the application

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

EXCEPTION_ALIEN_SECURITY_MANAGER

public static final String EXCEPTION_ALIEN_SECURITY_MANAGER

Message for the SecurityException thrown when there is already a SecurityManager installed at the time Squiggle tries to install its own security settings.

See Also:

Constant Field Values

EXCEPTION_NO_POLICY_FILE

public static final String EXCEPTION_NO_POLICY_FILE

Message for the NullPointerException thrown when no policy file can be found.

See Also:

Constant Field Values

PROPERTY_JAVA_SECURITY_POLICY

public static final String PROPERTY_JAVA_SECURITY_POLICY

System property for specifying an additional policy file.

See Also:

Constant Field Values

JAR_PROTOCOL

public static final String JAR_PROTOCOL

Files in a jar file have a URL with the jar protocol

See Also:

Constant Field Values

JAR_URL_FILE_SEPARATOR

public static final String JAR_URL_FILE_SEPARATOR

Used in jar file urls to separate the jar file name from the referenced file

See Also:

Constant Field Values

PROPERTY_APP_DEV_BASE

public static final String PROPERTY_APP_DEV_BASE

System property for App's development base directory

See Also:

Constant Field Values

PROPERTY_APP_JAR_BASE

public static final String PROPERTY_APP_JAR_BASE

System property for App's jars base directory

See Also:

Constant Field Values

APP_MAIN_CLASS_DIR

public static final String APP_MAIN_CLASS_DIR

Directory where classes are expanded in the development version

See Also:

Constant Field Values

appMainClass

protected Class appMainClass

The application's main entry point

securityPolicy

protected String securityPolicy

The application's security policy

appMainClassRelativeURL

protected String appMainClassRelativeURL

The resource name for the application's main class

lastSecurityManagerInstalled

protected BatikSecurityManager lastSecurityManagerInstalled

Keeps track of the last SecurityManager installed

Constructor Detail

ApplicationSecurityEnforcer

public ApplicationSecurityEnforcer(Class appMainClass,
                                   String securityPolicy,
                                   String appJarFile)

Deprecated. This constructor is now deprecated. Use the two argument constructor instead as this version will be removed after the 1.5beta4 release.

Creates a new ApplicationSecurityEnforcer.

Parameters:

appMainClass - class of the applications's main entry point

securityPolicy - resource for the security policy which should be enforced for the application.

appJarFile - the Jar file into which the application is packaged.

ApplicationSecurityEnforcer

public ApplicationSecurityEnforcer(Class appMainClass,
                                   String securityPolicy)

Creates a new ApplicationSecurityEnforcer.

Parameters:

appMainClass - class of the applications's main entry point

securityPolicy - resource for the security policy which should be enforced for the application.

Method Detail

enforceSecurity

public void enforceSecurity(boolean enforce)

Enforces security by installing a SecurityManager. This will throw a SecurityException if installing a SecurityManager requires overriding an existing SecurityManager. In other words, this method will not install a new SecurityManager if there is already one it did not install in place.

getPolicyURL

public URL getPolicyURL()

Returns the url for the default policy. This never returns null, but it may throw a NullPointerException

installSecurityManager

public void installSecurityManager()

Installs a SecurityManager on behalf of the application