stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8131350: policytool can directly reference permission classes

Browse Source 
Reviewed-by: xuelei, mullan
This commit is contained in:
Weijun Wang 2015-07-20 20:47:54 +08:00
parent d9cbd23d50
commit 9866d4239d
1 changed files with 152 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

327
jdk/src/jdk.policytool/share/classes/sun/security/tools/policytool/PolicyTool.java
View File

@ -633,17 +633,16 @@ public class PolicyTool {
type.equals(PolicyParser.PrincipalEntry.REPLACE_NAME)) { type.equals(PolicyParser.PrincipalEntry.REPLACE_NAME)) {
return; return;
} }
Class<?> PRIN = Class.forName("java.security.Principal");
Class<?> pc = Class.forName(type, true, Class<?> pc = Class.forName(type, true,
Thread.currentThread().getContextClassLoader()); Thread.currentThread().getContextClassLoader());
if (!PRIN.isAssignableFrom(pc)) { if (!Principal.class.isAssignableFrom(pc)) {
MessageFormat form = new MessageFormat(getMessage MessageFormat form = new MessageFormat(getMessage
("Illegal.Principal.Type.type")); ("Illegal.Principal.Type.type"));
Object[] source = {type}; Object[] source = {type};
throw new InstantiationException(form.format(source)); throw new InstantiationException(form.format(source));
} }
if (ToolDialog.X500_PRIN_CLASS.equals(pc.getName())) { if (X500Principal.class.getName().equals(pc.getName())) {
// PolicyParser checks validity of X500Principal name // PolicyParser checks validity of X500Principal name
// - PolicyTool needs to as well so that it doesn't store // - PolicyTool needs to as well so that it doesn't store
// an invalid name that can't be read in later // an invalid name that can't be read in later
@ -1563,14 +1562,6 @@ class ToolDialog extends JDialog {
public static final int NEW = 2; public static final int NEW = 2;
public static final int OPEN = 3; public static final int OPEN = 3;
public static final String ALL_PERM_CLASS =
"java.security.AllPermission";
public static final String FILE_PERM_CLASS =
"java.io.FilePermission";
public static final String X500_PRIN_CLASS =
"javax.security.auth.x500.X500Principal";
/* popup menus */ /* popup menus */
public static final String PERM = public static final String PERM =
PolicyTool.getMessage PolicyTool.getMessage
@ -1752,11 +1743,11 @@ class ToolDialog extends JDialog {
for (int i = 0; i < PERM_ARRAY.size(); i++) { for (int i = 0; i < PERM_ARRAY.size(); i++) {
Perm next = PERM_ARRAY.get(i); Perm next = PERM_ARRAY.get(i);
if (fullClassName) { if (fullClassName) {
if (next.FULL_CLASS.equals(clazz)) { if (next.getName().equals(clazz)) {
return next; return next;
} }
} else { } else {
if (next.CLASS.equals(clazz)) { if (next.getSimpleName().equals(clazz)) {
return next; return next;
} }
} }
@ -1772,11 +1763,11 @@ class ToolDialog extends JDialog {
for (int i = 0; i < PRIN_ARRAY.size(); i++) { for (int i = 0; i < PRIN_ARRAY.size(); i++) {
Prin next = PRIN_ARRAY.get(i); Prin next = PRIN_ARRAY.get(i);
if (fullClassName) { if (fullClassName) {
if (next.FULL_CLASS.equals(clazz)) { if (next.getName().equals(clazz)) {
return next; return next;
} }
} else { } else {
if (next.CLASS.equals(clazz)) { if (next.getSimpleName().equals(clazz)) {
return next; return next;
} }
} }
@ -2170,7 +2161,7 @@ class ToolDialog extends JDialog {
choice.getAccessibleContext().setAccessibleName(PRIN_TYPE); choice.getAccessibleContext().setAccessibleName(PRIN_TYPE);
for (int i = 0; i < PRIN_ARRAY.size(); i++) { for (int i = 0; i < PRIN_ARRAY.size(); i++) {
Prin next = PRIN_ARRAY.get(i); Prin next = PRIN_ARRAY.get(i);
choice.addItem(next.CLASS); choice.addItem(next.getSimpleName());
} }
if (edit) { if (edit) {
@ -2180,7 +2171,7 @@ class ToolDialog extends JDialog {
} else { } else {
Prin inputPrin = getPrin(editMe.getPrincipalClass(), true); Prin inputPrin = getPrin(editMe.getPrincipalClass(), true);
if (inputPrin != null) { if (inputPrin != null) {
choice.setSelectedItem(inputPrin.CLASS); choice.setSelectedItem(inputPrin.getSimpleName());
} }
} }
} }
@ -2286,7 +2277,7 @@ class ToolDialog extends JDialog {
choice.getAccessibleContext().setAccessibleName(PERM); choice.getAccessibleContext().setAccessibleName(PERM);
for (int i = 0; i < PERM_ARRAY.size(); i++) { for (int i = 0; i < PERM_ARRAY.size(); i++) {
Perm next = PERM_ARRAY.get(i); Perm next = PERM_ARRAY.get(i);
choice.addItem(next.CLASS); choice.addItem(next.getSimpleName());
} }
tw.addNewComponent(newTD, choice, PD_PERM_CHOICE, tw.addNewComponent(newTD, choice, PD_PERM_CHOICE,
0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH, 0, 1, 1, 1, 0.0, 0.0, GridBagConstraints.BOTH,
@ -2300,7 +2291,7 @@ class ToolDialog extends JDialog {
if (edit) { if (edit) {
Perm inputPerm = getPerm(editMe.permission, true); Perm inputPerm = getPerm(editMe.permission, true);
if (inputPerm != null) { if (inputPerm != null) {
choice.setSelectedItem(inputPerm.CLASS); choice.setSelectedItem(inputPerm.getSimpleName());
} }
} }
tw.addNewComponent(newTD, tf, PD_PERM_TEXTFIELD, tw.addNewComponent(newTD, tf, PD_PERM_TEXTFIELD,
@ -2417,7 +2408,7 @@ class ToolDialog extends JDialog {
"\t'" + pname + "' will be interpreted " + "\t'" + pname + "' will be interpreted " +
"as a key store alias.\n" + "as a key store alias.\n" +
"\tThe final principal class will be " + "\tThe final principal class will be " +
ToolDialog.X500_PRIN_CLASS + ".\n" + X500Principal.class.getName() + ".\n" +
"\tThe final principal name will be " + "\tThe final principal name will be " +
"determined by the following:\n" + "determined by the following:\n" +
"\n" + "\n" +
@ -2452,7 +2443,7 @@ class ToolDialog extends JDialog {
if (tf.getText().trim().equals("") == false) if (tf.getText().trim().equals("") == false)
name = new String(tf.getText().trim()); name = new String(tf.getText().trim());
if (permission.equals("") || if (permission.equals("") ||
(!permission.equals(ALL_PERM_CLASS) && name == null)) { (!permission.equals(AllPermission.class.getName()) && name == null)) {
throw new InvalidParameterException(PolicyTool.getMessage throw new InvalidParameterException(PolicyTool.getMessage
("Permission.and.Target.Name.must.have.a.value")); ("Permission.and.Target.Name.must.have.a.value"));
} }
@ -2467,7 +2458,8 @@ class ToolDialog extends JDialog {
// \\server\share 0, legal // \\server\share 0, legal
// \\\\server\share 2, illegal // \\\\server\share 2, illegal
if (permission.equals(FILE_PERM_CLASS) && name.lastIndexOf("\\\\") > 0) { if (permission.equals(FilePermission.class.getName())
&& name.lastIndexOf("\\\\") > 0) {
char result = tw.displayYesNoDialog(this, char result = tw.displayYesNoDialog(this,
PolicyTool.getMessage("Warning"), PolicyTool.getMessage("Warning"),
PolicyTool.getMessage( PolicyTool.getMessage(
@ -3645,7 +3637,7 @@ class PrincipalTypeMenuListener implements ItemListener {
if (prinField.getText() != null && if (prinField.getText() != null &&
prinField.getText().length() > 0) { prinField.getText().length() > 0) {
Prin inputPrin = ToolDialog.getPrin(prinField.getText(), true); Prin inputPrin = ToolDialog.getPrin(prinField.getText(), true);
prin.setSelectedItem(inputPrin.CLASS); prin.setSelectedItem(inputPrin.getSimpleName());
} }
return; return;
} }
@ -3660,7 +3652,7 @@ class PrincipalTypeMenuListener implements ItemListener {
// set of names and actions // set of names and actions
Prin inputPrin = ToolDialog.getPrin((String)e.getItem(), false); Prin inputPrin = ToolDialog.getPrin((String)e.getItem(), false);
if (inputPrin != null) { if (inputPrin != null) {
prinField.setText(inputPrin.FULL_CLASS); prinField.setText(inputPrin.getName());
} }
} }
} }
@ -3711,7 +3703,7 @@ class PermissionMenuListener implements ItemListener {
Perm inputPerm = ToolDialog.getPerm(permField.getText(), true); Perm inputPerm = ToolDialog.getPerm(permField.getText(), true);
if (inputPerm != null) { if (inputPerm != null) {
perms.setSelectedItem(inputPerm.CLASS); perms.setSelectedItem(inputPerm.getSimpleName());
} }
} }
return; return;
@ -3732,7 +3724,7 @@ class PermissionMenuListener implements ItemListener {
if (inputPerm == null) { if (inputPerm == null) {
permField.setText(""); permField.setText("");
} else { } else {
permField.setText(inputPerm.FULL_CLASS); permField.setText(inputPerm.getName());
} }
td.setPermissionNames(inputPerm, names, nameField); td.setPermissionNames(inputPerm, names, nameField);
td.setPermissionActions(inputPerm, actions, actionsField); td.setPermissionActions(inputPerm, actions, actionsField);
@ -4082,26 +4074,30 @@ class TaggedList extends JList<String> {
*/ */
class Prin { class Prin {
public final String CLASS; final Class<? extends Principal> CLASS;
public final String FULL_CLASS;
public Prin(String clazz, String fullClass) { Prin(Class<? extends Principal> clazz) {
this.CLASS = clazz; this.CLASS = clazz;
this.FULL_CLASS = fullClass; }
String getName() {
return CLASS.getName();
}
String getSimpleName() {
return CLASS.getSimpleName();
} }
} }
class KrbPrin extends Prin { class KrbPrin extends Prin {
public KrbPrin() { KrbPrin() {
super("KerberosPrincipal", super(javax.security.auth.kerberos.KerberosPrincipal.class);
"javax.security.auth.kerberos.KerberosPrincipal");
} }
} }
class X500Prin extends Prin { class X500Prin extends Prin {
public X500Prin() { X500Prin() {
super("X500Principal", super(javax.security.auth.x500.X500Principal.class);
"javax.security.auth.x500.X500Principal");
} }
} }
@ -4110,44 +4106,48 @@ class X500Prin extends Prin {
*/ */
class Perm { class Perm {
public final String CLASS; final Class<? extends Permission> CLASS;
public final String FULL_CLASS; final String[] TARGETS;
public final String[] TARGETS; final String[] ACTIONS;
public final String[] ACTIONS;
public Perm(String clazz, String fullClass, Perm(Class<? extends Permission> clazz,
String[] targets, String[] actions) { String[] targets, String[] actions) {
this.CLASS = clazz; this.CLASS = clazz;
this.FULL_CLASS = fullClass;
this.TARGETS = targets; this.TARGETS = targets;
this.ACTIONS = actions; this.ACTIONS = actions;
} }
String getName() {
return CLASS.getName();
}
String getSimpleName() {
return CLASS.getSimpleName();
}
} }
class AllPerm extends Perm { class AllPerm extends Perm {
public AllPerm() { AllPerm() {
super("AllPermission", "java.security.AllPermission", null, null); super(java.security.AllPermission.class, null, null);
} }
} }
class AudioPerm extends Perm { class AudioPerm extends Perm {
public AudioPerm() { AudioPerm() {
super("AudioPermission", super(javax.sound.sampled.AudioPermission.class,
"javax.sound.sampled.AudioPermission", new String[] {
new String[] {
"play", "play",
"record" "record"
}, },
null); null);
} }
} }
class AuthPerm extends Perm { class AuthPerm extends Perm {
public AuthPerm() { AuthPerm() {
super("AuthPermission", super(javax.security.auth.AuthPermission.class,
"javax.security.auth.AuthPermission", new String[] {
new String[] {
"doAs", "doAs",
"doAsPrivileged", "doAsPrivileged",
"getSubject", "getSubject",
@ -4165,15 +4165,14 @@ class AuthPerm extends Perm {
PolicyTool.getMessage("configuration.type") + ">", PolicyTool.getMessage("configuration.type") + ">",
"refreshLoginConfiguration" "refreshLoginConfiguration"
}, },
null); null);
} }
} }
class AWTPerm extends Perm { class AWTPerm extends Perm {
public AWTPerm() { AWTPerm() {
super("AWTPermission", super(java.awt.AWTPermission.class,
"java.awt.AWTPermission", new String[] {
new String[] {
"accessClipboard", "accessClipboard",
"accessEventQueue", "accessEventQueue",
"accessSystemTray", "accessSystemTray",
@ -4187,30 +4186,28 @@ class AWTPerm extends Perm {
"showWindowWithoutWarningBanner", "showWindowWithoutWarningBanner",
"toolkitModality", "toolkitModality",
"watchMousePointer" "watchMousePointer"
}, },
null); null);
} }
} }
class DelegationPerm extends Perm { class DelegationPerm extends Perm {
public DelegationPerm() { DelegationPerm() {
super("DelegationPermission", super(javax.security.auth.kerberos.DelegationPermission.class,
"javax.security.auth.kerberos.DelegationPermission", new String[] {
new String[] {
// allow user input // allow user input
}, },
null); null);
} }
} }
class FilePerm extends Perm { class FilePerm extends Perm {
public FilePerm() { FilePerm() {
super("FilePermission", super(java.io.FilePermission.class,
"java.io.FilePermission", new String[] {
new String[] {
"<<ALL FILES>>" "<<ALL FILES>>"
}, },
new String[] { new String[] {
"read", "read",
"write", "write",
"delete", "delete",
@ -4220,64 +4217,59 @@ class FilePerm extends Perm {
} }
class URLPerm extends Perm { class URLPerm extends Perm {
public URLPerm() { URLPerm() {
super("URLPermission", super(java.net.URLPermission.class,
"java.net.URLPermission", new String[] {
new String[] { "<"+ PolicyTool.getMessage("url") + ">",
"<"+ PolicyTool.getMessage("url") + ">", },
}, new String[] {
new String[] { "<" + PolicyTool.getMessage("method.list") + ">:<"
"<" + PolicyTool.getMessage("method.list") + ">:<" + PolicyTool.getMessage("request.headers.list") + ">",
+ PolicyTool.getMessage("request.headers.list") + ">", });
});
} }
} }
class InqSecContextPerm extends Perm { class InqSecContextPerm extends Perm {
public InqSecContextPerm() { InqSecContextPerm() {
super("InquireSecContextPermission", super(com.sun.security.jgss.InquireSecContextPermission.class,
"com.sun.security.jgss.InquireSecContextPermission", new String[] {
new String[] {
"KRB5_GET_SESSION_KEY", "KRB5_GET_SESSION_KEY",
"KRB5_GET_TKT_FLAGS", "KRB5_GET_TKT_FLAGS",
"KRB5_GET_AUTHZ_DATA", "KRB5_GET_AUTHZ_DATA",
"KRB5_GET_AUTHTIME" "KRB5_GET_AUTHTIME"
}, },
null); null);
} }
} }
class LogPerm extends Perm { class LogPerm extends Perm {
public LogPerm() { LogPerm() {
super("LoggingPermission", super(java.util.logging.LoggingPermission.class,
"java.util.logging.LoggingPermission", new String[] {
new String[] {
"control" "control"
}, },
null); null);
} }
} }
class MgmtPerm extends Perm { class MgmtPerm extends Perm {
public MgmtPerm() { MgmtPerm() {
super("ManagementPermission", super(java.lang.management.ManagementPermission.class,
"java.lang.management.ManagementPermission", new String[] {
new String[] {
"control", "control",
"monitor" "monitor"
}, },
null); null);
} }
} }
class MBeanPerm extends Perm { class MBeanPerm extends Perm {
public MBeanPerm() { MBeanPerm() {
super("MBeanPermission", super(javax.management.MBeanPermission.class,
"javax.management.MBeanPermission", new String[] {
new String[] {
// allow user input // allow user input
}, },
new String[] { new String[] {
"addNotificationListener", "addNotificationListener",
"getAttribute", "getAttribute",
"getClassLoader", "getClassLoader",
@ -4300,35 +4292,32 @@ class MBeanPerm extends Perm {
} }
class MBeanSvrPerm extends Perm { class MBeanSvrPerm extends Perm {
public MBeanSvrPerm() { MBeanSvrPerm() {
super("MBeanServerPermission", super(javax.management.MBeanServerPermission.class,
"javax.management.MBeanServerPermission", new String[] {
new String[] {
"createMBeanServer", "createMBeanServer",
"findMBeanServer", "findMBeanServer",
"newMBeanServer", "newMBeanServer",
"releaseMBeanServer" "releaseMBeanServer"
}, },
null); null);
} }
} }
class MBeanTrustPerm extends Perm { class MBeanTrustPerm extends Perm {
public MBeanTrustPerm() { MBeanTrustPerm() {
super("MBeanTrustPermission", super(javax.management.MBeanTrustPermission.class,
"javax.management.MBeanTrustPermission", new String[] {
new String[] {
"register" "register"
}, },
null); null);
} }
} }
class NetPerm extends Perm { class NetPerm extends Perm {
public NetPerm() { NetPerm() {
super("NetPermission", super(java.net.NetPermission.class,
"java.net.NetPermission", new String[] {
new String[] {
"allowHttpTrace", "allowHttpTrace",
"setDefaultAuthenticator", "setDefaultAuthenticator",
"requestPasswordAuthentication", "requestPasswordAuthentication",
@ -4341,43 +4330,40 @@ class NetPerm extends Perm {
"setResponseCache", "setResponseCache",
"getResponseCache" "getResponseCache"
}, },
null); null);
} }
} }
class NetworkPerm extends Perm { class NetworkPerm extends Perm {
public NetworkPerm() { NetworkPerm() {
super("NetworkPermission", super(jdk.net.NetworkPermission.class,
"jdk.net.NetworkPermission", new String[] {
new String[] {
"setOption.SO_FLOW_SLA", "setOption.SO_FLOW_SLA",
"getOption.SO_FLOW_SLA" "getOption.SO_FLOW_SLA"
}, },
null); null);
} }
} }
class PrivCredPerm extends Perm { class PrivCredPerm extends Perm {
public PrivCredPerm() { PrivCredPerm() {
super("PrivateCredentialPermission", super(javax.security.auth.PrivateCredentialPermission.class,
"javax.security.auth.PrivateCredentialPermission", new String[] {
new String[] {
// allow user input // allow user input
}, },
new String[] { new String[] {
"read" "read"
}); });
} }
} }
class PropPerm extends Perm { class PropPerm extends Perm {
public PropPerm() { PropPerm() {
super("PropertyPermission", super(java.util.PropertyPermission.class,
"java.util.PropertyPermission", new String[] {
new String[] {
// allow user input // allow user input
}, },
new String[] { new String[] {
"read", "read",
"write" "write"
}); });
@ -4385,21 +4371,19 @@ class PropPerm extends Perm {
} }
class ReflectPerm extends Perm { class ReflectPerm extends Perm {
public ReflectPerm() { ReflectPerm() {
super("ReflectPermission", super(java.lang.reflect.ReflectPermission.class,
"java.lang.reflect.ReflectPermission", new String[] {
new String[] {
"suppressAccessChecks" "suppressAccessChecks"
}, },
null); null);
} }
} }
class RuntimePerm extends Perm { class RuntimePerm extends Perm {
public RuntimePerm() { RuntimePerm() {
super("RuntimePermission", super(java.lang.RuntimePermission.class,
"java.lang.RuntimePermission", new String[] {
new String[] {
"createClassLoader", "createClassLoader",
"getClassLoader", "getClassLoader",
"setContextClassLoader", "setContextClassLoader",
@ -4432,15 +4416,14 @@ class RuntimePerm extends Perm {
"usePolicy", "usePolicy",
// "inheritedChannel" // "inheritedChannel"
}, },
null); null);
} }
} }
class SecurityPerm extends Perm { class SecurityPerm extends Perm {
public SecurityPerm() { SecurityPerm() {
super("SecurityPermission", super(java.security.SecurityPermission.class,
"java.security.SecurityPermission", new String[] {
new String[] {
"createAccessControlContext", "createAccessControlContext",
"getDomainCombiner", "getDomainCombiner",
"getPolicy", "getPolicy",
@ -4470,30 +4453,28 @@ class SecurityPerm extends Perm {
//"getSignerPrivateKey", //"getSignerPrivateKey",
//"setSignerKeyPair" //"setSignerKeyPair"
}, },
null); null);
} }
} }
class SerialPerm extends Perm { class SerialPerm extends Perm {
public SerialPerm() { SerialPerm() {
super("SerializablePermission", super(java.io.SerializablePermission.class,
"java.io.SerializablePermission", new String[] {
new String[] {
"enableSubclassImplementation", "enableSubclassImplementation",
"enableSubstitution" "enableSubstitution"
}, },
null); null);
} }
} }
class ServicePerm extends Perm { class ServicePerm extends Perm {
public ServicePerm() { ServicePerm() {
super("ServicePermission", super(javax.security.auth.kerberos.ServicePermission.class,
"javax.security.auth.kerberos.ServicePermission", new String[] {
new String[] {
// allow user input // allow user input
}, },
new String[] { new String[] {
"initiate", "initiate",
"accept" "accept"
}); });
@ -4501,13 +4482,12 @@ class ServicePerm extends Perm {
} }
class SocketPerm extends Perm { class SocketPerm extends Perm {
public SocketPerm() { SocketPerm() {
super("SocketPermission", super(java.net.SocketPermission.class,
"java.net.SocketPermission", new String[] {
new String[] {
// allow user input // allow user input
}, },
new String[] { new String[] {
"accept", "accept",
"connect", "connect",
"listen", "listen",
@ -4517,38 +4497,35 @@ class SocketPerm extends Perm {
} }
class SQLPerm extends Perm { class SQLPerm extends Perm {
public SQLPerm() { SQLPerm() {
super("SQLPermission", super(java.sql.SQLPermission.class,
"java.sql.SQLPermission", new String[] {
new String[] {
"setLog", "setLog",
"callAbort", "callAbort",
"setSyncFactory", "setSyncFactory",
"setNetworkTimeout", "setNetworkTimeout",
}, },
null); null);
} }
} }
class SSLPerm extends Perm { class SSLPerm extends Perm {
public SSLPerm() { SSLPerm() {
super("SSLPermission", super(javax.net.ssl.SSLPermission.class,
"javax.net.ssl.SSLPermission", new String[] {
new String[] {
"setHostnameVerifier", "setHostnameVerifier",
"getSSLSessionContext" "getSSLSessionContext"
}, },
null); null);
} }
} }
class SubjDelegPerm extends Perm { class SubjDelegPerm extends Perm {
public SubjDelegPerm() { SubjDelegPerm() {
super("SubjectDelegationPermission", super(javax.management.remote.SubjectDelegationPermission.class,
"javax.management.remote.SubjectDelegationPermission", new String[] {
new String[] {
// allow user input // allow user input
}, },
null); null);
} }
} }