diff --git a/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java b/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java --- a/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java +++ b/netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java @@ -264,7 +264,8 @@ // new SettingsPanel(Translator.R("CPTabRuntimes"), createRuntimesSettingsPanel()), new SettingsPanel(Translator.R("CPTabSecurity"), createSecuritySettingsPanel()), //todo refactor to work with tmp file and apply as asu designed it - new SettingsPanel(Translator.R("APPEXTSECControlPanelExtendedAppletSecurityTitle"), new UnsignedAppletsTrustingListPanel(DeploymentConfiguration.getAppletTrustGlobalSettingsPath(),DeploymentConfiguration.getAppletTrustUserSettingsPath(), this.config) ) + new SettingsPanel(Translator.R("CPTabPolicy"), createPolicySettingsPanel()), + new SettingsPanel(Translator.R("APPEXTSECControlPanelExtendedAppletSecurityTitle"), new UnsignedAppletsTrustingListPanel(DeploymentConfiguration.getAppletTrustGlobalSettingsPath(), DeploymentConfiguration.getAppletTrustUserSettingsPath(), this.config)) }; // Add panels. @@ -357,6 +358,10 @@ return new SecuritySettingsPanel(this.config); } + private JPanel createPolicySettingsPanel() { + return new PolicyPanel(this.config); + } + private JPanel createJVMSettingsPanel() { return new JVMPanel(this.config); } diff --git a/netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java b/netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java new file mode 100644 --- /dev/null +++ b/netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java @@ -0,0 +1,135 @@ +package net.sourceforge.jnlp.controlpanel; + +import static net.sourceforge.jnlp.runtime.Translator.R; + +import java.awt.Component; +import java.awt.Dimension; +import java.awt.Frame; +import java.awt.GridBagConstraints; +import java.awt.GridBagLayout; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.io.File; +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; + +import javax.swing.Box; +import javax.swing.JButton; +import javax.swing.JDialog; +import javax.swing.JLabel; +import javax.swing.JOptionPane; +import javax.swing.JPanel; +import javax.swing.SwingUtilities; + +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.util.logging.OutputController; +import net.sourceforge.jnlp.util.FileUtils; +import sun.security.tools.policytool.PolicyTool; + +public class PolicyPanel extends NamedBorderPanel { + + public PolicyPanel(final DeploymentConfiguration config) { + super(R("CPHeadPolicy"), new GridBagLayout()); + addComponents(config); + } + + private void addComponents(final DeploymentConfiguration config) { + JLabel aboutLabel = new JLabel("" + R("CPPolicyDetail") + ""); + + final String fileUrlString = config.getProperty(DeploymentConfiguration.KEY_USER_SECURITY_POLICY); + JButton showUserPolicyButton = new JButton(R("CPButPolicy")); + showUserPolicyButton.addActionListener(new ViewPolicyButtonAction(fileUrlString)); + showUserPolicyButton.setToolTipText(R("CPPolicyTooltip", fileUrlString)); + + GridBagConstraints c = new GridBagConstraints(); + c.fill = GridBagConstraints.BOTH; + c.gridx = 1; + c.gridy = 0; + c.weightx = 1; + add(aboutLabel, c); + + c.fill = GridBagConstraints.NONE; + c.weighty = 0; + c.weightx = 0; + c.gridx = 1; + c.gridy++; + add(showUserPolicyButton, c); + + /* Keep all the elements at the top of the panel (Extra padding) */ + c.fill = GridBagConstraints.BOTH; + Component filler = Box.createRigidArea(new Dimension(1, 1)); + c.weighty = 1; + c.gridy++; + add(filler, c); + } + + /** + * Launch the policytool for a specified file path + * @param filePath the policy file path to be opened with policytool + */ + public static void launchPolicyTool(final String filePath) { + try { + final File policyFile = new File(filePath).getCanonicalFile(); + if (canOpenPolicyFile(policyFile)) { + PolicyTool.main(new String[] { "-file", policyFile.getPath() }); + } else { + showCouldNotOpenFileDialog(policyFile.getPath()); + } + } catch (IOException e) { + OutputController.getLogger().log(e); + showCouldNotOpenFileDialog(filePath); + } + } + + /** + * Verify that a given file object points to a real, accessible plain file. + * As a side effect, if the file is accessible but does not yet exist, it will be created + * as an empty plain file. + * @param policyFile the file to verify + * @throws IOException if the file is not accessible + */ + public static boolean canOpenPolicyFile(final File policyFile) throws IOException { + FileUtils.createParentDir(policyFile); + if (!policyFile.exists()) { + policyFile.createNewFile(); + } + return policyFile.isFile() && policyFile.canRead() && policyFile.canWrite(); + } + + /** + * Notify the user that the policy file could not be opened + * @param filePath the policy file we attempted to open + */ + public static void showCouldNotOpenFileDialog(final String filePath) { + OutputController.getLogger().log(OutputController.Level.ERROR_ALL, "Could not open user JNLP policy"); + JOptionPane.showMessageDialog(null, R("RCantOpenFile", filePath), R("Error"), JOptionPane.ERROR_MESSAGE); + } + + /* + * Implements the action to be performed when the "View Policy" button is clicked + */ + private class ViewPolicyButtonAction implements ActionListener { + private String fileUrlString; + + public ViewPolicyButtonAction(String fileUrlString) { + this.fileUrlString = fileUrlString; + } + + @Override + public void actionPerformed(ActionEvent event) { + try { + final URL fileUrl = new URL(fileUrlString); + new Thread(new Runnable() { + @Override + public void run() { + launchPolicyTool(fileUrl.getPath()); + } + }).start(); + } catch (MalformedURLException ex) { + OutputController.getLogger().log(ex); + showCouldNotOpenFileDialog(fileUrlString); + } + } + } +} diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties --- a/netx/net/sourceforge/jnlp/resources/Messages.properties +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties @@ -159,6 +159,7 @@ RCantReplaceSM=Changing the SecurityManager is not allowed. RCantCreateFile=Cant create file {0} RCantDeleteFile=Cant delete file {0} +RCantOpenFile=Could not open file {0} RRemoveRPermFailed=Removing read permission on file {0} failed RRemoveWPermFailed=Removing write permissions on file {0} failed RRemoveXPermFailed=Removing execute permissions on file {0} failed @@ -353,6 +354,8 @@ CPJVMNotokMessage2=You might be seeing this message because:
* Some validity tests have not been passed
* Non-OpenJDK is detected
With invalid JDK IcedTea-Web will probably not be able to start.
You will have to modify or remove {0} property in your configuration file {1}.
You should try to search for OpenJDK in your system or be sure you know what you are doing. CPJVMconfirmInvalidJdkTitle=Confirm invalid JDK CPJVMconfirmReset=Reset to default? +CPPolicyDetail=View or edit your user-level Java Policy File.
This allows you to grant or deny runtime permissions to
applets regardless of the standard security sandboxing rules. +CPPolicyTooltip=Open {0} in policy editor # Control Panel - Buttons CPButAbout=About... @@ -360,6 +363,7 @@ CPButSettings=Settings... CPButView=View... CPButCertificates=Certificates... +CPButPolicy=View Policy # Control Panel - Headers CPHead=IcedTea-Web Control Panel @@ -372,6 +376,7 @@ CPHeadDesktopIntegration=\u00a0Desktop\u00a0Integrations\u00a0 CPHeadSecurity=\u00a0Security\u00a0Settings\u00a0 CPHeadJVMSettings=\u00a0JVM\u00a0Settings\u00a0 +CPHeadPolicy=\u00a0Custom\u00a0Policy\u00a0Settings\u00a0 # Control Panel - Tabs CPTabAbout=About IcedTea-Web @@ -384,6 +389,7 @@ CPTabRuntimes=Runtimes CPTabSecurity=Security CPTabJVMSettings=JVM Settings +CPTabPolicy=Policy Settings # Control Panel - AboutPanel CPAboutInfo=This is the control panel for setting deployments.properties.
Not all options will take effect until implemented.
The use of multiple JREs is currently limited to OpenJDK.