001: /*
002:
003: Licensed to the Apache Software Foundation (ASF) under one or more
004: contributor license agreements. See the NOTICE file distributed with
005: this work for additional information regarding copyright ownership.
006: The ASF licenses this file to You under the Apache License, Version 2.0
007: (the "License"); you may not use this file except in compliance with
008: the License. You may obtain a copy of the License at
009:
010: http://www.apache.org/licenses/LICENSE-2.0
011:
012: Unless required by applicable law or agreed to in writing, software
013: distributed under the License is distributed on an "AS IS" BASIS,
014: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: See the License for the specific language governing permissions and
016: limitations under the License.
017:
018: */
019: package org.apache.batik.bridge;
020:
021: import java.net.URL;
022: import java.net.URLClassLoader;
023: import java.security.CodeSource;
024: import java.security.cert.Certificate;
025: import java.security.Permission;
026: import java.security.PermissionCollection;
027: import java.security.Policy;
028: import java.util.Enumeration;
029:
030: /**
031: * This <tt>ClassLoader</tt> implementation only grants permission to
032: * connect back to the server from where the document referencing the
033: * jar file was loaded.
034: *
035: * A <tt>URLClassLoader</tt> extension is needed in case the user
036: * allows linked jar files to come from a different origin than
037: * the document referencing them.
038: *
039: * @author <a mailto="vincent.hardy@sun.com">Vincent Hardy</a>
040: * @version $Id: DocumentJarClassLoader.java 475685 2006-11-16 11:16:05Z cam $
041: */
042: public class DocumentJarClassLoader extends URLClassLoader {
043: /**
044: * CodeSource for the Document which referenced the Jar file
045: * @see #getPermissions
046: */
047: protected CodeSource documentCodeSource = null;
048:
049: /**
050: * Constructor
051: */
052: public DocumentJarClassLoader(URL jarURL, URL documentURL) {
053: super (new URL[] { jarURL });
054:
055: if (documentURL != null) {
056: documentCodeSource = new CodeSource(documentURL,
057: (Certificate[]) null);
058: }
059: }
060:
061: /**
062: * Returns the permissions for the given codesource object.
063: * The implementation of this method first gets the permissions
064: * granted by the policy, and then adds additional permissions
065: * based on the URL of the codesource.
066: * <p>
067: * Then, if the documentURL passed at construction time is
068: * not null, the permissions granted to that URL are added.
069: *
070: * As a result, the jar file code will only be able to
071: * connect to the server which served the document.
072: *
073: * @param codesource the codesource
074: * @return the permissions granted to the codesource
075: */
076: protected PermissionCollection getPermissions(CodeSource codesource) {
077: // First, get the permissions which may be granted
078: // through the policy file(s)
079: Policy p = Policy.getPolicy();
080:
081: PermissionCollection pc = null;
082: if (p != null) {
083: pc = p.getPermissions(codesource);
084: }
085:
086: // Now, add permissions if the documentCodeSource is not null
087: if (documentCodeSource != null) {
088: PermissionCollection urlPC = super
089: .getPermissions(documentCodeSource);
090:
091: if (pc != null) {
092: Enumeration items = urlPC.elements();
093: while (items.hasMoreElements()) {
094: pc.add((Permission) (items.nextElement()));
095: }
096: } else {
097: pc = urlPC;
098: }
099: }
100:
101: return pc;
102: }
103: }
|