75 * <i>policy.url.1</i>, <i>policy.url.2</i>, ..., |
75 * <i>policy.url.1</i>, <i>policy.url.2</i>, ..., |
76 * <i>policy.url.X</i>" and |
76 * <i>policy.url.X</i>" and |
77 * <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ..., |
77 * <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ..., |
78 * <i>auth.policy.url.X</i>". These properties are set |
78 * <i>auth.policy.url.X</i>". These properties are set |
79 * in the Java security properties file, which is located in the file named |
79 * in the Java security properties file, which is located in the file named |
80 * <JAVA_HOME>/lib/security/java.security. |
80 * <JAVA_HOME>/conf/security/java.security. |
81 * <JAVA_HOME> refers to the value of the java.home system property, |
81 * <JAVA_HOME> refers to the value of the java.home system property, |
82 * and specifies the directory where the JRE is installed. |
82 * and specifies the directory where the JRE is installed. |
83 * Each property value specifies a <code>URL</code> pointing to a |
83 * Each property value specifies a <code>URL</code> pointing to a |
84 * policy file to be loaded. Read in and load each policy. |
84 * policy file to be loaded. Read in and load each policy. |
85 * |
85 * |
316 * loop through the Security Properties named "policy.url.1", |
316 * loop through the Security Properties named "policy.url.1", |
317 * ""policy.url.2", "auth.policy.url.1", "auth.policy.url.2" etc, until |
317 * ""policy.url.2", "auth.policy.url.1", "auth.policy.url.2" etc, until |
318 * you don't find one. Each of these specify a policy file. |
318 * you don't find one. Each of these specify a policy file. |
319 * |
319 * |
320 * if none of these could be loaded, use a builtin static policy |
320 * if none of these could be loaded, use a builtin static policy |
321 * equivalent to the default lib/security/java.policy file. |
321 * equivalent to the default conf/security/java.policy file. |
322 * |
322 * |
323 * if the system property "java.policy" or "java.auth.policy" is defined |
323 * if the system property "java.policy" or "java.auth.policy" is defined |
324 * (which is the |
324 * (which is the |
325 * case when the user uses the -D switch at runtime), and |
325 * case when the user uses the -D switch at runtime), and |
326 * its use is allowed by the security property file, |
326 * its use is allowed by the security property file, |
466 |
466 |
467 /** |
467 /** |
468 * Caller did not specify URL via Policy.getInstance. |
468 * Caller did not specify URL via Policy.getInstance. |
469 * Read from URLs listed in the java.security properties file. |
469 * Read from URLs listed in the java.security properties file. |
470 * |
470 * |
471 * We call initPolicyFile with POLICY , POLICY_URL and then |
471 * We call initPolicyFile with POLICY, POLICY_URL and then |
472 * call it with AUTH_POLICY and AUTH_POLICY_URL |
472 * call it with AUTH_POLICY and AUTH_POLICY_URL |
473 * So first we will process the JAVA standard policy |
473 * So first we will process the JAVA standard policy |
474 * and then process the JAVA AUTH Policy. |
474 * and then process the JAVA AUTH Policy. |
475 * This is for backward compatibility as well as to handle |
475 * This is for backward compatibility as well as to handle |
476 * cases where the user has a single unified policyfile |
476 * cases where the user has a single unified policyfile |
707 SecurityConstants.PROPERTY_READ_ACTION)); |
707 SecurityConstants.PROPERTY_READ_ACTION)); |
708 |
708 |
709 // No need to sync because noone has access to newInfo yet |
709 // No need to sync because noone has access to newInfo yet |
710 newInfo.policyEntries.add(pe); |
710 newInfo.policyEntries.add(pe); |
711 |
711 |
712 // Add AllPermissions for standard extensions |
|
713 String[] extCodebases = PolicyParser.parseExtDirs( |
|
714 PolicyParser.EXTDIRS_EXPANSION, 0); |
|
715 if (extCodebases != null && extCodebases.length > 0) { |
|
716 for (int i = 0; i < extCodebases.length; i++) { |
|
717 try { |
|
718 pe = new PolicyEntry(canonicalizeCodebase( |
|
719 new CodeSource(new URL(extCodebases[i]), |
|
720 (Certificate[]) null), false )); |
|
721 pe.add(SecurityConstants.ALL_PERMISSION); |
|
722 |
|
723 // No need to sync because noone has access to |
|
724 // newInfo yet |
|
725 newInfo.policyEntries.add(pe); |
|
726 } catch (Exception e) { |
|
727 // this is probably bad (though not dangerous). |
|
728 // What should we do? |
|
729 } |
|
730 } |
|
731 } |
|
732 return null; |
712 return null; |
733 } |
713 } |
734 }); |
714 }); |
735 } |
715 } |
736 |
716 |