Methods Summary |
---|
public void | add(com.sun.enterprise.security.provider.PolicyParser$GrantEntry ge)
grantEntries.addElement(ge);
|
private java.lang.String | expand(java.lang.String value)
return expand(value, false);
|
private java.lang.String | expand(java.lang.String value, boolean encodeURL)
if (!expandProp) {
return value;
} else {
return PropertyExpander.expand(value, encodeURL);
}
|
public java.lang.String | getKeyStoreProvider()
return keyStoreProvider;
|
public java.lang.String | getKeyStoreType()
return keyStoreType;
|
public java.lang.String | getKeyStoreUrl()Returns the (possibly expanded) keystore location, or null if the
expansion fails.
try {
if (keyStoreUrlString!=null && keyStoreUrlString.length()!=0) {
return expand(keyStoreUrlString, true).replace
(File.separatorChar, '/");
}
} catch (PropertyExpander.ExpandException peee) {
if (debug != null) {
debug.println(peee.toString());
}
return null;
}
return null;
|
public java.lang.String | getStorePassURL()
try {
if (storePassURL!=null && storePassURL.length()!=0) {
return expand(storePassURL, true).replace
(File.separatorChar, '/");
}
} catch (PropertyExpander.ExpandException peee) {
if (debug != null) {
debug.println(peee.toString());
}
return null;
}
return null;
|
public java.util.Enumeration | grantElements()Enumerate all the entries in the global policy object.
This method is used by policy admin tools. The tools
should use the Enumeration methods on the returned object
to fetch the elements sequentially.
return grantEntries.elements();
|
public static void | main(java.lang.String[] arg)
PolicyParser pp = new PolicyParser(true);
pp.read(new FileReader(arg[0]));
FileWriter fr = new FileWriter(arg[1]);
pp.write(fr);
fr.close();
|
private java.lang.String | match(java.lang.String expect)
String value = null;
switch (lookahead) {
case StreamTokenizer.TT_NUMBER:
throw new ParsingException(st.lineno(), expect,
ResourcesMgr.getString("number ") +
String.valueOf(st.nval));
case StreamTokenizer.TT_EOF:
MessageFormat form = new MessageFormat(
ResourcesMgr.getString
("expected [expect], read [end of file]"));
Object[] source = {expect};
throw new ParsingException(form.format(source));
case StreamTokenizer.TT_WORD:
if (expect.equalsIgnoreCase(st.sval)) {
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("permission type")) {
value = st.sval;
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("principal type")) {
value = st.sval;
lookahead = st.nextToken();
} else {
throw new ParsingException(st.lineno(), expect,
st.sval);
}
break;
case '"":
if (expect.equalsIgnoreCase("quoted string")) {
value = st.sval;
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("permission type")) {
value = st.sval;
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("principal type")) {
value = st.sval;
lookahead = st.nextToken();
} else {
throw new ParsingException(st.lineno(), expect, st.sval);
}
break;
case ',":
if (expect.equalsIgnoreCase(","))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, ",");
break;
case '{":
if (expect.equalsIgnoreCase("{"))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, "{");
break;
case '}":
if (expect.equalsIgnoreCase("}"))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, "}");
break;
case ';":
if (expect.equalsIgnoreCase(";"))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, ";");
break;
case '*":
if (expect.equalsIgnoreCase("*"))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, "*");
break;
default:
throw new ParsingException(st.lineno(), expect,
new String(new char[] {(char)lookahead}));
}
return value;
|
static java.lang.String[] | parseExtDirs(java.lang.String codebase, int start)
String s = System.getProperty(EXTDIRS_PROPERTY);
String globalPrefix = (start > 0 ? codebase.substring(0, start) : "file:");
int end = start + EXTDIRS_EXPANSION.length();
String globalSuffix = (end < codebase.length() ? codebase.substring(end) :
(String) null);
String[] dirs = null;
String localSuffix;
if (s != null) {
StringTokenizer st =
new StringTokenizer(s, File.pathSeparator);
int count = st.countTokens();
dirs = new String[count];
for (int i = 0; i < count; i++) {
File file = new File(st.nextToken());
dirs[i] = sun.net.www.ParseUtil.encodePath
(file.getAbsolutePath());
if (!dirs[i].startsWith("/")) {
dirs[i] = "/" + dirs[i];
}
localSuffix = (globalSuffix == null ?
(dirs[i].endsWith("/") ? "*" : "/*") :
globalSuffix);
dirs[i] = globalPrefix + dirs[i] + localSuffix;
}
}
return dirs;
|
private com.sun.enterprise.security.provider.PolicyParser$GrantEntry | parseGrantEntry()parse a Grant entry
GrantEntry e = new GrantEntry();
LinkedList principals = null;
boolean ignoreEntry = false;
match("grant");
while(!peek("{")) {
if (peekAndMatch("Codebase")) {
if (e.codeBase != null)
throw new ParsingException(
st.lineno(),
ResourcesMgr.getString
("multiple Codebase expressions"));
e.codeBase = match("quoted string");
peekAndMatch(",");
} else if (peekAndMatch("SignedBy")) {
if (e.signedBy != null)
throw new ParsingException(
st.lineno(),
ResourcesMgr.getString(
"multiple SignedBy expressions"));
e.signedBy = match("quoted string");
// verify syntax of the aliases
StringTokenizer aliases = new StringTokenizer(e.signedBy,
",", true);
int actr = 0;
int cctr = 0;
while (aliases.hasMoreTokens()) {
String alias = aliases.nextToken().trim();
if (alias.equals(","))
cctr++;
else if (alias.length() > 0)
actr++;
}
if (actr <= cctr)
throw new ParsingException(
st.lineno(),
ResourcesMgr.getString(
"SignedBy has empty alias"));
peekAndMatch(",");
} else if (peekAndMatch("Principal")) {
if (principals == null) {
principals = new LinkedList();
}
String principalClass;
String principalName;
if (peek("\"")) {
// both the principalClass and principalName
// will be replaced later
principalClass = REPLACE_NAME;
principalName = match("principal type");
} else {
// check for principalClass wildcard
if (peek("*")) {
match("*");
principalClass = PrincipalEntry.WILDCARD_CLASS;
} else {
principalClass = match("principal type");
}
// check for principalName wildcard
if (peek("*")) {
match("*");
principalName = PrincipalEntry.WILDCARD_NAME;
} else {
principalName = match("quoted string");
}
// disallow WILDCARD_CLASS && actual name
if (principalClass.equals(PrincipalEntry.WILDCARD_CLASS) &&
!principalName.equals(PrincipalEntry.WILDCARD_NAME)) {
if (debug != null) {
debug.println("disallowing principal that " +
"has WILDCARD class but no WILDCARD name");
}
throw new ParsingException
(st.lineno(),
ResourcesMgr.getString
("can not specify Principal with a " +
"wildcard class without a wildcard name"));
}
}
try {
principalName = expand(principalName);
if (principalClass.equals
("javax.security.auth.x500.X500Principal") &&
!principalName.equals(PrincipalEntry.WILDCARD_NAME)) {
// 4702543: X500 names with an EmailAddress
// were encoded incorrectly. construct a new
// X500Principal with correct encoding.
X500Principal p = new X500Principal
((new X500Principal(principalName)).toString());
principalName = p.getName();
}
principals.add
(new PrincipalEntry(principalClass, principalName));
} catch (PropertyExpander.ExpandException peee) {
// ignore the entire policy entry
// but continue parsing all the info
// so we can get to the next entry
if (debug != null) {
debug.println("principal name expansion failed: " +
principalName);
}
ignoreEntry = true;
}
peekAndMatch(",");
} else {
throw new ParsingException(st.lineno(),
ResourcesMgr.getString(
"expected codeBase or SignedBy or " +
"Principal"));
}
}
if (principals != null) e.principals = principals;
match("{");
while(!peek("}")) {
if (peek("Permission")) {
try {
PermissionEntry pe = parsePermissionEntry();
e.add(pe);
} catch (PropertyExpander.ExpandException peee) {
// ignore. The add never happened
if (debug != null) {
debug.println(peee.toString());
}
skipEntry(); // BugId 4219343
}
match(";");
} else {
throw new
ParsingException(st.lineno(),
ResourcesMgr.getString(
"expected permission entry"));
}
}
match("}");
try {
if (e.signedBy != null) e.signedBy = expand(e.signedBy);
if (e.codeBase != null) {
// For backward compatibility with 1.4
if (e.codeBase.equals(OLD_EXTDIRS_EXPANSION)) {
e.codeBase = EXTDIRS_EXPANSION;
}
int es;
if ((es=e.codeBase.indexOf(EXTDIRS_EXPANSION)) < 0) {
e.codeBase = expand(e.codeBase, true).replace
(File.separatorChar, '/");
} else {
// expand the system property "java.ext.dirs",
// parse it into its path components,
// and then create a grant entry for each component
String[] extDirs = parseExtDirs(e.codeBase, es);
if (extDirs != null && extDirs.length > 0) {
for (int i = 0; i < extDirs.length; i++) {
GrantEntry newGe = (GrantEntry)e.clone();
newGe.codeBase = extDirs[i];
add(newGe);
if (debug != null) {
debug.println("creating policy entry for " +
"expanded java.ext.dirs path:\n\t\t" +
extDirs[i]);
}
}
}
ignoreEntry = true;
}
}
} catch (PropertyExpander.ExpandException peee) {
if (debug != null) {
debug.println(peee.toString());
}
return null;
}
return (ignoreEntry == true) ? null : e;
|
private void | parseKeyStoreEntry()parses a keystore entry
match("keystore");
keyStoreUrlString = match("quoted string");
// parse keystore type
if (!peek(",")) {
return; // default type
}
match(",");
if (peek("\"")) {
keyStoreType = match("quoted string");
} else {
throw new ParsingException(st.lineno(),
ResourcesMgr.getString("expected keystore type"));
}
// parse keystore provider
if (!peek(",")) {
return; // provider optional
}
match(",");
if (peek("\"")) {
keyStoreProvider = match("quoted string");
} else {
throw new ParsingException(st.lineno(),
ResourcesMgr.getString("expected keystore provider"));
}
|
private com.sun.enterprise.security.provider.PolicyParser$PermissionEntry | parsePermissionEntry()parse a Permission entry
PermissionEntry e = new PermissionEntry();
// Permission
match("Permission");
e.permission = match("permission type");
if (peek("\"")) {
// Permission name
e.name = expand(match("quoted string"));
}
if (!peek(",")) {
return e;
}
match(",");
if (peek("\"")) {
e.action = expand(match("quoted string"));
if (!peek(",")) {
return e;
}
match(",");
}
if (peekAndMatch("SignedBy")) {
e.signedBy = expand(match("quoted string"));
}
return e;
|
private void | parseStorePassURL()
match("keyStorePasswordURL");
storePassURL = match("quoted string");
|
private boolean | peek(java.lang.String expect)
boolean found = false;
switch (lookahead) {
case StreamTokenizer.TT_WORD:
if (expect.equalsIgnoreCase(st.sval))
found = true;
break;
case ',":
if (expect.equalsIgnoreCase(","))
found = true;
break;
case '{":
if (expect.equalsIgnoreCase("{"))
found = true;
break;
case '}":
if (expect.equalsIgnoreCase("}"))
found = true;
break;
case '"":
if (expect.equalsIgnoreCase("\""))
found = true;
break;
case '*":
if (expect.equalsIgnoreCase("*"))
found = true;
break;
default:
}
return found;
|
private boolean | peekAndMatch(java.lang.String expect)
if (peek(expect)) {
match(expect);
return true;
} else {
return false;
}
|
public void | read(java.io.Reader policy)Reads a policy configuration into the Policy object using a
Reader object.
if (!(policy instanceof BufferedReader)) {
policy = new BufferedReader(policy);
}
/**
* Configure the stream tokenizer:
* Recognize strings between "..."
* Don't convert words to lowercase
* Recognize both C-style and C++-style comments
* Treat end-of-line as white space, not as a token
*/
st = new StreamTokenizer(policy);
st.resetSyntax();
st.wordChars('a", 'z");
st.wordChars('A", 'Z");
st.wordChars('.", '.");
st.wordChars('0", '9");
st.wordChars('_", '_");
st.wordChars('$", '$");
st.wordChars(128 + 32, 255);
st.whitespaceChars(0, ' ");
st.commentChar('/");
st.quoteChar('\'");
st.quoteChar('"");
st.lowerCaseMode(false);
st.ordinaryChar('/");
st.slashSlashComments(true);
st.slashStarComments(true);
/**
* The main parsing loop. The loop is executed once
* for each entry in the config file. The entries
* are delimited by semicolons. Once we've read in
* the information for an entry, go ahead and try to
* add it to the policy vector.
*
*/
lookahead = st.nextToken();
while (lookahead != StreamTokenizer.TT_EOF) {
if (peek("grant")) {
GrantEntry ge = parseGrantEntry();
// could be null if we couldn't expand a property
if (ge != null)
add(ge);
} else if (peek("keystore") && keyStoreUrlString==null) {
// only one keystore entry per policy file, others will be
// ignored
parseKeyStoreEntry();
} else if (peek("keystorePasswordURL") && storePassURL==null) {
// only one keystore passwordURL per policy file, others will be
// ignored
parseStorePassURL();
} else {
// error?
}
match(";");
}
if (keyStoreUrlString == null && storePassURL != null) {
throw new ParsingException(ResourcesMgr.getString
("keystorePasswordURL can not be specified without also " +
"specifying keystore"));
}
|
public boolean | remove(com.sun.enterprise.security.provider.PolicyParser$GrantEntry ge)
return grantEntries.removeElement(ge);
|
public void | replace(com.sun.enterprise.security.provider.PolicyParser$GrantEntry origGe, com.sun.enterprise.security.provider.PolicyParser$GrantEntry newGe)
grantEntries.setElementAt(newGe, grantEntries.indexOf(origGe));
|
public void | setKeyStoreProvider(java.lang.String provider)
keyStoreProvider = provider;
|
public void | setKeyStoreType(java.lang.String type)
keyStoreType = type;
|
public void | setKeyStoreUrl(java.lang.String url)
keyStoreUrlString = url;
|
public void | setStorePassURL(java.lang.String storePassURL)
this.storePassURL = storePassURL;
|
private void | skipEntry()skip all tokens for this entry leaving the delimiter ";"
in the stream.
while(lookahead != ';") {
switch (lookahead) {
case StreamTokenizer.TT_NUMBER:
throw new ParsingException(st.lineno(), ";",
ResourcesMgr.getString("number ") +
String.valueOf(st.nval));
case StreamTokenizer.TT_EOF:
throw new ParsingException(ResourcesMgr.getString
("expected [;], read [end of file]"));
default:
lookahead = st.nextToken();
}
}
|
public void | write(java.io.Writer policy)write out the policy
PrintWriter out = new PrintWriter(new BufferedWriter(policy));
Enumeration enum_ = grantElements();
out.println("/* AUTOMATICALLY GENERATED ON "+
(new java.util.Date()) + "*/");
out.println("/* DO NOT EDIT */");
out.println();
// write the (unexpanded) keystore entry as the first entry of the
// policy file
if (keyStoreUrlString != null) {
writeKeyStoreEntry(out);
}
if (storePassURL != null) {
writeStorePassURL(out);
}
// write "grant" entries
while (enum_.hasMoreElements()) {
GrantEntry ge = (GrantEntry) enum_.nextElement();
ge.write(out);
out.println();
}
out.flush();
|
private void | writeKeyStoreEntry(java.io.PrintWriter out)writes the (unexpanded) keystore entry
out.print("keystore \"");
out.print(keyStoreUrlString);
out.print('"");
if (keyStoreType != null && keyStoreType.length() > 0)
out.print(", \"" + keyStoreType + "\"");
if (keyStoreProvider != null && keyStoreProvider.length() > 0)
out.print(", \"" + keyStoreProvider + "\"");
out.println(";");
out.println();
|
private void | writeStorePassURL(java.io.PrintWriter out)
out.print("keystorePasswordURL \"");
out.print(storePassURL);
out.print('"");
out.println(";");
out.println();
|