@@ -1,7 +1,7 @@ // Example policy file for Helma NG -// Run Helma with the following flags to activate this: -// java -Dhelma.home=... -Djava.security.manager -Djava.security.policy=file:/.../lib/helma.policy -// replacing "..." with the location of your Helma NG installation. +// Run Helma with the -p or --policy option to activate this: +// helma -p file:/.../helma.policy +// replacing "..." with the absolute path of the policy file. // // The following URLs provide more information: // http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html lib/helma.policy @@ -70,7 +70,7 @@ public class HelmaContextFactory extends ContextFactory { cx.setWrapFactory(engine.wrapFactory); cx.setLanguageVersion(languageVersion); cx.setOptimizationLevel(optimizationLevel); - if (engine.useSecurity()) { + if (engine.isPolicyEnabled()) { cx.setSecurityController(new PolicySecurityController()); } if (errorReporter != null) { src/org/helma/javascript/HelmaContextFactory.java @@ -107,7 +107,7 @@ public class ReloadableScript { Resource resource = (Resource) source; try { exception = null; - CodeSource source = engine.useSecurity() ? + CodeSource source = engine.isPolicyEnabled() ? new CodeSource(resource.getUrl(), (CodeSigner[]) null) : null; script = cx.compileReader(resource.getReader(), resource.getRelativePath(), 1, source); } catch (Exception x) { @@ -137,7 +137,7 @@ public class ReloadableScript { exception = null; for (Resource res: resources) { if (res.getName().endsWith(".js")) { - CodeSource source = engine.useSecurity() ? + CodeSource source = engine.isPolicyEnabled() ? new CodeSource(res.getUrl(), (CodeSigner[]) null) : null; scripts.add(cx.compileReader(res.getReader(), res.getRelativePath(), 1, source)); } src/org/helma/javascript/ReloadableScript.java @@ -453,9 +453,10 @@ public class RhinoEngine { return new RhinoEngine(sandbox, globals); } - protected boolean useSecurity() { - // TODO this is just a hack to disable security on google app engine - return System.getProperty("java.security.manager") != null; + protected boolean isPolicyEnabled() { + // only use security when helma runs standalone with default security manager, + // not with google app engine + return config.isPolicyEnabled(); } private ReloadableScript getCurrentScript(Context cx) { src/org/helma/javascript/RhinoEngine.java @@ -44,6 +44,7 @@ public class HelmaConfiguration { private HelmaClassLoader loader; private ClassShutter classShutter = null; private boolean sealed = false; + private boolean policyEnabled = false; /** * Create a new Helma configuration and sets up its module search path. @@ -319,6 +320,14 @@ public class HelmaConfiguration { this.sealed = sealed; } + public boolean isPolicyEnabled() { + return policyEnabled; + } + + public void setPolicyEnabled(boolean hasPolicy) { + this.policyEnabled = hasPolicy; + } + private Logger getLogger() { return Logger.getLogger("org.helma.tools"); } src/org/helma/tools/HelmaConfiguration.java @@ -55,12 +55,14 @@ public class HelmaRunner { } else if ("--debug".equals(arg) || "-d".equals(arg)) { debug = true; } else if ("--optlevel".equals(arg) || "-o".equals(arg)) { - optlevel = Integer.parseInt(args[i+1]); + optlevel = Integer.parseInt(args[++i]); if (optlevel < -1 || optlevel > 9) { throw new IllegalArgumentException( arg + " value must be between -1 and 9"); } - i += 1; + } else if ("--policy".equals(arg) || "-p".equals(arg)) { + System.setProperty("java.security.policy", args[++i]); + System.setSecurityManager(new SecurityManager()); } else { printUsage(); System.exit(1); @@ -91,6 +93,7 @@ public class HelmaRunner { public void start() { try { HelmaConfiguration config = new HelmaConfiguration(home, modulePath, "modules"); + config.setPolicyEnabled(System.getProperty("java.security.policy") != null); config.addScriptRepository(scriptName); if (optlevel >= -1) { config.setOptLevel(optlevel); @@ -124,5 +127,6 @@ public class HelmaRunner { System.out.println(" -h, --help : Display this help message"); System.out.println(" -i, --interactive : Start shell after script file has run"); System.out.println(" -o, --optlevel n : Set Rhino optimization level (-1 to 9)"); + System.out.println(" -p, --policy url : Set java policy file and enable security manager"); } } src/org/helma/tools/HelmaRunner.java 8077ce9636d33d1ce678f52698470b4d5316841c Hannes Wallnöfer hannesw@gmail.com http://github.com/hns/helma-ng/commit/ddc2e02b32a554f9609b99c9bccb68203fc42a49 ddc2e02b32a554f9609b99c9bccb68203fc42a49 2009-06-23T15:53:06-07:00 2009-06-23T15:53:06-07:00 Make it easier to run Helma with policy by adding a -p/--policy command line option. 9bb6b99a27b6294db50756acdf8051fdaa32dc16 Hannes Wallnöfer hannesw@gmail.com