--- /dev/null
+// httpdSecurityManager.java\r
+// $Id: httpdSecurityManager.java,v 1.1 2010/06/15 12:21:58 smhuang Exp $\r
+// (c) COPYRIGHT MIT and INRIA, 1996.\r
+// Please first read the full copyright statement in file COPYRIGHT.html\r
+\r
+package org.w3c.jigsaw.http ;\r
+\r
+/**\r
+ * The <b>jhttpd</b> security manager. \r
+ * You really need this if you plan to accept agent execution on your server.\r
+ * Although, in next versions, the security manager may be used to limit\r
+ * your server users in what entities they can export.\r
+ * <p>Add the <b>-s</b> command line argument to <b>jhttpd</b> invocation to \r
+ * set the security manager to an instance of this class.\r
+ */\r
+\r
+public class httpdSecurityManager extends SecurityManager {\r
+ /**\r
+ * Name of the property indicating if agents are allowed to accept().\r
+ * When <strong>true</strong>, this property indicates that agents are\r
+ * allowed to use the <em>accept</em> method of ServerSockets.\r
+ * <p>This property defaults to <strong>false</strong>.\r
+ */\r
+ public static final String SM_AGENT_ACCEPT_P = "org.w3c.jigsaw.security.agent.accept";\r
+ /**\r
+ * Name of the property indicating if agents are allowed to write().\r
+ * When <strong>true</strong>, this property indicates that agents\r
+ * are allowed to use the <em>write</em> method of output streams.\r
+ * <p>This property defaults to <strong>false</strong>.\r
+ */\r
+ public static final String SM_AGENT_WRITE_P = "org.w3c.jigsaw.security.write";\r
+ /**\r
+ * Name of the property indicating if security maneger is debuged.\r
+ * When <strong>true</strong> this property makes the security manager\r
+ * emits debugging traces.\r
+ * <p>This property defaults to <strong>false</strong>.\r
+ */\r
+ public static final String SM_DEBUG_P = "org.w3c.jigsaw.debug" ;\r
+\r
+ private static boolean debug = false ;\r
+ private static boolean agent_accept = false ;\r
+ private static boolean agent_write = false ;\r
+\r
+ static {\r
+ // Get properties:\r
+ agent_accept = Boolean.getBoolean (SM_AGENT_ACCEPT_P) ;\r
+ agent_write = Boolean.getBoolean (SM_AGENT_WRITE_P) ;\r
+ debug = Boolean.getBoolean (SM_DEBUG_P) ;\r
+ }\r
+\r
+ protected final boolean inAgent () {\r
+// ClassLoader loader = currentClassLoader() ;\r
+// Agent are not available yet with new Jigsaw design\r
+// if ( loader == null ) {\r
+// return false ;\r
+// } else if ( loader instanceof org.w3c.jigsaw.agent.AgentClassLoader ) {\r
+// return true ;\r
+// } else {\r
+// throw new SecurityException ("Unknown class loader: " + loader) ;\r
+// }\r
+ return false ;\r
+ }\r
+\r
+ protected void trace (String msg) {\r
+ if ( inAgent() )\r
+ System.out.println ("[agent-security] " + msg) ;\r
+ else\r
+ System.out.println ("[httpd-security] " + msg) ;\r
+ }\r
+\r
+ public void checkAccept (String host, int port) {\r
+ if ( debug )\r
+ trace ("checkAccept: " + host + "@" + port) ;\r
+ if ( inAgent() && ( ! agent_accept ) )\r
+ throw new SecurityException() ;\r
+ return ;\r
+ }\r
+\r
+ public void checkAccess (Thread thr) {\r
+ if ( debug )\r
+ trace ("checkAccess: " + thr.getName()) ;\r
+ if ( inAgent() )\r
+ throw new SecurityException ("Access denied to agents.") ;\r
+ return ;\r
+ }\r
+\r
+ public void checkCreateClassLoader () {\r
+ if ( debug )\r
+ trace ("checkCreateClassLoader.") ;\r
+ if ( inAgent() )\r
+ throw new SecurityException ("createClassLoader denied to agents.");\r
+ return ;\r
+ }\r
+\r
+ public void checkListen (int port) {\r
+ if ( debug )\r
+ trace ("checkListen: " + port) ;\r
+ if ( inAgent() )\r
+ throw new SecurityException ("Listen denied to agents.");\r
+ return ;\r
+ }\r
+\r
+ public void checkPropertiesAccess () {\r
+ if ( debug )\r
+ trace ("checkPropertiesAccess.") ;\r
+ if ( inAgent() ) \r
+ throw new SecurityException ("Properties denied to agents") ;\r
+ return ;\r
+ }\r
+\r
+ public void checkRead (String file) {\r
+ if ( debug )\r
+ trace ("checkRead: " + file) ;\r
+ if ( inAgent() )\r
+ throw new SecurityException ("Read(file) denied to agents.");\r
+\r
+ return ;\r
+ }\r
+\r
+ public void checkRead (int fd) {\r
+ if ( debug ) \r
+ trace ("checkRead: " + fd) ;\r
+ if ( inAgent() )\r
+ throw new SecurityException ("Read(fd) denied to agents.");\r
+ return ;\r
+ }\r
+\r
+ public void checkWrite (int fd) {\r
+ if ( debug )\r
+ trace ("checkWrite: " + fd) ;\r
+ if ( inAgent() )\r
+ throw new SecurityException ("Write(fd) denied to agents.");\r
+ return ;\r
+ }\r
+\r
+ public void checkWrite (String file) {\r
+ if ( debug )\r
+ trace ("checkWrite: " + file) ;\r
+ if ( inAgent() && ( ! agent_write) )\r
+ throw new SecurityException ("write(file) denied to agents.") ;\r
+ return ;\r
+ }\r
+\r
+}\r