KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > batik > bridge > DefaultScriptSecurity


1 /*
2
3    Copyright 2002 The Apache Software Foundation
4
5    Licensed under the Apache License, Version 2.0 (the "License");
6    you may not use this file except in compliance with the License.
7    You may obtain a copy of the License at
8
9        http://www.apache.org/licenses/LICENSE-2.0
10
11    Unless required by applicable law or agreed to in writing, software
12    distributed under the License is distributed on an "AS IS" BASIS,
13    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14    See the License for the specific language governing permissions and
15    limitations under the License.
16
17  */
18 package org.apache.batik.bridge;
19
20 import org.apache.batik.util.ParsedURL;
21
22 /**
23  * Default implementation for the <tt>ScriptSecurity</tt> interface.
24  * It allows all types of scripts to be loaded, but only if they
25  * come from the same server as the document they are included into.
26  *
27  * @author <a HREF="mailto:vhardy@apache.org">Vincent Hardy</a>
28  * @version $Id: DefaultScriptSecurity.java,v 1.6 2004/08/18 07:12:31 vhardy Exp $
29  */
30 public class DefaultScriptSecurity implements ScriptSecurity {
31     public static final String JavaDoc DATA_PROTOCOL = "data";
32     /**
33      * Message when trying to load a script file and the Document
34      * does not have a URL
35      */
36     public static final String JavaDoc ERROR_CANNOT_ACCESS_DOCUMENT_URL
37         = "DefaultScriptSecurity.error.cannot.access.document.url";
38
39     /**
40      * Message when trying to load a script file from a server
41      * different than the one of the document.
42      */
43     public static final String JavaDoc ERROR_SCRIPT_FROM_DIFFERENT_URL
44         = "DefaultScriptSecurity.error.script.from.different.url";
45
46     /**
47      * The exception is built in the constructor and thrown if
48      * not null and the checkLoadScript method is called.
49      */
50     protected SecurityException JavaDoc se;
51
52     /**
53      * Controls whether the script should be loaded or not.
54      *
55      * @throws SecurityException if the script should not be loaded.
56      */
57     public void checkLoadScript(){
58         if (se != null) {
59             throw se;
60         }
61     }
62
63     /**
64      * @param scriptType type of script, as found in the
65      * type attribute of the &lt;script&gt; element.
66      * @param scriptURL url for the script, as defined in
67      * the script's xlink:href attribute. If that
68      * attribute was empty, then this parameter should
69      * be null
70      * @param docURL url for the document into which the
71      * script was found.
72      */
73     public DefaultScriptSecurity(String JavaDoc scriptType,
74                                  ParsedURL scriptURL,
75                                  ParsedURL docURL){
76         // Make sure that the archives comes from the same host
77 // as the document itself
78 if (docURL == null) {
79             se = new SecurityException JavaDoc
80                 (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
81                                         new Object JavaDoc[]{scriptURL}));
82         } else {
83             String JavaDoc docHost = docURL.getHost();
84             String JavaDoc scriptHost = scriptURL.getHost();
85             
86             if ((docHost != scriptHost) &&
87                 ((docHost == null) || (!docHost.equals(scriptHost)))) {
88                 if ( !docURL.equals(scriptURL)
89                      &&
90                      (scriptURL == null
91                       ||
92                       !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
93                     se = new SecurityException JavaDoc
94                         (Messages.formatMessage(ERROR_SCRIPT_FROM_DIFFERENT_URL,
95                                                 new Object JavaDoc[]{scriptURL}));
96                 }
97             }
98         }
99         
100     }
101 }
102
103
104     
105
Popular Tags