KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > batik > bridge > EmbededScriptSecurity


1 /*
2
3    Copyright 2002 The Apache Software Foundation
4
5    Licensed under the Apache License, Version 2.0 (the "License");
6    you may not use this file except in compliance with the License.
7    You may obtain a copy of the License at
8
9        http://www.apache.org/licenses/LICENSE-2.0
10
11    Unless required by applicable law or agreed to in writing, software
12    distributed under the License is distributed on an "AS IS" BASIS,
13    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14    See the License for the specific language governing permissions and
15    limitations under the License.
16
17  */
18 package org.apache.batik.bridge;
19
20 import org.apache.batik.util.ParsedURL;
21
22 /**
23  * This implementation of the <tt>ScriptSecurity</tt> interface only
24  * allows scripts embeded in the document, i.e., scripts whith either
25  * the same URL as the document (as for event attributes) or scripts
26  * embeded with the data protocol.
27  *
28  * @author <a HREF="mailto:vhardy@apache.org">Vincent Hardy</a>
29  * @version $Id: EmbededScriptSecurity.java,v 1.4 2004/08/18 07:12:31 vhardy Exp $
30  */
31 public class EmbededScriptSecurity implements ScriptSecurity {
32     public static final String JavaDoc DATA_PROTOCOL = "data";
33
34     /**
35      * Message when trying to load a script file and the Document
36      * does not have a URL
37      */
38     public static final String JavaDoc ERROR_CANNOT_ACCESS_DOCUMENT_URL
39         = "DefaultScriptSecurity.error.cannot.access.document.url";
40
41     /**
42      * Message when trying to load a script that is not embeded
43      * in the document.
44      */
45     public static final String JavaDoc ERROR_SCRIPT_NOT_EMBEDED
46         = "EmbededScriptSecurity.error.script.not.embeded";
47
48     /**
49      * The exception is built in the constructor and thrown if
50      * not null and the checkLoadScript method is called.
51      */
52     protected SecurityException JavaDoc se;
53
54     /**
55      * Controls whether the script should be loaded or not.
56      *
57      * @throws SecurityException if the script should not be loaded.
58      */
59     public void checkLoadScript(){
60         if (se != null) {
61             throw se;
62         }
63     }
64
65     /**
66      * @param scriptType type of script, as found in the
67      * type attribute of the &lt;script&gt; element.
68      * @param scriptURL url for the script, as defined in
69      * the script's xlink:href attribute. If that
70      * attribute was empty, then this parameter should
71      * be null
72      * @param docURL url for the document into which the
73      * script was found.
74      */
75     public EmbededScriptSecurity(String JavaDoc scriptType,
76                                  ParsedURL scriptURL,
77                                  ParsedURL docURL){
78         // Make sure that the archives comes from the same host
79 // as the document itself
80 if (docURL == null) {
81             se = new SecurityException JavaDoc
82                 (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
83                                         new Object JavaDoc[]{scriptURL}));
84         } else {
85             if ( !docURL.equals(scriptURL)
86                  &&
87                  (scriptURL == null
88                   ||
89                   !DATA_PROTOCOL.equals(scriptURL.getProtocol()) )) {
90                 se = new SecurityException JavaDoc
91                     (Messages.formatMessage(ERROR_SCRIPT_NOT_EMBEDED,
92                                             new Object JavaDoc[]{scriptURL}));
93             }
94         }
95     }
96 }
97
98
99     
100
Popular Tags