You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2011/08/01 02:00:08 UTC

svn commit: r1152664 - in /river/jtsk/skunk/peterConcurrentPolicy: qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java src/com/sun/jini/outrigger/FastList.java src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java

Author: peter_firmstone
Date: Mon Aug  1 00:00:07 2011
New Revision: 1152664

URL: http://svn.apache.org/viewvc?rev=1152664&view=rev
Log:
Changes necessary to compile

Modified:
    river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java
    river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java
    river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java

Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java?rev=1152664&r1=1152663&r2=1152664&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java Mon Aug  1 00:00:07 2011
@@ -39,17 +39,17 @@ public class NameServiceImpl implements 
 
     }
 
-    public InetAddress[] lookupAllHostAddr(String host)
+    public byte[][] lookupAllHostAddr(String host)
 	throws UnknownHostException
     {
         if (host.equalsIgnoreCase(testClient)) {
-            return ( new InetAddress[] 
-                       { InetAddress.getByAddress(addr1),
-                         InetAddress.getByAddress(addr2),
-                         InetAddress.getByAddress(localhostAddr) } );
+            return ( new byte [][] 
+                       { InetAddress.getByAddress(addr1).getAddress(),
+                         InetAddress.getByAddress(addr2).getAddress(),
+                         InetAddress.getByAddress(localhostAddr).getAddress() } );
         } else if (host.equalsIgnoreCase(localhost)) {
-            return ( new InetAddress[] 
-                       { InetAddress.getByAddress(localhostAddr) } );
+            return ( new byte[][] 
+                       { InetAddress.getByAddress(localhostAddr).getAddress() } );
         } else {
 	    throw new UnknownHostException(host);
         }

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java?rev=1152664&r1=1152663&r2=1152664&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java Mon Aug  1 00:00:07 2011
@@ -75,12 +75,12 @@ class FastList<T extends FastList.Node> 
          * checked without synchronization to skip work of the Node is reported
          * as removed. Transitions only from false to true.
          */
-        private volatile boolean removed;
+        volatile boolean removed;
         /**
          * This node does not need to be shown to scans with index greater than
          * or equal to this index.
          */
-        private volatile long index;
+        volatile long index;
 
         /**
          * null until the node is added to a list, then a reference to the list.
@@ -88,7 +88,7 @@ class FastList<T extends FastList.Node> 
          * removed from the list to which it was added. Protected by
          * synchronization on the node.
          */
-        private FastList<?> list;
+        volatile FastList<?> list;
 
         /**
          * Remove this node from its list.
@@ -96,7 +96,7 @@ class FastList<T extends FastList.Node> 
          * @return true if this node has never previously been removed, false if
          *         it has already been removed.
          */
-        private synchronized boolean remove() {
+        synchronized boolean remove() {
             if (removed) {
                 return false;
             }

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java?rev=1152664&r1=1152663&r2=1152664&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java Mon Aug  1 00:00:07 2011
@@ -157,6 +157,7 @@ public class DynamicConcurrentPolicyProv
     private final Collection<PermissionGrant> dynamicPolicyGrants;
     private volatile boolean basePolicyIsDynamic; // Don't use cache if true.
     private volatile boolean revokeable;
+    private volatile boolean basePolicyIsRemote;
     private volatile boolean initialized = false;
     private Logger logger;
     private volatile boolean loggable;
@@ -299,9 +300,9 @@ public class DynamicConcurrentPolicyProv
 
     public boolean implies(ProtectionDomain domain, Permission permission) {
         if (initialized == false) throw new RuntimeException("Object not initialized");
-        if (basePolicyIsDynamic){
-            // Total delegation revoke and exclude supported only by underlying policy.
-            return basePolicy.implies(domain, permission);
+        if (basePolicyIsDynamic || basePolicyIsRemote){
+            // Total delegation revoke supported only by underlying policy.
+            if (basePolicy.implies(domain, permission)) return true;
         }
 	if (permission == null) throw new NullPointerException("permission not allowed to be null");
         // First check our cache if the basePolicy is not dynamic.
@@ -530,6 +531,17 @@ public class DynamicConcurrentPolicyProv
     }
 
     public void update(List<PermissionGrant> grants) throws IOException {
+        /* If the base policy is also remote, each will manage their own
+         * permissions, so we do not delegate to the underlying policy.  
+         * Any underlying local policy file permissions should be propagated up
+         * into each policy, which means there will be duplication of some 
+         * policy information.
+         * It seems logical in the case of multiple remote policies that each
+         * could be the responsiblity of a different administrator.  If these
+         * separate policy's were to be combined, there may be some cases
+         * where two permissions combined also implied a third permission, that
+         * neither administrator intended to grant.
+         */ 
         if (initialized == false) throw new RuntimeException("Object not initialized");
         // because PermissionGrant's are given references to ProtectionDomain's
         // we must check the caller has this permission.