You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2011/08/01 02:00:08 UTC
svn commit: r1152664 - in /river/jtsk/skunk/peterConcurrentPolicy:
qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java
src/com/sun/jini/outrigger/FastList.java
src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java
Author: peter_firmstone
Date: Mon Aug 1 00:00:07 2011
New Revision: 1152664
URL: http://svn.apache.org/viewvc?rev=1152664&view=rev
Log:
Changes necessary to compile
Modified:
river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java
river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java?rev=1152664&r1=1152663&r2=1152664&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java Mon Aug 1 00:00:07 2011
@@ -39,17 +39,17 @@ public class NameServiceImpl implements
}
- public InetAddress[] lookupAllHostAddr(String host)
+ public byte[][] lookupAllHostAddr(String host)
throws UnknownHostException
{
if (host.equalsIgnoreCase(testClient)) {
- return ( new InetAddress[]
- { InetAddress.getByAddress(addr1),
- InetAddress.getByAddress(addr2),
- InetAddress.getByAddress(localhostAddr) } );
+ return ( new byte [][]
+ { InetAddress.getByAddress(addr1).getAddress(),
+ InetAddress.getByAddress(addr2).getAddress(),
+ InetAddress.getByAddress(localhostAddr).getAddress() } );
} else if (host.equalsIgnoreCase(localhost)) {
- return ( new InetAddress[]
- { InetAddress.getByAddress(localhostAddr) } );
+ return ( new byte[][]
+ { InetAddress.getByAddress(localhostAddr).getAddress() } );
} else {
throw new UnknownHostException(host);
}
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java?rev=1152664&r1=1152663&r2=1152664&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java Mon Aug 1 00:00:07 2011
@@ -75,12 +75,12 @@ class FastList<T extends FastList.Node>
* checked without synchronization to skip work of the Node is reported
* as removed. Transitions only from false to true.
*/
- private volatile boolean removed;
+ volatile boolean removed;
/**
* This node does not need to be shown to scans with index greater than
* or equal to this index.
*/
- private volatile long index;
+ volatile long index;
/**
* null until the node is added to a list, then a reference to the list.
@@ -88,7 +88,7 @@ class FastList<T extends FastList.Node>
* removed from the list to which it was added. Protected by
* synchronization on the node.
*/
- private FastList<?> list;
+ volatile FastList<?> list;
/**
* Remove this node from its list.
@@ -96,7 +96,7 @@ class FastList<T extends FastList.Node>
* @return true if this node has never previously been removed, false if
* it has already been removed.
*/
- private synchronized boolean remove() {
+ synchronized boolean remove() {
if (removed) {
return false;
}
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java?rev=1152664&r1=1152663&r2=1152664&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java Mon Aug 1 00:00:07 2011
@@ -157,6 +157,7 @@ public class DynamicConcurrentPolicyProv
private final Collection<PermissionGrant> dynamicPolicyGrants;
private volatile boolean basePolicyIsDynamic; // Don't use cache if true.
private volatile boolean revokeable;
+ private volatile boolean basePolicyIsRemote;
private volatile boolean initialized = false;
private Logger logger;
private volatile boolean loggable;
@@ -299,9 +300,9 @@ public class DynamicConcurrentPolicyProv
public boolean implies(ProtectionDomain domain, Permission permission) {
if (initialized == false) throw new RuntimeException("Object not initialized");
- if (basePolicyIsDynamic){
- // Total delegation revoke and exclude supported only by underlying policy.
- return basePolicy.implies(domain, permission);
+ if (basePolicyIsDynamic || basePolicyIsRemote){
+ // Total delegation revoke supported only by underlying policy.
+ if (basePolicy.implies(domain, permission)) return true;
}
if (permission == null) throw new NullPointerException("permission not allowed to be null");
// First check our cache if the basePolicy is not dynamic.
@@ -530,6 +531,17 @@ public class DynamicConcurrentPolicyProv
}
public void update(List<PermissionGrant> grants) throws IOException {
+ /* If the base policy is also remote, each will manage their own
+ * permissions, so we do not delegate to the underlying policy.
+ * Any underlying local policy file permissions should be propagated up
+ * into each policy, which means there will be duplication of some
+ * policy information.
+ * It seems logical in the case of multiple remote policies that each
+ * could be the responsiblity of a different administrator. If these
+ * separate policy's were to be combined, there may be some cases
+ * where two permissions combined also implied a third permission, that
+ * neither administrator intended to grant.
+ */
if (initialized == false) throw new RuntimeException("Object not initialized");
// because PermissionGrant's are given references to ProtectionDomain's
// we must check the caller has this permission.