You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2011/06/25 12:53:31 UTC
svn commit: r1139517 - in /river/jtsk/skunk/peterConcurrentPolicy:
src/org/apache/river/api/ src/org/apache/river/api/delegates/
src/org/apache/river/api/loader/ src/org/apache/river/api/lookup/
src/org/apache/river/api/security/ src/org/apache/river/a...
Author: peter_firmstone
Date: Sat Jun 25 10:53:29 2011
New Revision: 1139517
URL: http://svn.apache.org/viewvc?rev=1139517&view=rev
Log:
concurrent policy
Added:
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/FileInputStream.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/delegates/FileInputStream.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/FileOutputStream.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/delegates/FileOutputStream.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/loader/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/loader/EndpointCodeSource.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/loader/EndpointCodeSource.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/DefaultEntries.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/DefaultEntries.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java (with props)
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamFilter.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamFilter.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java
- copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamUnmarshaller.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/StreamServiceRegistrar.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/StreamServiceRegistrar.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ClassLoadingPermission.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/ClassLoadingPermission.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegatePermission.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/DelegatePermission.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java
- copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/Exclusion.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java
- copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/InternetSecurityManager.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/PermissionGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/PermissionGrantBuilder.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java (with props)
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokePermission.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokePermission.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java
- copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokeableDynamicPolicy.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/util/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/util/Facade.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/util/Facade.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/util/ResultStream.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/util/ResultStream.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/DiscoveryV2ReadUncastResponseTask.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/dos/DiscoveryV2ReadUncastResponseTask.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/IsolatedExecutor.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/dos/IsolatedExecutor.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/IsolationException.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/dos/IsolationException.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/ProxyIsolationHandler.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/dos/ProxyIsolationHandler.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ConcurrentPermissions.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/ConcurrentPermissions.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFile.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/ConcurrentPolicyFile.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java
- copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicGrants.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicGrants.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollection.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/MultiReadPermissionCollection.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PermissionPendingResolution.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/PermissionPendingResolution.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PermissionPendingResolutionCollection.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/PermissionPendingResolutionCollection.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PolicyPermission.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/PolicyPermission.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/spi/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/spi/RevokeableDynamicPolicySpi.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/spi/RevokeableDynamicPolicySpi.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/CertificateGrant.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/CertificateGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ClassLoaderGrant.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ClassLoaderGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/CodeSourceGrant.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/CodeSourceGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DefaultPolicyParser.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyScanner.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DefaultPolicyScanner.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java
- copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DenyImpl.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Messages.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/Messages.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/NullPolicyParser.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/NullPolicyParser.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PermissionGrantBuilderImp.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/PermissionGrantBuilderImp.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyParser.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/PolicyParser.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/PolicyUtils.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PrincipalGrant.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/PrincipalGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java
- copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ProtectionDomainGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/UnresolvedPrincipal.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/UnresolvedPrincipal.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Util.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/Util.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/messages.properties
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/messages.properties
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ConcurrentCollections.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/util/ConcurrentCollections.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ConcurrentSoftMap.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/util/ConcurrentSoftMap.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ConcurrentWeakIdentityMap.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/util/ConcurrentWeakIdentityMap.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ConcurrentWeakMap.java
- copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/util/ConcurrentWeakMap.java
Removed:
river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/io/PackageVersionTest.java
Added: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java?rev=1139517&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java Sat Jun 25 10:53:29 2011
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.lookup;
+
+import java.net.URI;
+import java.security.CodeSource;
+import net.jini.core.entry.Entry;
+import net.jini.core.lookup.ServiceID;
+import net.jini.core.lookup.ServiceItem;
+
+/**
+ * ServiceItemClasspathSub is intended for client side filtering of lookup
+ * service results prior to clients using a service, the lookup service
+ * that implements this class, implements #getServiceItem(), so clients
+ * can obtain a complete ServiceItem when required after filtering.
+ *
+ * ServiceItemClasspathSub extends ServiceItem and can be used anywhere a
+ * ServiceItem is required for querying or inspecting Entry fields that are
+ * resolvable from the local classpath. If dynamically downloaded code is
+ * required, Remote or Serializable object references are not resolved,
+ * instead, such fields are set to null to avoid codebase download.
+ *
+ * ServiceItemClasspathSub inherits all fields from ServiceItem.
+ *
+ * Some fields in ServiceItemClasspathSub may be null or fields in Entry's may
+ * be null or even the service reference may be null, these fields would be
+ * non-null in a ServiceItem that resolves classes from dynamicly downloaded
+ * code or a remote codebase.
+ *
+ * The serviceID field shall be non-null always.
+ *
+ * ServiceItem's toString() method will return a different result for
+ * ServiceItemClasspathSub instances.
+ *
+ * When required, a new ServiceItem that is unmarshalled
+ * using remote codebases and dynamicly downloaded code can be obtained
+ * by calling #getServiceItem().
+ *
+ * @author Peter Firmstone.
+ */
+public abstract class ServiceItemClasspathSub extends ServiceItem{
+ private static final long SerialVersionUID = 1L;
+ protected ServiceItemClasspathSub(ServiceID id, Entry[] unmarshalledEntries){
+ super(id, (Object) null, unmarshalledEntries);
+ }
+
+ /* Default constructor for serializable sub class.
+ */
+ protected ServiceItemClasspathSub(){
+ super(null, null, null);
+ }
+ /**
+ * Using remote and local code as required getServiceItem returns a
+ * new ServiceItem.
+ *
+ * The returned ServiceItem must not be an instance of this class.
+ *
+ * @return ServiceItem, totally unmarshalled, using remote codebase resources
+ * in addition to any local classpath or resources.
+ */
+ public abstract ServiceItem getServiceItem();
+}
Propchange: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java
------------------------------------------------------------------------------
svn:eol-style = native
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamUnmarshaller.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamUnmarshaller.java&r1=1137903&r2=1139517&rev=1139517&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamUnmarshaller.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java Sat Jun 25 10:53:29 2011
@@ -20,18 +20,18 @@ package org.apache.river.api.lookup;
import java.io.IOException;
import java.security.CodeSource;
-import org.apache.river.api.lookup.ServiceClasspathSubItem;
+import org.apache.river.api.lookup.ServiceItemClasspathSub;
import org.apache.river.api.util.ResultStream;
import net.jini.core.lookup.*;
/**
* Add this to the ResultStream filter chain
* {@link StreamServiceRegistrar#lookup(ServiceTemplate, Class[], int)}
- * to getServiceItem any ServiceClasspathSubItem's in the stream, prior to
+ * to getServiceItem any ServiceItemClasspathSub's in the stream, prior to
* proxy verification, or applying constraints.
*
* @author Peter Firmstone.
- * @see ServiceClasspathSubItem.
+ * @see ServiceItemClasspathSub.
* @see StreamServiceRegistrar
*/
public class ServiceResultStreamUnmarshaller implements ResultStream<ServiceItem> {
@@ -50,13 +50,13 @@ public class ServiceResultStreamUnmarsha
public ServiceItem get() throws IOException {
if (input == null) return null;
for(Object item = input.get(); item != null; item = input.get()) {
- if (item instanceof ServiceClasspathSubItem){
- ServiceClasspathSubItem msi = (ServiceClasspathSubItem) item;
+ if (item instanceof ServiceItemClasspathSub){
+ ServiceItemClasspathSub msi = (ServiceItemClasspathSub) item;
return msi.getServiceItem();
} else if (item instanceof ServiceItem) {
return (ServiceItem) item;
}
- /* If item is not an instanceof ServiceItem or ServiceClasspathSubItem
+ /* If item is not an instanceof ServiceItem or ServiceItemClasspathSub
* it is ignored and the next item in the ResultStream is retrieved.
*/
}//end item loop
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/Exclusion.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/Exclusion.java&r1=1137903&r2=1139517&rev=1139517&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/Exclusion.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java Sat Jun 25 10:53:29 2011
@@ -19,11 +19,7 @@
package org.apache.river.api.security;
-import java.security.CodeSource;
-import java.security.Permission;
-import java.security.Principal;
import java.security.ProtectionDomain;
-import java.security.cert.Certificate;
/**
* A Exclusion implementation must be immutable, it will be accessed by concurrent
@@ -59,37 +55,4 @@ public abstract class Exclusion {
* @return
*/
public abstract boolean excludes(ProtectionDomain pd);
- /**
- * Checks if this Exclusion excludes a ProtectionDomain, the Principal
- * array may be empty but not null. The Principal array is provided
- * to avoid needing to create a new ProtectionDomain instance containing
- * the array of Principals.
- *
- * @param pd
- * @param p
- * @return
- */
- public abstract boolean excludes(ProtectionDomain pd, Principal[] p);
- /**
- * Checks if this Exclusion excludes a ClassLoader domain, with an
- * array of Principals
- * @param cl
- * @param p
- * @return
- */
- public abstract boolean excludes(ClassLoader cl, Principal[] p);
- /**
- * Checks if the exclusions excludes a CodeSource and array of Principals
- * @param cs
- * @param p
- * @return
- */
- public abstract boolean excludes(CodeSource cs, Principal[] p);
- /**
- * Checks if the exclusion excludes an array of Certificats and Principals.
- * @param c
- * @param p
- * @return
- */
- public abstract boolean excludes(Certificate[] c, Principal[] p);
}
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/InternetSecurityManager.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/InternetSecurityManager.java&r1=1137903&r2=1139517&rev=1139517&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/InternetSecurityManager.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java Sat Jun 25 10:53:29 2011
@@ -31,14 +31,11 @@ import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReadWriteLock;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.river.impl.util.ConcurrentCollections;
import org.apache.river.impl.util.ConcurrentSoftMap;
+import org.apache.river.impl.util.ConcurrentWeakMap;
/**
* The InternetSecurityManager provides cached permission check results and
@@ -102,7 +99,7 @@ public class InternetSecurityManager ext
* @throws java.util.concurrent.ExecutionException
*/
- public void clearFromCache(Set<Permission> perms) throws InterruptedException, ExecutionException{
+ public void clearFromCache(Set<Permission> perms) throws SecurityException {
g.checkGuard(this);
// wl.lock();
// try {
Added: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java?rev=1139517&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java Sat Jun 25 10:53:29 2011
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.security;
+
+import java.io.IOException;
+import java.util.List;
+import net.jini.security.GrantPermission;
+import net.jini.security.policy.UmbrellaGrantPermission;
+
+/**
+ * This policy, in addition to any local policy provider, allows a network djinn
+ * administrator to provide a list of PermissionGrant's, from a single or
+ * replicated remote location, distributed to all nodes in a djinn that
+ * administrator is responsible for, every time the administrator updates
+ * his network policy, he can use a RemoteEvent notification system to update
+ * all client node policies.
+ *
+ * This is implemented at the client, the list of PermissionGrant's provided,
+ * will replace any existing RemotePolicy permissions. This allows the administrator
+ * to replace or replicate his network security policy, the client can switch to
+ * any other network security policy advisory service.
+ *
+ * It is essential that the policy service authenticate as an administrator
+ * subject over a secure endpoint.
+ *
+ * RemotePolicy, if it encapsulates an underlying RemotePolicy, does not
+ * delegate updates to the underlying RemotePolicy, this is in case an
+ * implementer wants a number of different layers of RemotePolicy, where
+ * each layer represents a different administrator role or responsiblity.
+ * The administrator's subject must hold the necessary permissionss in order
+ * to grant them, including RuntimePermission("getProtectionDomain").
+ *
+ * @author Peter Firmstone
+ * @see GrantPermission
+ * @see UmbrellaGrantPermission
+ */
+public interface RemotePolicy {
+ /**
+ * Provides a list of policies, provided by a remote policy advisory
+ * service, this list replaces any existing list, it is defensively copied.
+ *
+ * @param policyPermissions
+ * @throws java.io.IOException
+ */
+ public void update(List<PermissionGrant> policyPermissions) throws IOException;
+}
Propchange: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java
------------------------------------------------------------------------------
svn:eol-style = native
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokeableDynamicPolicy.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokeableDynamicPolicy.java&r1=1137903&r2=1139517&rev=1139517&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokeableDynamicPolicy.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java Sat Jun 25 10:53:29 2011
@@ -19,7 +19,9 @@
package org.apache.river.api.security;
import java.security.Permission;
+import java.security.Principal;
import java.util.List;
+import net.jini.security.policy.DynamicPolicy;
/**
* <p>
@@ -46,7 +48,8 @@ import java.util.List;
* it protects, a new Permission class must be implemented, for the Delegate's
* use, in a checkPermission call, to protect access to the underlying
* object's method. If an existing JVM Permission guards the underlying object,
- * the delegate needs to be given the standard JVM Permission.
+ * the delegate needs to be given the standard JVM Permission. DelegatePermission
+ * has been created for the purpose of encapsulating an existing Permission.
* </p><p>
* The ability to revoke a Permission fully is intended for smart proxy's to
* be given some trust temporarily, so that objects recieved from the smart proxy
@@ -69,37 +72,28 @@ import java.util.List;
* @see java.security.AccessControlContext
* @see java.security.Permission
* @see PermissionGrant
+ * @see DelegatePermission
*/
-public interface RevokeableDynamicPolicy {
+public interface RevokeableDynamicPolicy extends DynamicPolicy {
/**
- * Grant Permission's as specified in a List of PermissionGrant's
- * which can be added by concurrent threads.
+ * Revoke, removes all DynamicPolicy grants specific to the classLoader of
+ * the class passed in. This is for removing dynamic grant's from proxy's.
*
- * @param grants
- */
- public void grant(List<PermissionGrant> grants);
- /**
- * Revoke, only removes any PermissionGrant's that are identical, typically
- * a List of Grant's is obtained by getPermssionGrant's which can be
- * manipulated and investigated, any that are undesirable should be passed
- * to revoke.
- *
- * Revokes can only be performed synchronuously with other Revokes.
+ * Caveat: Not all Permission's once granted can be revoked. When a Permission
+ * is checked, prior to passing a reference to a caller, that reference
+ * has escaped any further Permission checks, meaning that the Permission
+ * cannot be revoked for the caller holding a reference.
*
- * @param grants
- * @throws java.lang.Exception if revoke unsuccessful.
- */
- public void revoke(List<PermissionGrant> grants) throws Exception;
- /**
- * Get a List copy of the current PermissionGrant's in force.
- * @return
+ * @param cl
+ * @return Array of Permission's that have been revoked, the caller should
+ * check to see if any of these allow references to escape, in which case
+ * the proxy still has the functionality the Permission is supposed to
+ * protect against.
*/
- public List<PermissionGrant> getPermissionGrants();
+ public Permission[] revoke(Class cl, Principal[] principals);
/**
*
- * @return true if Revoke supported.
+ * @return true - If Revoke supported by underlying policy.
*/
public boolean revokeSupported();
-
- public PermissionGrantBuilder getGrantBuilder();
}
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java&r1=1137903&r2=1139517&rev=1139517&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java Sat Jun 25 10:53:29 2011
@@ -2,6 +2,8 @@
package org.apache.river.impl.security.policy.se;
+import java.io.IOException;
+import java.util.concurrent.ExecutionException;
import org.apache.river.api.security.InternetSecurityManager;
import java.security.AccessController;
import java.security.AllPermission;
@@ -37,6 +39,7 @@ import net.jini.security.policy.Umbrella
import org.apache.river.api.security.PermissionGrant;
import org.apache.river.impl.security.policy.spi.RevokeableDynamicPolicySpi;
import org.apache.river.api.security.PermissionGrantBuilder;
+import org.apache.river.api.security.RemotePolicy;
import org.apache.river.api.security.RevokePermission;
import org.apache.river.api.security.RevokeableDynamicPolicy;
import org.apache.river.impl.security.policy.util.PermissionGrantBuilderImp;
@@ -131,7 +134,8 @@ import org.apache.river.impl.util.Concur
* @see ConcurrentPermissionCollection
*/
-public class DynamicConcurrentPolicyProvider implements RevokeableDynamicPolicySpi {
+public class DynamicConcurrentPolicyProvider implements RemotePolicy,
+ RevokeableDynamicPolicy {
private static final ProtectionDomain sysDomain =
AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
public ProtectionDomain run() { return Object.class.getProtectionDomain(); }
@@ -143,13 +147,14 @@ public class DynamicConcurrentPolicyProv
* Local methods must first copy the reference before using the array in
* loops etc in case the reference is updated.
*/
- private volatile PermissionGrant[] pGrants;
+ private volatile PermissionGrant[] remotePolicyGrants; // Write protected by grantLock.
/* This lock protects adding and removal of PermissionGrant's*/
private final Object grantLock;
- private final Collection<DynamicGrants> dynamicGrants;
private volatile Policy basePolicy; // effectively final looks after its own sync
private final ConcurrentMap<ProtectionDomain, PermissionCollection> cache;
private final ConcurrentMap<PermissionGrant, Permission[]> grantCache;
+ // DynamicPolicy grant's for Proxy's.
+ private final Collection<PermissionGrant> dynamicPolicyGrants;
private volatile boolean basePolicyIsDynamic; // Don't use cache if true.
private volatile boolean revokeable;
private volatile boolean initialized = false;
@@ -163,11 +168,13 @@ public class DynamicConcurrentPolicyProv
public DynamicConcurrentPolicyProvider(){
- pGrants = new PermissionGrant[0];
+ dynamicPolicyGrants = ConcurrentCollections.multiReadCollection(
+ new ArrayList<PermissionGrant>(120));
+
+ remotePolicyGrants = new PermissionGrant[0];
basePolicy = null;
- cache = new ConcurrentWeakIdentityMap<ProtectionDomain, PermissionCollection>();
- grantCache = new ConcurrentWeakIdentityMap<PermissionGrant, Permission[]>();
- dynamicGrants = ConcurrentCollections.multiReadCollection(new ArrayList<DynamicGrants>());
+ cache = new ConcurrentWeakIdentityMap<ProtectionDomain, PermissionCollection>(120);
+ grantCache = new ConcurrentWeakIdentityMap<PermissionGrant, Permission[]>(60);
basePolicyIsDynamic = false;
revokeable = true;
logger = Logger.getLogger("net.jini.security.policy");
@@ -237,16 +244,6 @@ public class DynamicConcurrentPolicyProv
return revokeable;
}
- public Provider getProvider() {
- if (initialized == false) throw new RuntimeException("Object not initialized");
- throw new UnsupportedOperationException("Not supported yet.");
- }
-
- public String getType() {
- if (initialized == false) throw new RuntimeException("Object not initialized");
- throw new UnsupportedOperationException("Not supported yet.");
- }
-
public PermissionCollection getPermissions(CodeSource codesource) {
if (initialized == false) throw new RuntimeException("Object not initialized");
/* It is extremely important that dynamic grant's are not returned,
@@ -270,7 +267,7 @@ public class DynamicConcurrentPolicyProv
* container.
*/
PermissionCollection pc = basePolicy.getPermissions(domain);
- PermissionGrant [] grantsRefCopy = pGrants; // Interim updates not seen.
+ PermissionGrant [] grantsRefCopy = remotePolicyGrants; // Interim updates not seen.
int l = grantsRefCopy.length;
for ( int i = 0; i < l; i++ ){
if ( grantsRefCopy[i].implies(domain) ){
@@ -345,7 +342,7 @@ public class DynamicConcurrentPolicyProv
if ( existed != null ){
pc = existed;
}
- expandUmbrella(pc); // We need to avoid using PolicyFileProvider
+ expandUmbrella(pc); // We need to avoid using PolicyFileProvider as grants from it are not revokable.
if ( pc.implies(permission)) return true;
}
// Once we get to here pc is definitely not null and we have the
@@ -355,8 +352,8 @@ public class DynamicConcurrentPolicyProv
// ": Base policy is not dynamic and returned false" );
// }
// If the base policy doesn't imply a Permission then we should check for dynamic grants
- Collection<Permission> dynamicallyGrantedPermissions = new HashSet<Permission>(pGrants.length);
- PermissionGrant[] grantsRefCopy = pGrants; // In case the grants volatile reference is updated.
+ Collection<Permission> dynamicallyGrantedPermissions = new HashSet<Permission>(120);
+ PermissionGrant[] grantsRefCopy = remotePolicyGrants; // In case the grants volatile reference is updated.
int l = grantsRefCopy.length;
for ( int i = 0; i < l; i++){
if (grantsRefCopy[i].implies(domain)) {
@@ -365,6 +362,13 @@ public class DynamicConcurrentPolicyProv
dynamicallyGrantedPermissions.addAll(Arrays.asList(perms));
}
}
+ Iterator<PermissionGrant> grants = dynamicPolicyGrants.iterator();
+ while (grants.hasNext()){
+ PermissionGrant g = grants.next();
+ if (g.implies(domain)){
+ dynamicallyGrantedPermissions.addAll(g.getPermissions());
+ }
+ }
// if (loggable) {
// logger.log(Level.FINEST, "Grants: " + dynamicallyGrantedPermissions.toString());
// }
@@ -399,16 +403,16 @@ public class DynamicConcurrentPolicyProv
// Clean up any void grants.
synchronized (grantLock) {
// This lock doesn't stop reads to grants only other volatile reference updates.
- // Manipulating, alterations (writes) to the pGrants array is prohibited.
- int l = pGrants.length;
+ // Manipulating, alterations (writes) to the remotePolicyGrants array is prohibited.
+ int l = remotePolicyGrants.length;
ArrayList<PermissionGrant> grantHolder
= new ArrayList<PermissionGrant>(l);
for ( int i = 0; i < l; i++ ){
- if ( pGrants[i].isVoid(null)) continue;
- grantHolder.add(pGrants[i]);
+ if ( remotePolicyGrants[i].isVoid(null)) continue;
+ grantHolder.add(remotePolicyGrants[i]);
}
PermissionGrant[] remaining = new PermissionGrant[grantHolder.size()];
- pGrants = grantHolder.toArray(remaining); // Volatile reference update.
+ remotePolicyGrants = grantHolder.toArray(remaining); // Volatile reference update.
}
ensureDependenciesResolved();
}
@@ -439,7 +443,7 @@ public class DynamicConcurrentPolicyProv
dp.grant(cl, principals, permissions);
return;
}
- AccessController.checkPermission(new GrantPermission(permissions));
+ sm.checkPermission(new GrantPermission(permissions));
PermissionGrantBuilder pgb = new PermissionGrantBuilderImp();
PermissionGrant pe = pgb.clazz(cl).principals(principals)
.permissions(permissions)
@@ -448,9 +452,7 @@ public class DynamicConcurrentPolicyProv
// We built this grant it's safe to trust.
grantCache.put(pe, permissions); // Replace any existing too.
// This grant is new, in the grantCache and we trust it.
- List<PermissionGrant> l = new ArrayList<PermissionGrant>(1);
- l.add(pe);
- processGrants(l);
+ dynamicPolicyGrants.add(pe);
if (loggable){
logger.log(Level.FINEST, "Granting: " + pe.toString());
}
@@ -471,20 +473,52 @@ public class DynamicConcurrentPolicyProv
principals = principals.clone();
checkNullElements(principals);
}
- Collection<Permission> cperms = new HashSet<Permission>(pGrants.length);
- PermissionGrant [] grantsRefCopy = pGrants; // Interim updates not seen.
- int l = grantsRefCopy.length;
- for ( int i = 0; i < l; i++ ){
- if ( grantsRefCopy[i].implies(loader, principals) ){
+ Collection<Permission> dPerms = new HashSet<Permission>();
+ Iterator<PermissionGrant> grants = dynamicPolicyGrants.iterator();
+ while ( grants.hasNext()){
+ PermissionGrant g = grants.next();
+ if ( g.implies(loader, principals) ){
// Only use the trusted grantCache.
- Permission[] perm = grantCache.get(grantsRefCopy[i]);
- cperms.addAll(Arrays.asList(perm));
+ dPerms.addAll(g.getPermissions());
}
- }
-
- Permission[] perms = cperms.toArray(new Permission[cperms.size()]);
+ }
+ Permission[] perms = dPerms.toArray(new Permission[dPerms.size()]);
return perms;
}
+
+ public Permission[] revoke(Class cl, Principal[] principals) {
+ if (initialized == false) throw new RuntimeException("Object not initialized");
+ g.checkGuard(null);
+ if (basePolicyIsDynamic && revokeable){
+ RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy;
+ return bp.revoke(cl, principals);
+ }
+ ClassLoader loader = null;
+ if( cl != null ) {
+ loader = cl.getClassLoader();
+ }
+ // defensive copy array
+ if (principals != null && principals.length > 0) {
+ principals = principals.clone();
+ checkNullElements(principals);
+ }
+ HashSet<Permission> removed = new HashSet<Permission>();
+ Iterator<PermissionGrant> grants = dynamicPolicyGrants.iterator();
+ while ( grants.hasNext()){
+ PermissionGrant g = grants.next();
+ if ( g.implies(loader, principals) ){
+ // Only use the trusted grantCache.
+ removed.addAll(g.getPermissions());
+ grants.remove();
+ }
+ }
+ // Unfortunately this is quite expensive, but we don't know which ProtectionDomains a ClassLoader references.
+ cache.clear();
+ if (sm instanceof InternetSecurityManager) {
+ ((InternetSecurityManager) sm).clearFromCache(removed);
+ }
+ return removed.toArray(new Permission[removed.size()]);
+ }
private static void checkNullElements(Object[] array) {
int l = array.length;
@@ -495,17 +529,13 @@ public class DynamicConcurrentPolicyProv
}
}
- public void grant(List<PermissionGrant> grants) {
+ public void update(List<PermissionGrant> grants) throws IOException {
if (initialized == false) throw new RuntimeException("Object not initialized");
// because PermissionGrant's are given references to ProtectionDomain's
// we must check the caller has this permission.
- AccessController.checkPermission(new RuntimePermission("getProtectionDomain"));
- if ( basePolicyIsDynamic && revokeable){
- RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy;
- bp.grant(grants);
- return;
- }
- grantCache.putAll(checkGrants(grants));
+ sm.checkPermission(new RuntimePermission("getProtectionDomain"));
+ // Delegating to the underlying policy is not supported.
+ grantCache.putAll(checkGrants(grants)); // Fails if SecurityException
// If we get to here, the caller has permission.
processGrants(grants);
}
@@ -546,80 +576,39 @@ public class DynamicConcurrentPolicyProv
* been provided for this purpose, then prior to calling this method,
* the PermissionGrant's must be added to the grantsCache.
*
- * processGrants places the PermissionGrant's in the pGrants array. It is
- * recommended that only this method be used to update the pGrants
+ * processGrants places the PermissionGrant's in the remotePolicyGrants array. It is
+ * recommended that only this method be used to update the remotePolicyGrants
* reference.
*
* @param grants
*/
private void processGrants(Collection<PermissionGrant> grants) {
- // This is slightly naughty calling a pGrants method, however if it
+ // This is slightly naughty calling a remotePolicyGrants method, however if it
// changes between now and gaining the lock, only the length of the
// HashSet is potentially not optimal, keeping the HashSet creation
// outside of the lock reduces the lock held duration.
HashSet<PermissionGrant> holder
- = new HashSet<PermissionGrant>(grants.size() + pGrants.length);
+ = new HashSet<PermissionGrant>(grants.size());
holder.addAll(grants);
- synchronized (grantLock) {
- int l = pGrants.length;
- for ( int i = 0; i < l; i++ ){
- if (pGrants[i].isVoid(null)) continue;
- holder.add(pGrants[i]);
- }
+ PermissionGrant[] old = null;
+ synchronized (grantLock) {
+ old = remotePolicyGrants;
PermissionGrant[] updated = new PermissionGrant[holder.size()];
- pGrants = holder.toArray(updated);
+ remotePolicyGrants = holder.toArray(updated);
}
- }
-
- public void revoke(List<PermissionGrant> grants) throws Exception {
- if (initialized == false) throw new RuntimeException("Object not initialized");
- g.checkGuard(this);
- if (basePolicyIsDynamic && revokeable){
- RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy;
- bp.revoke(grants);
- return;
+ cache.clear();
+ Collection<PermissionGrant> oldGrants = new HashSet<PermissionGrant>(old.length);
+ oldGrants.addAll(Arrays.asList(old));
+ oldGrants.removeAll(holder);
+ Set<Permission> removed = new HashSet<Permission>(120);
+ Iterator<PermissionGrant> rgi = oldGrants.iterator();
+ while (rgi.hasNext()){
+ PermissionGrant g = rgi.next();
+ removed.addAll(g.getPermissions());
}
- HashSet<Permission> removed = new HashSet<Permission>();
- HashSet<PermissionGrant> holder = new HashSet<PermissionGrant>(pGrants.length);
- synchronized (grantLock){
- int l = pGrants.length;
- for (int i = 0; i < l; i++){
- if (pGrants[i].isVoid(null) || grants.contains(pGrants[i])) {
- // should we consider removing from grantCache?
- // For now we just let GC clean it up.
- Permission [] perms = grantCache.get(pGrants[i]);
- int len = perms.length;
- for ( int c =0; c < len ; c++ ){
- removed.add(perms[c]);
- }
- continue;
- }
- holder.add(pGrants[i]);
- }
- PermissionGrant[] updated = new PermissionGrant[holder.size()];
- pGrants = holder.toArray(updated);
- if (sm instanceof InternetSecurityManager) {
- ((InternetSecurityManager) sm).clearFromCache(removed);
- }
- }
- }
-
- public List<PermissionGrant> getPermissionGrants() {
- if (initialized == false) throw new RuntimeException("Object not initialized");
- if ( basePolicyIsDynamic && revokeable){
- RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy;
- return bp.getPermissionGrants();
+ if (sm instanceof InternetSecurityManager) {
+ ((InternetSecurityManager) sm).clearFromCache(removed);
}
- ArrayList<PermissionGrant> grants;
- PermissionGrant[] grantRefCopy = pGrants; // A local reference copy.
- int l = grantRefCopy.length;
- grants = new ArrayList<PermissionGrant>(l);
- grants.addAll(Arrays.asList(grantRefCopy));
- return grants;
+ // oldGrants now only has the grants which have been removed.
}
-
- public PermissionGrantBuilder getGrantBuilder() {
- return new PermissionGrantBuilderImp();
- }
-
}
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DenyImpl.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DenyImpl.java&r1=1137903&r2=1139517&rev=1139517&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DenyImpl.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java Sat Jun 25 10:53:29 2011
@@ -51,7 +51,7 @@ import org.apache.river.impl.security.po
*
* @author Peter Firmstone
*/
-public class DenyImpl implements Exclusion {
+public abstract class DenyImpl extends Exclusion {
private final List<URL> uri;
private final List<CodeSource> code;
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ProtectionDomainGrant.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ProtectionDomainGrant.java&r1=1137903&r2=1139517&rev=1139517&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ProtectionDomainGrant.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java Sat Jun 25 10:53:29 2011
@@ -24,9 +24,6 @@ import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
import java.security.ProtectionDomain;
-import java.security.cert.Certificate;
-import java.util.Arrays;
-import java.util.List;
import org.apache.river.api.security.Exclusion;
/**