You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2010/05/26 12:47:42 UTC
svn commit: r948391 - in /incubator/river/jtsk/trunk: src/com/sun/jini/tool/
src/net/jini/security/policy/ src/org/apache/river/api/security/
src/org/apache/river/imp/security/policy/cdc/
src/org/apache/river/imp/security/policy/concurrent/ test/src/ne...
Author: peter_firmstone
Date: Wed May 26 10:47:42 2010
New Revision: 948391
URL: http://svn.apache.org/viewvc?rev=948391&view=rev
Log:
River-340 Additional Grants
Removed:
incubator/river/jtsk/trunk/test/src/net/jini/security/policy/DynamicPolicyProviderTest.java
incubator/river/jtsk/trunk/test/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProviderTest.java
Modified:
incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java
incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java
incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
Modified: incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java Wed May 26 10:47:42 2010
@@ -43,15 +43,15 @@ import net.jini.security.policy.PolicyIn
/**
* Defines a {@link DynamicPolicy} that logs information about missing
* permissions, and optionally grants all permissions, which is <b>FOR
- * DEBUGGING ONLY</b>. Do not use this security policy provider to grant
+ * DEBUGGING ONLY</b>. Do not use this security policy provider to grantCodeSource
* all permissions in a production environment. <p>
*
* This class is intended to simplify the process of deciding what security
- * permissions to grant to run an application. While it is generally
- * acceptable to grant all permissions to local, trusted code, downloaded
+ * permissions to grantCodeSource to run an application. While it is generally
+ * acceptable to grantCodeSource all permissions to local, trusted code, downloaded
* code should typically be granted the least permission possible. <p>
*
- * The usual approach to choosing which permissions to grant is to start by
+ * The usual approach to choosing which permissions to grantCodeSource is to start by
* running the application with a security policy file that grants all
* permissions to local, trusted code. When the application fails with an
* exception message that identifies a missing permission, add that
@@ -170,7 +170,7 @@ public class DebugDynamicPolicyProvider
private static final Logger logger =
Logger.getLogger("net.jini.security.policy");
- /* If true, always grant permission */
+ /* If true, always grantCodeSource permission */
private static boolean grantAll =
((Boolean) AccessController.doPrivileged(
new PrivilegedAction() {
Modified: incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java Wed May 26 10:47:42 2010
@@ -5,6 +5,7 @@
package net.jini.security.policy;
+import java.security.cert.Certificate;
import org.apache.river.imp.security.policy.cdc.DynamicPolicyProviderImpl;
import java.security.AccessControlException;
import java.security.AccessController;
@@ -67,7 +68,7 @@ public class DynamicPolicyProvider exten
private static final Logger logger =
Logger.getLogger("net.jini.security.policy");
// Debugging can be done with an SPI implementation
-// /* If true, always grant permission */
+// /* If true, always grantCodeSource permission */
// @SuppressWarnings("unchecked")
// private static volatile boolean grantAll =
// ((Boolean) AccessController.doPrivileged(
@@ -318,8 +319,24 @@ public class DynamicPolicyProvider exten
instance.revoke(cs, principals, permissions);
}
- public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
- instance.grant(cs, principals, permissions);
+ public void grantCodeSource(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ instance.grantCodeSource(cs, principals, permissions);
+ }
+
+ public void grantProtectionDomain(Class cl, Permission[] permissions) throws UnsupportedOperationException {
+ instance.grantProtectionDomain(cl, permissions);
+ }
+
+ public void revokeProtectionDomain(Class cl, Permission[] permissions) throws UnsupportedOperationException {
+ instance.revokeProtectionDomain(cl, permissions);
+ }
+
+ public void grant(Certificate[] certs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ instance.grant(certs, principals, permissions);
+ }
+
+ public void revoke(Certificate[] certs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ instance.revoke(certs, principals, permissions);
}
}
Modified: incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java Wed May 26 10:47:42 2010
@@ -8,6 +8,8 @@ package org.apache.river.api.security;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
import net.jini.security.policy.DynamicPolicy;
/**
@@ -49,7 +51,19 @@ public interface RevokeablePolicy extend
* @param permissions
* @throws java.lang.UnsupportedOperationException
*/
- public void grant(CodeSource cs, Principal[] principals, Permission[] permissions)
+ public void grantCodeSource(CodeSource cs, Principal[] principals, Permission[] permissions)
+ throws UnsupportedOperationException;
+
+ public void grantProtectionDomain(Class cl, Permission[] permissions)
+ throws UnsupportedOperationException;
+
+ public void revokeProtectionDomain(Class cl, Permission[] permissions)
+ throws UnsupportedOperationException;
+
+ public void grant(Certificate[] certs, Principal[] principals, Permission[] permissions)
+ throws UnsupportedOperationException;
+
+ public void revoke(Certificate[] certs, Principal[] principals, Permission[] permissions)
throws UnsupportedOperationException;
/**
*
Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java Wed May 26 10:47:42 2010
@@ -18,6 +18,7 @@
package org.apache.river.imp.security.policy.cdc;
+import java.security.cert.Certificate;
import net.jini.security.policy.*;
import com.sun.jini.collection.WeakIdentityMap;
import java.lang.ref.ReferenceQueue;
@@ -49,7 +50,7 @@ import org.apache.river.imp.security.pol
/**
* Security policy provider that supports dynamic granting of permissions at
- * run-time. This provider is designed as a wrapper to layer dynamic grant
+ * run-time. This provider is designed as a wrapper to layer dynamic grantCodeSource
* functionality on top of an underlying policy provider. If the underlying
* provider does not implement the {@link DynamicPolicy} interface, then its
* permission mappings are assumed to change only when its {@link
@@ -170,7 +171,7 @@ public class DynamicPolicyProviderImpl e
return true;
}
- // documentation inherited from DynamicPolicy.grant
+ // documentation inherited from DynamicPolicy.grantCodeSource
public void grant(Class cl,
Principal[] principals,
Permission[] permissions)
@@ -577,7 +578,23 @@ public class DynamicPolicyProviderImpl e
throw new UnsupportedOperationException("Not supported yet.");
}
- public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ public void grantCodeSource(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
+
+ public void grantProtectionDomain(Class cl, Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
+
+ public void revokeProtectionDomain(Class cl, Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
+
+ public void grant(Certificate[] certs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
+
+ public void revoke(Certificate[] certs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
throw new UnsupportedOperationException("Not supported yet.");
}
}
Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java Wed May 26 10:47:42 2010
@@ -13,6 +13,7 @@ import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Provider;
+import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -78,12 +79,12 @@ import org.apache.river.imp.util.Concurr
* <p>
* It is thus reccommeded that Static policy files only be used for files
* where the level of trust is relatively static. This is the only implementation
- * where a dyanamic grant can be removed. In the case of Proxy trust, a proxy
+ * where a dyanamic grantCodeSource can be removed. In the case of Proxy trust, a proxy
* is no longer trusted when it has lost contact with it's Principal (server)
* because the server cannot be asked if it trusts it's proxy and the proxy
* cannot be given a thread of control to find it's server because it has
* already attained too many Permissions. In this new implementation it should
- * be possible to revoke AllPermission and grant Permissions dynamically as
+ * be possible to revoke AllPermission and grantCodeSource Permissions dynamically as
* trust is gained.</p>
* <p>
* This may cause some undesireable side effects in existing programs.
@@ -236,7 +237,7 @@ public class DynamicConcurrentPolicyProv
// and remove all grants that may be granted by other means.
// such as ProtectionDomain or Principals alone.
// When we have Certificates we might want to check that
- // too because otherwise we might remove a grant that doesn't
+ // too because otherwise we might remove a grantCodeSource that doesn't
// imply or apply.
if ( ge.impliesPrincipals(loader == null ? null : principals)
&& ge.impliesClassLoader(loader)) {
@@ -370,7 +371,7 @@ public class DynamicConcurrentPolicyProv
}
/**
- * Calling refresh doesn't remove any dynamic grant's, it only clears
+ * Calling refresh doesn't remove any dynamic grantCodeSource's, it only clears
* the cache and refreshes the underlying Policy, it also removes any
* grants for ProtectionDomains that no longer exist.
*/
@@ -397,7 +398,7 @@ public class DynamicConcurrentPolicyProv
return true;
}
- public void grant(Class cl, Principal[] principals, Permission[] permissions) {
+ private void grant(Class cl, int context, Principal[] principals, Permission[] permissions) {
if (initialized == false) throw new RuntimeException("Object not initialized");
if (permissions == null || permissions.length == 0) {return;}
if (principals == null){ principals = new Principal[0];}
@@ -428,7 +429,7 @@ public class DynamicConcurrentPolicyProv
if ( cl != null){
domain = getDomain(cl);
}
- PolicyEntry pe = new PolicyEntry(domain, 0, pal, perm);
+ PolicyEntry pe = new PolicyEntry(domain, context, pal, perm);
if (loggable){
logger.log(Level.FINEST, "Granting: " + pe.toString());
}
@@ -460,7 +461,7 @@ public class DynamicConcurrentPolicyProv
// and remove all grants that may be granted by other means.
// such as ProtectionDomain or Principals alone.
// When we have Certificates we might want to check that
- // too because otherwise we might remove a grant that doesn't
+ // too because otherwise we might remove a grantCodeSource that doesn't
// imply or apply.
if ( ge.impliesPrincipals(loader == null ? null : principals)
&& ge.impliesClassLoader(loader)) {
@@ -511,12 +512,102 @@ public class DynamicConcurrentPolicyProv
return pd;
}
- public void revoke(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ public void revoke(CodeSource cs, Principal[] principals,
+ Permission[] permissions) throws UnsupportedOperationException {
throw new UnsupportedOperationException("Not supported yet.");
}
- public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ public void grantCodeSource(CodeSource cs, Principal[] principals,
+ Permission[] permissions) throws UnsupportedOperationException {
+ if (initialized == false) throw new RuntimeException("Object not initialized");
+ if (permissions == null || permissions.length == 0) {return;}
+ if (principals == null){ principals = new Principal[0];}
+ if (principals.length > 0) {
+ principals = principals.clone();
+ checkNullElements(principals);
+ }
+ permissions = permissions.clone();
+ checkNullElements(permissions);
+ if ( basePolicyIsDynamic ){
+ /* Delegate, otherwise, if base policy is an instance of this class, we
+ * may have multi combinations of permissions that together should
+ * be true but become separated as this implementation will not
+ * return any dynamically granted permissions via getPermissions(
+ * because doing so would mean loosing revoke ability.
+ */
+ throw new UnsupportedOperationException("Can't delegate CodeSource" +
+ "grant to underlying policy");
+ }
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(new GrantPermission(permissions));
+ }
+ Collection<Principal> pal = Arrays.asList(principals);
+ Collection<Permission> perm = Arrays.asList(permissions);
+ PolicyEntry pe = new PolicyEntry(cs, pal, perm);
+ if (loggable){
+ logger.log(Level.FINEST, "Granting: " + pe.toString());
+ }
+ try {
+ wl.lock();
+ dynamicGrants.add(pe);
+ } finally {wl.unlock();}
+ }
+
+ public void grantProtectionDomain(Class cl, Permission[] permissions)
+ throws UnsupportedOperationException {
+ grant(cl, PolicyEntry.PROTECTIONDOMAIN, (Principal[]) null, permissions);
+ }
+
+ public void revokeProtectionDomain(Class cl, Permission[] permissions)
+ throws UnsupportedOperationException {
throw new UnsupportedOperationException("Not supported yet.");
}
+ public void grant(Certificate[] certs, Principal[] principals,
+ Permission[] permissions) throws UnsupportedOperationException {
+ if (initialized == false) throw new RuntimeException("Object not initialized");
+ if (permissions == null || permissions.length == 0) {return;}
+ if (principals == null){ principals = new Principal[0];}
+ if (principals.length > 0) {
+ principals = principals.clone();
+ checkNullElements(principals);
+ }
+ permissions = permissions.clone();
+ checkNullElements(permissions);
+ if ( basePolicyIsDynamic ){
+ /* Delegate, otherwise, if base policy is an instance of this class, we
+ * may have multi combinations of permissions that together should
+ * be true but become separated as this implementation will not
+ * return any dynamically granted permissions via getPermissions(
+ * because doing so would mean loosing revoke ability.
+ */
+ throw new UnsupportedOperationException("Can't delegate Certificate" +
+ "grants to underlying policy");
+ }
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(new GrantPermission(permissions));
+ }
+ Collection<Principal> pal = Arrays.asList(principals);
+ Collection<Permission> perm = Arrays.asList(permissions);
+ PolicyEntry pe = new PolicyEntry(certs, pal, perm);
+ if (loggable){
+ logger.log(Level.FINEST, "Granting: " + pe.toString());
+ }
+ try {
+ wl.lock();
+ dynamicGrants.add(pe);
+ } finally {wl.unlock();}
+ }
+
+ public void revoke(Certificate[] certs, Principal[] principals,
+ Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
+
+ public void grant(Class cl, Principal[] principals, Permission[] permissions) {
+ grant(cl, PolicyEntry.CLASSLOADER, principals, permissions);
+ }
+
}