You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2012/02/19 05:09:01 UTC
svn commit: r1290940 - in /river/jtsk/merge/src: manifest/jsk-dl/META-INF/
net/jini/jeri/ net/jini/jeri/ssl/ net/jini/jeri/tcp/ net/jini/loader/pref/
net/jini/security/ net/jini/security/policy/ net/jini/url/httpmd/
Author: peter_firmstone
Date: Sun Feb 19 04:09:00 2012
New Revision: 1290940
URL: http://svn.apache.org/viewvc?rev=1290940&view=rev
Log:
Incremental merge
Added:
river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java (with props)
Modified:
river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST
river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java
river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java
river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java
river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java
river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java
river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java
river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java
river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java
river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java
river/jtsk/merge/src/net/jini/security/GrantPermission.java
river/jtsk/merge/src/net/jini/security/Security.java
river/jtsk/merge/src/net/jini/security/SecurityContext.java
river/jtsk/merge/src/net/jini/security/policy/ (props changed)
river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java (contents, props changed)
river/jtsk/merge/src/net/jini/url/httpmd/Handler.java
Modified: river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST (original)
+++ river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST Sun Feb 19 04:09:00 2012
@@ -31,3 +31,6 @@ Preferred: false
Name: net/jini/-
Preferred: false
+
+Name: org/apache/river/api/-
+Preferred: false
\ No newline at end of file
Modified: river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java (original)
+++ river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java Sun Feb 19 04:09:00 2012
@@ -44,6 +44,8 @@ import java.security.AccessControlExcept
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
@@ -910,7 +912,8 @@ public class BasicInvocationDispatcher i
}
}
});
- if (System.getSecurityManager() == null) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
return;
}
ProtectionDomain pd;
@@ -934,6 +937,11 @@ public class BasicInvocationDispatcher i
}
boolean ok = pd.implies(permission);
// XXX what about logging
+ if (logger.isLoggable(Level.FINE)){
+ Policy p = Policy.getPolicy();
+ logger.log(Level.FINE, "SecurityManager: " + sm + "\nPolicy: " + p +
+ "\nProtectionDomain: " + pd);
+ }
if (!ok) {
throw new AccessControlException("access denied " + permission);
}
Modified: river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java (original)
+++ river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java Sun Feb 19 04:09:00 2012
@@ -415,7 +415,16 @@ public final class BasicObjectEndpoint
case 0x00:
// REMIND: close the response input stream?
+ Exception ex = null;
+ try {
+ call.getResponseInputStream().close();
+ } catch (IOException e){
+ ex = e;
+ }
// REMIND: Do we want to read a server-supplied reason string?
+ if (ex != null){
+ return new NoSuchObjectException("no such object in table, input stream close threw IOException: " + ex);
+ }
return new NoSuchObjectException("no such object in table");
case 0x01:
@@ -423,7 +432,17 @@ public final class BasicObjectEndpoint
default:
// REMIND: close the response input stream?
+ Exception exc = null;
+ try {
+ call.getResponseInputStream().close();
+ } catch (IOException e){
+ exc = e;
+ }
// REMIND: Do we really want this failure mode here?
+ if (exc != null){
+ return new UnmarshalException("unexpected invocation status: " +
+ Integer.toHexString(status), exc);
+ }
return new UnmarshalException("unexpected invocation status: " +
Integer.toHexString(status));
}
Modified: river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java (original)
+++ river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java Sun Feb 19 04:09:00 2012
@@ -26,10 +26,12 @@ import java.security.NoSuchAlgorithmExce
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertPath;
+import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -324,7 +326,7 @@ abstract class AuthManager extends Filte
*/
static long certificatesValidUntil(CertPath chain) {
long result = Long.MAX_VALUE;
- List certs = chain.getCertificates();
+ List<? extends Certificate> certs = chain.getCertificates();
for (int i = certs.size(); --i >= 0; ) {
X509Certificate cert = (X509Certificate) certs.get(i);
long until = cert.getNotAfter().getTime();
Modified: river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java (original)
+++ river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java Sun Feb 19 04:09:00 2012
@@ -166,7 +166,7 @@ class ServerAuthManager extends AuthMana
} else {
credentialsValidUntil = checkCredentials(
cred, clientSubject, "accept");
- sessionCache = new SoftReference(session);
+ sessionCache = new SoftReference<SSLSession>(session);
}
}
}
@@ -347,7 +347,7 @@ class ServerAuthManager extends AuthMana
if (val instanceof X500PrivateCredential) {
cred = (X500PrivateCredential) val;
try {
- checkCredentials(cred, null, "listen");
+ checkCredentials(cred, null, "listen");
} catch (SecurityException e) {
if (logger.isLoggable(Levels.HANDLED)) {
logThrow(logger, Levels.HANDLED,
Modified: river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java (original)
+++ river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java Sun Feb 19 04:09:00 2012
@@ -64,7 +64,7 @@ class SslConnection extends Utilities im
* the client to negotiate a new session before the server timeout, which
* defaults to 24 hours.
*/
- private static long maxClientSessionDuration =
+ private final long maxClientSessionDuration =
((Long) Security.doPrivileged(
new GetLongAction("com.sun.jini.jeri.ssl.maxClientSessionDuration",
(long) (23.5 * 60 * 60 * 1000)))).longValue();
@@ -100,16 +100,16 @@ class SslConnection extends Utilities im
private final ClientAuthManager authManager;
/** The socket */
- SSLSocket sslSocket;
+ volatile SSLSocket sslSocket;
/** The currently active cipher suite */
- private String activeCipherSuite;
+ volatile private String activeCipherSuite;
/** The current session */
- private SSLSession session;
+ volatile private SSLSession session;
/** True if the connection has been closed. */
- boolean closed;
+ volatile boolean closed;
/* -- Methods -- */
Modified: river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java (original)
+++ river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java Sun Feb 19 04:09:00 2012
@@ -284,6 +284,9 @@ class SslEndpointImpl extends Utilities
* XXX: Work around BugID 4892841, Subject.getPrincipals(Class)
* not thread-safe against changes to principals.
* -tjb[18.Jul.2003]
+ *
+ * This was fixed in Java 1.5 which is now our minimum
+ * supported version.
*/
synchronized (clientSubject.getPrincipals()) {
clientPrincipals =
Modified: river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java (original)
+++ river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java Sun Feb 19 04:09:00 2012
@@ -101,10 +101,10 @@ class SslServerEndpointImpl extends Util
* to facilitate testing. Use 24 hours to allow the client, which uses
* 23.5 hours, to renegotiate a new session before the server timeout.
*/
- static long maxServerSessionDuration =
+ private final long maxServerSessionDuration =
((Long) Security.doPrivileged(
new GetLongAction("com.sun.jini.jeri.ssl.maxServerSessionDuration",
- 24 * 60 * 60 * 1000))).longValue();
+ 24L * 60L * 60L * 1000L))).longValue();
/**
* Executes a Runnable in a system thread -- used for listener accept
@@ -118,10 +118,10 @@ class SslServerEndpointImpl extends Util
new BasicServerConnManager();
/** The associated server endpoint. */
- final ServerEndpoint serverEndpoint;
+ private final ServerEndpoint serverEndpoint;
/** The server subject, or null if the server is anonymous. */
- final Subject serverSubject;
+ private final Subject serverSubject;
/**
* The principals to use for authentication, or null if the server is
@@ -146,21 +146,21 @@ class SslServerEndpointImpl extends Util
/**
* The permissions needed to authenticate when listening on this endpoint,
- * or null if the server is anonymous.
+ * or null if the server is anonymous. Effectively immutable array.
*/
- Permission[] listenPermissions;
+ private final Permission[] listenPermissions;
/** The listen endpoint. */
private final ListenEndpoint listenEndpoint;
/** The factory for creating JSSE sockets -- set by sslInit */
- private SSLSocketFactory sslSocketFactory;
+ private SSLSocketFactory sslSocketFactory; // Synchronized on this
/**
* The authentication manager for the SSLContext for this endpoint -- set
* by sslInit.
*/
- private ServerAuthManager authManager;
+ private ServerAuthManager authManager; // Synchronized on this
/** The server connection manager. */
ServerConnManager serverConnectionManager = defaultServerConnectionManager;
@@ -191,9 +191,10 @@ class SslServerEndpointImpl extends Util
? computePrincipals(serverSubject)
: checkPrincipals(serverPrincipals);
/* Set listenPermissions before calling hasListenPermissions */
+ Permission [] listenPermissions;
if (this.serverPrincipals == null) {
listenPermissions = null;
- } else {
+ } else {
listenPermissions =
new AuthenticationPermission[this.serverPrincipals.size()];
int i = 0;
@@ -213,10 +214,11 @@ class SslServerEndpointImpl extends Util
!hasListenPermissions()))
{
this.serverSubject = null;
- this.listenPermissions = null;
+ listenPermissions = null;
} else {
- this.serverSubject = serverSubject;
+ this.serverSubject = serverSubject;
}
+ this.listenPermissions = listenPermissions;
this.serverHost = serverHost;
if (port < 0 || port > 0xFFFF) {
throw new IllegalArgumentException("Invalid port: " + port);
@@ -526,12 +528,12 @@ class SslServerEndpointImpl extends Util
if (resolvedHost == null) {
InetAddress localAddr;
try {
- localAddr = (InetAddress) AccessController.doPrivileged(
- new PrivilegedExceptionAction() {
- public Object run() throws UnknownHostException {
- return InetAddress.getLocalHost();
- }
- });
+ localAddr = AccessController.doPrivileged(
+ new PrivilegedExceptionAction<InetAddress>() {
+ public InetAddress run() throws UnknownHostException {
+ return InetAddress.getLocalHost();
+ }
+ });
} catch (PrivilegedActionException e) {
UnknownHostException uhe =
(UnknownHostException) e.getCause();
@@ -673,15 +675,18 @@ class SslServerEndpointImpl extends Util
checkListenPermissions(false);
Set principals = serverSubject.getPrincipals();
/* Keep track of progress; remove entry when check is done */
- Map progress = new HashMap(serverPrincipals.size());
- for (Iterator i = serverPrincipals.iterator(); i.hasNext(); ) {
- X500Principal p = (X500Principal) i.next();
- if (!principals.contains(p)) {
- throw new UnsupportedConstraintException(
- "Missing principal: " + p);
- }
- progress.put(p, X500Principal.class);
- }
+ boolean nullServerPrincipals = serverPrincipals == null;
+ Map progress = new HashMap(nullServerPrincipals ? 0 : serverPrincipals.size());
+ if (!nullServerPrincipals){
+ for (Iterator i = serverPrincipals.iterator(); i.hasNext(); ) {
+ X500Principal p = (X500Principal) i.next();
+ if (!principals.contains(p)) {
+ throw new UnsupportedConstraintException(
+ "Missing principal: " + p);
+ }
+ progress.put(p, X500Principal.class);
+ }
+ }
X500PrivateCredential[] privateCredentials =
(X500PrivateCredential[]) AccessController.doPrivileged(
new SubjectCredentials.GetAllPrivateCredentialsAction(
@@ -803,8 +808,9 @@ class SslServerEndpointImpl extends Util
private final Set connections = new HashSet();
/** Used to throttle accept failures */
+ private final Object failureLock = new Object();
private long acceptFailureTime = 0;
- private int acceptFailureCount;
+ private int acceptFailureCount = 0;
/** Creates a listen handle */
SslListenHandle(RequestDispatcher requestDispatcher,
@@ -936,23 +942,34 @@ class SslServerEndpointImpl extends Util
final int NFAIL = 10;
final int NMSEC = 5000;
long now = System.currentTimeMillis();
- if (acceptFailureTime == 0L ||
- (now - acceptFailureTime) > NMSEC)
- {
- // failure time is very old, or this is first failure
- acceptFailureTime = now;
- acceptFailureCount = 0;
- } else {
- // failure window was started recently
- acceptFailureCount++;
- if (acceptFailureCount >= NFAIL) {
- try {
- Thread.sleep(10000);
- } catch (InterruptedException ignore) {
- }
- // no need to reset counter/timer
- }
- }
+ boolean fail = false;
+ synchronized (failureLock){
+ if (acceptFailureTime == 0L ||
+ (now - acceptFailureTime) > NMSEC)
+ {
+ // failure time is very old, or this is first failure
+ acceptFailureTime = now;
+ acceptFailureCount = 0;
+ } else {
+ // failure window was started recently
+ acceptFailureCount++;
+ if (acceptFailureCount >= NFAIL) {
+ fail = true;
+ }
+ }
+ }
+ if (fail) {
+ try {
+ Thread.sleep(10000);
+ } catch (InterruptedException ignore) {
+ /* Why are we ignoring the interrupt and not
+ * restoring the interrupted status?
+ */
+ Thread.currentThread().interrupt();
+ }
+ // no need to reset counter/timer
+ }
+
return true;
}
@@ -1063,31 +1080,31 @@ class SslServerEndpointImpl extends Util
* yet. Check that the current session matches to prevent new
* handshakes.
*/
- private SSLSession session;
+ private final SSLSession session;
/**
* The client subject -- depends on session being set. This instance
* is read-only.
*/
- private Subject clientSubject;
+ private final Subject clientSubject;
/** The client principal -- depends on session being set. */
- private X500Principal clientPrincipal;
+ private final X500Principal clientPrincipal;
/** The server principal -- depends on session being set. */
- private X500Principal serverPrincipal;
+ private final X500Principal serverPrincipal;
/**
* The authentication permission required for this connection, or null
* if the server is anonymous -- depends on session being set.
*/
- private AuthenticationPermission authPermission;
+ private final AuthenticationPermission authPermission;
/** The cipher suite -- depends on session being set. */
- private String cipherSuite;
-
+ private final String cipherSuite;
+
/** True if the connection has been closed. */
- boolean closed;
+ volatile boolean closed;
/** Creates a server connection */
SslServerConnection(SslListenHandle listenHandle, Socket socket)
@@ -1103,7 +1120,34 @@ class SslServerEndpointImpl extends Util
/* Need to put in server mode before requesting client auth. */
sslSocket.setUseClientMode(false);
sslSocket.setWantClientAuth(true);
-
+ try {
+ session = sslSocket.getSession();
+ sslSocket.setEnableSessionCreation(false);
+ cipherSuite = session.getCipherSuite();
+ if ("NULL".equals(getKeyExchangeAlgorithm(cipherSuite))) {
+ throw new SecurityException("Handshake failed");
+ }
+ clientSubject = getClientSubject(sslSocket);
+ clientPrincipal = clientSubject != null
+ ? ((X500Principal)
+ clientSubject.getPrincipals().iterator().next())
+ : null;
+ X509Certificate serverCert =
+ getAuthManager().getServerCertificate(session);
+ serverPrincipal = serverCert != null
+ ? serverCert.getSubjectX500Principal() : null;
+ if (serverPrincipal != null) {
+ authPermission = new AuthenticationPermission(
+ Collections.singleton(serverPrincipal),
+ (clientPrincipal != null
+ ? Collections.singleton(clientPrincipal) : null),
+ "accept");
+ } else {
+ authPermission = null;
+ }
+ } catch (SecurityException e){
+ throw new IOException("Unable to create session", e);
+ }
logger.log(Level.FINE, "created {0}", this);
}
@@ -1193,43 +1237,21 @@ class SslServerEndpointImpl extends Util
* fields if needed.
*/
private void decacheSession() {
- synchronized (this) {
- SSLSession socketSession = sslSocket.getSession();
- if (session == socketSession) {
- return;
- } else if (session != null) {
- /*
- * We disable session creation as soon as we notice the
- * first session, but it is possible that a second
- * handshake could have started by then, so check that we
- * have the same session. -tjb[31.Jan.2003]
- */
- throw new SecurityException(
- "New handshake occurred on socket");
- }
- session = socketSession;
- sslSocket.setEnableSessionCreation(false);
- cipherSuite = session.getCipherSuite();
- if ("NULL".equals(getKeyExchangeAlgorithm(cipherSuite))) {
- throw new SecurityException("Handshake failed");
- }
- clientSubject = getClientSubject(sslSocket);
- clientPrincipal = clientSubject != null
- ? ((X500Principal)
- clientSubject.getPrincipals().iterator().next())
- : null;
- X509Certificate serverCert =
- getAuthManager().getServerCertificate(session);
- serverPrincipal = serverCert != null
- ? serverCert.getSubjectX500Principal() : null;
- if (serverPrincipal != null) {
- authPermission = new AuthenticationPermission(
- Collections.singleton(serverPrincipal),
- (clientPrincipal != null
- ? Collections.singleton(clientPrincipal) : null),
- "accept");
- }
- }
+ SSLSession socketSession = sslSocket.getSession();
+ if (session == socketSession) {
+ return;
+ } else if ( !session.isValid()){
+ throw new SecurityException("Session invalid");
+ } else {
+ /*
+ * We disable session creation as soon as we notice the
+ * first session, but it is possible that a second
+ * handshake could have started by then, so check that we
+ * have the same session. -tjb[31.Jan.2003]
+ */
+ throw new SecurityException(
+ "New handshake occurred on socket");
+ }
}
/**
Modified: river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java (original)
+++ river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java Sun Feb 19 04:09:00 2012
@@ -854,7 +854,7 @@ public final class TcpServerEndpoint imp
if (!(t instanceof SecurityException)) {
try {
- // NYI: shed idle connections
+ // TODO: NYI: shed idle connections
} catch (OutOfMemoryError e) {
} catch (Exception e) {
}
Added: river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java?rev=1290940&view=auto
==============================================================================
--- river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java (added)
+++ river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java Sun Feb 19 04:09:00 2012
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.jini.loader.pref;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.net.URL;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.cert.Certificate;
+
+/**
+ * The intent of this class is to allow a jar file to carry with it the
+ * permissions it requires, the intent is that a smart proxy use this,
+ * the permissions are dynamically granted to a Principal and ClassLoader
+ * combination.
+ *
+ * This is package private until the implementation is complete, the public
+ * api should be reviewed before making public.
+ *
+ * @author peter
+ */
+class CodeSourceWithPermissionsRequired extends CodeSource {
+ private static final long serialVersionUID = 1L;
+ private Permission[] permissions;
+
+ public CodeSourceWithPermissionsRequired(URL codebase, Certificate[] certs, Permission[] perms){
+ super(codebase, certs );
+ permissions = perms.clone();
+ }
+
+ public String toString(){
+ StringBuilder sb = new StringBuilder(120);
+ sb.append(super.toString())
+ .append("\n")
+ .append("Information only, minimum Permissions required for execution:\n");
+ int l = permissions.length;
+ for (int i = 0; i < l ; i++){
+ sb.append(permissions[i].toString());
+ }
+ return sb.toString();
+ }
+
+ Permission [] required(){
+ return permissions.clone();
+ }
+
+ private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException{
+ in.defaultReadObject();
+ // defensive copy of array reference to prevent stolen reference
+ permissions = permissions.clone();
+ }
+
+ private void writeObject(ObjectOutputStream out) throws IOException{
+ out.defaultWriteObject();
+ }
+}
Propchange: river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java (original)
+++ river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java Sun Feb 19 04:09:00 2012
@@ -1011,6 +1011,22 @@ public class PreferredClassLoader extend
return getPackage(name);
}
}
+
+ protected Class<?> findClass(final String name)
+ throws ClassNotFoundException
+ {
+ /* TODO: Override and create our own CodeSource
+ * implementation that contains permissions.perm
+ * After we retrieve the manifest, class bytes and
+ * certificates, create the CodeSource we call
+ * defineClass(String name, byte[]b, int off, int len, CodeSource cs)
+ *
+ * This will be utilised by a class that overrides
+ * BasicProxyPreparer.getPermissions()
+ * to retrieve the advisory permissions.
+ */
+ return super.findClass(name);
+ }
/**
* {@inheritDoc}
@@ -1143,9 +1159,9 @@ public class PreferredClassLoader extend
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
* Comment added 7th May 2010 by Peter Firmstone:
- * This calls the pre java 1.4 constructor which causes the
+ * This did call the pre java 1.4 constructor which causes the
* ProtectionDomain to not consult the Policy, this
- * has the effect of not allowing Dynamic Permission changes to be
+ * had the effect of not allowing Dynamic Permission changes to be
* effected by the Policy. It doesn't affect the existing
* DynamicPolicy implementation as it returns the Permissions
* allowing the ProtectionDomain domain combiner to combine
Modified: river/jtsk/merge/src/net/jini/security/GrantPermission.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/security/GrantPermission.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/security/GrantPermission.java (original)
+++ river/jtsk/merge/src/net/jini/security/GrantPermission.java Sun Feb 19 04:09:00 2012
@@ -555,7 +555,7 @@ public final class GrantPermission exten
* of permissions.
*/
private static String constructName(Permission[] pa) {
- StringBuffer sb = new StringBuffer();
+ StringBuffer sb = new StringBuffer(60);
for (int i = 0; i < pa.length; i++) {
Permission p = pa[i];
if (p instanceof UnresolvedPermission) {
@@ -762,8 +762,9 @@ public final class GrantPermission exten
private static final ObjectStreamField[] serialPersistentFields = {
new ObjectStreamField("perms", List.class, true)
};
-
- private List perms = new ArrayList();
+
+ // Serial form.
+ private List<Permission> perms = new ArrayList<Permission>();
private Implier implier = new Implier();
public synchronized void add(Permission p) {
@@ -774,11 +775,15 @@ public final class GrantPermission exten
throw new SecurityException(
"can't add to read-only PermissionCollection");
}
- perms.add(p);
- implier.add((GrantPermission) p);
+ // Cannot use TreeSet to ensure correctness, just don't
+ // add twice, in other words check must be external.
+ // Stack overflow may occur if permissions added without checking
+ perms.add(p);
+ implier.add((GrantPermission) p);
+
}
- public synchronized Enumeration elements() {
+ public synchronized Enumeration<Permission> elements() {
return Collections.enumeration(perms);
}
Modified: river/jtsk/merge/src/net/jini/security/Security.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/security/Security.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/security/Security.java (original)
+++ river/jtsk/merge/src/net/jini/security/Security.java Sun Feb 19 04:09:00 2012
@@ -43,6 +43,7 @@ import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.WeakHashMap;
+import java.util.concurrent.ConcurrentMap;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
@@ -461,26 +462,7 @@ public final class Security {
}
final AccessControlContext acc = AccessController.getContext();
- return new SecurityContext() {
- public PrivilegedAction wrap(PrivilegedAction a) {
- if (a == null) {
- throw new NullPointerException();
- }
- return a;
- }
-
- public PrivilegedExceptionAction wrap(PrivilegedExceptionAction a)
- {
- if (a == null) {
- throw new NullPointerException();
- }
- return a;
- }
-
- public AccessControlContext getAccessControlContext() {
- return acc;
- }
- };
+ return new SecurityContextImpl(acc);
}
/**
@@ -497,15 +479,17 @@ public final class Security {
* principals of the <code>Subject</code>, as well as the ability to use
* credentials of the <code>Subject</code> for authentication.
*
+ * @param <T>
* @param action the action to be executed
* @return the object returned by the action's <code>run</code> method
* @throws NullPointerException if the action is <code>null</code>
*/
- public static Object doPrivileged(final PrivilegedAction action) {
+ public static <T> T doPrivileged(final PrivilegedAction<T> action) {
final Class caller = ctxAccess.getCaller();
final AccessControlContext acc = AccessController.getContext();
- return AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
+ return AccessController.doPrivileged(new PrivilegedAction<T>() {
+
+ public T run() {
return AccessController.doPrivileged(
action, createPrivilegedContext(caller, acc));
}
@@ -526,19 +510,21 @@ public final class Security {
* to principals of the <code>Subject</code>, as well as the ability to use
* credentials of the <code>Subject</code> for authentication.
*
+ * @param <T>
* @param action the action to be executed
* @return the object returned by the action's <code>run</code> method
* @throws PrivilegedActionException if the action's <code>run</code>
* method throws a checked exception
* @throws NullPointerException if the action is <code>null</code>
*/
- public static Object doPrivileged(final PrivilegedExceptionAction action)
+ public static <T> T doPrivileged(final PrivilegedExceptionAction<T> action)
throws PrivilegedActionException
{
final Class caller = ctxAccess.getCaller();
final AccessControlContext acc = AccessController.getContext();
- return AccessController.doPrivileged(new PrivilegedExceptionAction() {
- public Object run() throws Exception {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<T>() {
+
+ public T run() throws Exception {
try {
return AccessController.doPrivileged(
action, createPrivilegedContext(caller, acc));
@@ -765,21 +751,24 @@ public final class Security {
* Returns current thread's context class loader.
*/
private static ClassLoader getContextClassLoader() {
- return (ClassLoader)
- AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
- return Thread.currentThread().getContextClassLoader();
- }
- });
+ return AccessController.doPrivileged(
+ new PrivilegedAction<ClassLoader>() {
+
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ }
+ );
}
/**
* Returns currently installed security policy, if any.
*/
private static Policy getPolicy() {
- return (Policy) AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() { return Policy.getPolicy(); }
- });
+ return AccessController.doPrivileged(new PrivilegedAction<Policy>() {
+
+ public Policy run() { return Policy.getPolicy(); }
+ });
}
/**
@@ -799,7 +788,7 @@ public final class Security {
} catch (SecurityException e) {
}
- ArrayList list = new ArrayList(permissions.length);
+ ArrayList<Permission> list = new ArrayList<Permission>(permissions.length);
for (int i = 0; i < permissions.length; i++) {
try {
Permission p = permissions[i];
@@ -808,7 +797,7 @@ public final class Security {
} catch (SecurityException e) {
}
}
- return (Permission[]) list.toArray(new Permission[list.size()]);
+ return list.toArray(new Permission[list.size()]);
}
/**
@@ -816,20 +805,23 @@ public final class Security {
*/
private static Principal[] getCurrentPrincipals() {
final AccessControlContext acc = AccessController.getContext();
- Subject s = (Subject) AccessController.doPrivileged(
- new PrivilegedAction() {
- public Object run() { return Subject.getSubject(acc); }
+ Subject s = AccessController.doPrivileged(
+ new PrivilegedAction<Subject>() {
+
+ public Subject run() { return Subject.getSubject(acc); }
});
if (s != null) {
- Set ps = s.getPrincipals();
- return (Principal[]) ps.toArray(new Principal[ps.size()]);
+ Set<Principal> ps = s.getPrincipals();
+ return ps.toArray(new Principal[ps.size()]);
} else {
return null;
}
}
/**
- * TrustVerifier.Context implementation.
+ * TrustVerifier.Context implementation. This implementation is only
+ * used to verify trust it is never handed outside this class,
+ * so we never bother to defensively copy state.
*/
private static class Context implements TrustVerifier.Context {
/**
@@ -872,9 +864,10 @@ public final class Security {
final ArrayList list = new ArrayList(1);
final ClassLoader scl = cl;
AccessController.doPrivileged(new PrivilegedAction() {
+
public Object run() {
for (Iterator iter =
- Service.providers(TrustVerifier.class, scl);
+ Service.providers(TrustVerifier.class, scl);
iter.hasNext(); )
{
list.add(iter.next());
@@ -891,7 +884,7 @@ public final class Security {
new TrustVerifier[list.size()]);
synchronized (map) {
map.put(cl, new SoftReference(verifiers));
- }
+ }
}
this.verifiers = verifiers;
this.context = context;
@@ -970,4 +963,48 @@ public final class Security {
return getClassContext()[2];
}
}
+
+ private static class SecurityContextImpl implements SecurityContext {
+
+ private final AccessControlContext acc;
+ private final int hashCode;
+
+ public SecurityContextImpl(AccessControlContext acc) {
+ this.acc = acc;
+ int hash = 7;
+ hash = 23 * hash + (this.acc != null ? this.acc.hashCode() : 0);
+ hashCode = hash;
+ }
+
+ public <T> PrivilegedAction<T> wrap(PrivilegedAction<T> a) {
+ if (a == null) {
+ throw new NullPointerException();
+ }
+ return a;
+ }
+
+ public <T> PrivilegedExceptionAction<T> wrap(PrivilegedExceptionAction<T> a)
+ {
+ if (a == null) {
+ throw new NullPointerException();
+ }
+ return a;
+ }
+
+ public AccessControlContext getAccessControlContext() {
+ return acc;
+ }
+
+ @Override
+ public int hashCode() {
+ return hashCode;
+ }
+
+ @Override
+ public boolean equals(Object o){
+ if (!(o instanceof SecurityContextImpl)) return false;
+ SecurityContext that = (SecurityContext) o;
+ return getAccessControlContext().equals(that.getAccessControlContext());
+ }
+ }
}
Modified: river/jtsk/merge/src/net/jini/security/SecurityContext.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/security/SecurityContext.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/security/SecurityContext.java (original)
+++ river/jtsk/merge/src/net/jini/security/SecurityContext.java Sun Feb 19 04:09:00 2012
@@ -51,7 +51,11 @@ import java.security.PrivilegedException
* AccessController.doPrivileged(
* ctx.wrap(action), ctx.getAccessControlContext());
* </pre>
- *
+ *
+ * <BOLD>
+ * Implementations must override Object equals and hashCode.
+ * </BOLD>
+ *
* @author Sun Microsystems, Inc.
*
* @since 2.0
@@ -71,12 +75,13 @@ public interface SecurityContext {
* <code>run</code> method is propagated through the <code>run</code>
* method of the wrapper action.
*
+ * @param <T> return type of PrivilegedAction
* @param action the action to be wrapped
* @return security context-restoring action wrapping <code>action</code>,
* or <code>action</code> if no wrapping is necessary
* @throws NullPointerException if <code>action</code> is <code>null</code>
*/
- PrivilegedAction wrap(PrivilegedAction action);
+ <T> PrivilegedAction<T> wrap(PrivilegedAction<T> action);
/**
* Returns a security context-restoring
@@ -91,12 +96,13 @@ public interface SecurityContext {
* thrown by the wrapped action's <code>run</code> method is propagated
* through the <code>run</code> method of the wrapper action.
*
+ * @param <T> return type of PrivilegedExceptionAction
* @param action the action to be wrapped
* @return security context-restoring action wrapping <code>action</code>,
* or <code>action</code> if no wrapping is necessary
* @throws NullPointerException if <code>action</code> is <code>null</code>
*/
- PrivilegedExceptionAction wrap(PrivilegedExceptionAction action);
+ <T> PrivilegedExceptionAction<T> wrap(PrivilegedExceptionAction<T> action);
/**
* Returns access control context portion of snapshotted security context.
Propchange: river/jtsk/merge/src/net/jini/security/policy/
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Sun Feb 19 04:09:00 2012
@@ -0,0 +1 @@
+/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy:1137883-1290923*
Modified: river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java (original)
+++ river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java Sun Feb 19 04:09:00 2012
@@ -26,8 +26,13 @@ import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
+import java.util.ArrayList;
+import java.util.Collection;
import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import net.jini.security.GrantPermission;
/**
@@ -47,20 +52,22 @@ import net.jini.security.GrantPermission
* @com.sun.jini.impl <!-- Implementation Specifics -->
*
* This implementation's no-argument constructor uses a default class name of
- * <code>"sun.security.provider.PolicyFile"</code> to instantiate base policy
- * objects, if the
+ * <code>"org.apache.river.impl.security.policy.se.ConcurrentPolicyFile"</code>
+ * to instantiate base policy objects, if the
* <code>net.jini.security.policy.PolicyFileProvider.basePolicyClass</code>
* security property is not set.
*/
public class PolicyFileProvider extends Policy {
private static final String basePolicyClassProperty =
- "net.jini.security.policy." +
- "PolicyFileProvider.basePolicyClass";
+ "net.jini.security.policy.PolicyFileProvider.basePolicyClass";
private static final String defaultBasePolicyClass =
- "sun.security.provider.PolicyFile";
+ // Having our own implementation removes a platform dependency
+ "org.apache.river.api.security.ConcurrentPolicyFile";
+// "sun.security.provider.PolicyFile";
private static final String policyProperty = "java.security.policy";
private static final Object propertyLock = new Object();
+ private static final Permission umbrella = new UmbrellaGrantPermission();
private final String policyFile;
private final Policy basePolicy;
@@ -101,7 +108,9 @@ public class PolicyFileProvider extends
* <code>net.jini.security.policy.PolicyFileProvider.basePolicyClass</code>
* security property, or if the calling context does not have
* adequate permissions to access the base policy class
+ * @deprecated DynamicPolicyProvider now supports Umbrella grants directly.
*/
+ @Deprecated
public PolicyFileProvider() throws PolicyInitializationException {
policyFile = null;
@@ -266,14 +275,25 @@ public class PolicyFileProvider extends
*/
private void ensureDependenciesResolved() {
// force resolution of GrantPermission and UmbrellaGrantPermission
- new GrantPermission(new UmbrellaGrantPermission());
+ new GrantPermission(umbrella);
}
- private static void expandUmbrella(PermissionCollection pc) {
- if (pc.implies(new UmbrellaGrantPermission())) {
- List l = Collections.list(pc.elements());
- pc.add(new GrantPermission(
- (Permission[]) l.toArray(new Permission[l.size()])));
+ static void expandUmbrella(PermissionCollection pc) {
+ if (pc.implies(umbrella)) {
+ // Don't use Set, avoid calling equals and hashCode on SocketPermission.
+ Collection<Permission> perms = new ArrayList<Permission>(120);
+ Enumeration<Permission> e = pc.elements();
+ while (e.hasMoreElements()){
+ Permission p = e.nextElement();
+ // Avoid unintended granting of GrantPermission
+ // and recursive UmbrellaGrantPermission
+ if ( p instanceof GrantPermission ||
+ p instanceof UmbrellaGrantPermission){
+ continue;
+ }
+ perms.add(p);
+ }
+ pc.add(new GrantPermission(perms.toArray(new Permission[perms.size()])));
}
}
@@ -287,7 +307,8 @@ public class PolicyFileProvider extends
public Object run() {
if (value == null) {
// TODO: Use System.clearProperty when we move to 1.5
- System.getProperties().remove(policyProperty);
+ System.clearProperty(policyProperty);
+ //System.getProperties().remove(policyProperty);
} else {
System.setProperty(policyProperty, value);
}
Propchange: river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Sun Feb 19 04:09:00 2012
@@ -0,0 +1 @@
+/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java:1137883-1290923
Modified: river/jtsk/merge/src/net/jini/url/httpmd/Handler.java
URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/url/httpmd/Handler.java?rev=1290940&r1=1290939&r2=1290940&view=diff
==============================================================================
--- river/jtsk/merge/src/net/jini/url/httpmd/Handler.java (original)
+++ river/jtsk/merge/src/net/jini/url/httpmd/Handler.java Sun Feb 19 04:09:00 2012
@@ -226,6 +226,29 @@ public class Handler extends URLStreamHa
}
}
}
+
+ /**
+ * The default superclass implementation performs dns lookup to determine
+ * if hosts are equal, this allows two URL's with different hashCode's
+ * to be equal, breaking the hashCode equals contract.
+ *
+ * It also causes a test failure in the jtreg test suite.
+ *
+ *
+ * *** Start test: Mon Jan 23 08:11:26 EST 2012
+ * [jtreg] Test 9: TestEqual: httpmd://foo:88/bar/baz;p1=v1;md5=abcd?q#r, httpmd://alpha:88/bar/baz;p1=v1;md5=abcd?q#r
+ * [jtreg] FAIL: Should be: false
+ * [jtreg] Result: true
+ *
+ * URL.implies(URL url) is better suited to perform this function, why
+ * it was originally implemented in equals is unknown.
+ */
+ protected boolean hostsEqual(URL u1, URL u2) {
+ if (u1.getHost() != null && u2.getHost() != null)
+ return u1.getHost().equalsIgnoreCase(u2.getHost());
+ else
+ return u1.getHost() == null && u2.getHost() == null;
+ }
/**
* Compares two HTTPMD URLs to see if they refer to the same file. Performs
@@ -317,15 +340,15 @@ public class Handler extends URLStreamHa
}
/* Generate the host part */
- InetAddress addr = getHostAddress(u);
- if (addr != null) {
- h += addr.hashCode();
- } else {
+// InetAddress addr = getHostAddress(u);
+// if (addr != null) {
+// h += addr.hashCode();
+// } else {
String host = u.getHost();
if (host != null) {
h += host.toLowerCase().hashCode();
}
- }
+// }
/*
* Generate the path part, ignoring case in the message digest and