You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2010/07/20 12:57:01 UTC
svn commit: r965797 - in /incubator/river/jtsk/trunk/src:
net/jini/discovery/DiscoveryEvent.java
org/apache/river/api/security/PermissionGrantBuilder.java
org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java
org/apache/river/imp/util/
Author: peter_firmstone
Date: Tue Jul 20 10:57:01 2010
New Revision: 965797
URL: http://svn.apache.org/viewvc?rev=965797&view=rev
Log:
Minor changes to ProtectionDomainGrant to handle new ProtectionDomain's create with a DomainCombiner, eg javax.security.auth.SubjectDomainCombiner
Modified:
incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java
incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/util/ (props changed)
Modified: incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java?rev=965797&r1=965796&r2=965797&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java (original)
+++ incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java Tue Jul 20 10:57:01 2010
@@ -20,7 +20,6 @@ package net.jini.discovery;
import net.jini.lookup.StreamServiceRegistrarFacade;
import net.jini.lookup.ServiceRegistrarFacade;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.EventObject;
import java.util.Map;
import net.jini.core.lookup.PortableServiceRegistrar;
@@ -164,7 +163,7 @@ public class DiscoveryEvent extends Even
* @return the set of registrars to which this event applies.
*/
public PortableServiceRegistrar[] getPRegistrars() {
- return Arrays.copyOf(regs, regs.length);
+ return regs.clone();
}
/**
Modified: incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java?rev=965797&r1=965796&r2=965797&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java Tue Jul 20 10:57:01 2010
@@ -37,11 +37,31 @@ import java.security.cert.Certificate;
public interface PermissionGrantBuilder {
/**
- * Implied Context of Grant
+ * The PermissionGrant generated will apply to all classes loaded by
+ * the ClassLoader
*/
public static final int CLASSLOADER = 0;
+ /**
+ * The PermissionGrant generated will apply to all classes loaded from
+ * the CodeSource.
+ */
public static final int CODESOURCE = 1;
+ /**
+ * The PermissionGrant generated will apply to all classes belonging to
+ * the ProtectionDomain. This is actually a simplification for the
+ * programmer the PermissionGrant will apply to the CodeSource and the
+ * ClassLoader combination, the reason for this is the DomainCombiner may
+ * create new instances of ProtectionDomain's from those that exist on
+ * the stack.
+ * @see java.security.AccessControlContext
+ * @see java.security.DomainCombiner
+ * @see javax.security.auth.SubjectDomainCombiner
+ */
public static final int PROTECTIONDOMAIN = 2;
+ /**
+ * The PermissionGrant generated will apply to all classes loaded from
+ * CodeSource's that have at a minimum the defined array Certificate[]
+ */
public static final int CODESOURCE_CERTS = 3;
/**
Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java?rev=965797&r1=965796&r2=965797&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java Tue Jul 20 10:57:01 2010
@@ -79,7 +79,8 @@ class ProtectionDomainGrant extends Prin
/*
* Checks if passed ProtectionDomain matches this PolicyEntry. Null ProtectionDomain of
* PolicyEntry implies any ProtectionDomain; non-null ProtectionDomain's are
- * compared with equals();
+ * compared with equals() and if false are compared by ClassLoader and
+ * CodeSource, in case of PermissionDomain's created by a DomainCombiner
*/
// for grant
public boolean impliesProtectionDomain(ProtectionDomain pd) {
@@ -87,17 +88,24 @@ class ProtectionDomainGrant extends Prin
if (hasDomain == false) return true;
if (pd == null) return false;
if (domain.get() == null ) return false; // hasDomain already true
- return pd.equals(domain.get()); // pd not null
+ if ( pd.equals(domain.get())) return true; // pd not null fast reference comparison
+ if ( impliesClassLoader(pd.getClassLoader()) && impliesCodeSource(pd.getCodeSource()))
+ {
+ return true;
+ }
+ return false;
}
- // This is only here for revoke.
+ // This is here for revoke and for new ProtectionDomain's created by the
+ // DomainCombiner such as those in the SubjectDomainCombiner.
protected boolean impliesClassLoader(ClassLoader cl) {
if (hasDomain == false) return true;
if (cl == null) return false;
if (domain.get() == null ) return false; // hasDomain already true
return domain.get().getClassLoader().equals(cl); // pd not null
}
- // This is only here for revoke.
+ // This is here for revoke and for new ProtectionDomain's created by the
+ // DomainCombiner such as those in the SubjectDomainCombiner.
protected boolean impliesCodeSource(CodeSource codeSource) {
ProtectionDomain pd = domain.get();
if (pd == null) return true;
Propchange: incubator/river/jtsk/trunk/src/org/apache/river/imp/util/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Tue Jul 20 10:57:01 2010
@@ -0,0 +1,3 @@
+RunnableManager.java
+RunnableDep.java
+RunnableDepHelper.java