You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2010/07/20 12:57:01 UTC

svn commit: r965797 - in /incubator/river/jtsk/trunk/src: net/jini/discovery/DiscoveryEvent.java org/apache/river/api/security/PermissionGrantBuilder.java org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java org/apache/river/imp/util/

Author: peter_firmstone
Date: Tue Jul 20 10:57:01 2010
New Revision: 965797

URL: http://svn.apache.org/viewvc?rev=965797&view=rev
Log:
Minor changes to ProtectionDomainGrant to handle new ProtectionDomain's create with a DomainCombiner, eg javax.security.auth.SubjectDomainCombiner

Modified:
    incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java
    incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java
    incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java
    incubator/river/jtsk/trunk/src/org/apache/river/imp/util/   (props changed)

Modified: incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java?rev=965797&r1=965796&r2=965797&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java (original)
+++ incubator/river/jtsk/trunk/src/net/jini/discovery/DiscoveryEvent.java Tue Jul 20 10:57:01 2010
@@ -20,7 +20,6 @@ package net.jini.discovery;
 import net.jini.lookup.StreamServiceRegistrarFacade;
 import net.jini.lookup.ServiceRegistrarFacade;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.EventObject;
 import java.util.Map;
 import net.jini.core.lookup.PortableServiceRegistrar;
@@ -164,7 +163,7 @@ public class DiscoveryEvent extends Even
      * @return the set of registrars to which this event applies.
      */
     public PortableServiceRegistrar[] getPRegistrars() {
-        return Arrays.copyOf(regs, regs.length);      
+        return regs.clone();      
     }
     
     /**

Modified: incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java?rev=965797&r1=965796&r2=965797&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java Tue Jul 20 10:57:01 2010
@@ -37,11 +37,31 @@ import java.security.cert.Certificate;
 public interface PermissionGrantBuilder {
    
     /**
-     * Implied Context of Grant
+     * The PermissionGrant generated will apply to all classes loaded by
+     * the ClassLoader
      */ 
     public static final int CLASSLOADER = 0;
+    /**
+     * The PermissionGrant generated will apply to all classes loaded from
+     * the CodeSource.
+     */
     public static final int CODESOURCE = 1;
+    /**
+     * The PermissionGrant generated will apply to all classes belonging to
+     * the ProtectionDomain.  This is actually a simplification for the 
+     * programmer the PermissionGrant will apply to the CodeSource and the
+     * ClassLoader combination, the reason for this is the DomainCombiner may
+     * create new instances of ProtectionDomain's from those that exist on
+     * the stack.
+     * @see java.security.AccessControlContext
+     * @see java.security.DomainCombiner
+     * @see javax.security.auth.SubjectDomainCombiner
+     */
     public static final int PROTECTIONDOMAIN = 2;
+    /**
+     * The PermissionGrant generated will apply to all classes loaded from
+     * CodeSource's that have at a minimum the defined array Certificate[]
+     */
     public static final int CODESOURCE_CERTS = 3;
     
     /**

Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java?rev=965797&r1=965796&r2=965797&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/ProtectionDomainGrant.java Tue Jul 20 10:57:01 2010
@@ -79,7 +79,8 @@ class ProtectionDomainGrant extends Prin
     /*
      * Checks if passed ProtectionDomain matches this PolicyEntry. Null ProtectionDomain of
      * PolicyEntry implies any ProtectionDomain; non-null ProtectionDomain's are
-     * compared with equals();
+     * compared with equals() and if false are compared by ClassLoader and
+     * CodeSource, in case of PermissionDomain's created by a DomainCombiner
      */   
     // for grant
     public boolean impliesProtectionDomain(ProtectionDomain pd) {
@@ -87,17 +88,24 @@ class ProtectionDomainGrant extends Prin
         if (hasDomain == false) return true;
         if (pd == null) return false;       
         if (domain.get() == null ) return false; // hasDomain already true
-        return pd.equals(domain.get()); // pd not null
+        if ( pd.equals(domain.get())) return true; // pd not null fast reference comparison
+        if ( impliesClassLoader(pd.getClassLoader()) && impliesCodeSource(pd.getCodeSource()))
+        {
+            return true;
+        }
+        return false;
     }
 
-    // This is only here for revoke.
+    // This is here for revoke and for new ProtectionDomain's created by the
+    // DomainCombiner such as those in the SubjectDomainCombiner.
     protected boolean impliesClassLoader(ClassLoader cl) {
         if (hasDomain == false) return true;
         if (cl == null) return false;       
         if (domain.get() == null ) return false; // hasDomain already true
         return domain.get().getClassLoader().equals(cl); // pd not null
     }
-    // This is only here for revoke.
+    // This is here for revoke and for new ProtectionDomain's created by the
+    // DomainCombiner such as those in the SubjectDomainCombiner.
     protected boolean impliesCodeSource(CodeSource codeSource) {
         ProtectionDomain pd = domain.get();
         if (pd == null) return true;

Propchange: incubator/river/jtsk/trunk/src/org/apache/river/imp/util/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Tue Jul 20 10:57:01 2010
@@ -0,0 +1,3 @@
+RunnableManager.java
+RunnableDep.java
+RunnableDepHelper.java