You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@avalon.apache.org by ni...@apache.org on 2004/02/23 14:00:32 UTC
cvs commit: avalon/merlin/platform/xdocs/meta/block/classloader/grant certificates.xml pkcs7.xml x509.xml index.xml permission.xml
niclas 2004/02/23 05:00:32
Modified: merlin INSTALL.TXT
merlin/activation/impl/src/java/org/apache/avalon/activation/impl
ApplianceInvocationHandler.java
DefaultRuntimeFactory.java
merlin/composition/api/src/java/org/apache/avalon/composition/data
GrantDirective.java
merlin/composition/api/src/java/org/apache/avalon/composition/model
ClassLoaderModel.java
merlin/composition/impl/src/java/org/apache/avalon/composition/data/builder
XMLContainmentProfileCreator.java
merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl
DefaultClassLoaderModel.java
DefaultContainmentModel.java
StandardModelFactory.java
merlin/platform/xdocs/meta/block/classloader/grant index.xml
permission.xml
Added: merlin/activation/impl/src/test/conf secure.xml
security.policy
merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test
CodeSecurityDisabledTestCase.java
CodeSecurityEnabledTestCase.java
merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/components
AnotherTestComponent.java AnotherTestService.java
TestComponent.java TestService.java
merlin/composition/api/src/java/org/apache/avalon/composition/data
CertsDirective.java PKCS7Directive.java
X509Directive.java
merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl
CodeSecurityPolicy.java
merlin/platform/xdocs/meta/block/classloader/grant
certificates.xml pkcs7.xml x509.xml
Removed: merlin/activation/csi .cvsignore build.xml maven.xml
project.properties project.xml
merlin/activation/csi/src/java/org/apache/avalon/activation/csi
AbstractLifestyleManager.java Resources.properties
SecureAbstractAppliance.java SecureAppliance.java
SecureBlock.java SecureComponentFactory.java
SecureInvocationHandler.java
SecureLifestyleFactory.java SecureRuntime.java
SecureRuntimeFactory.java SecureServiceManager.java
SingletonLifestyleManager.java
ThreadLifestyleManager.java
TransientLifestyleManager.java package.html
merlin/activation/csi/src/test/conf logging.xml
playground.xml secure.xml security.policy
merlin/activation/csi/src/test/org/apache/avalon/activation/csi
AbstractTestCase.java PlaygroundTestCase.java
SystemContextBuilder.java
merlin/activation/csi/src/test/org/apache/avalon/activation/csi/grant
CodeSecurityDisabledTestCase.java
CodeSecurityEnabledTestCase.java
merlin/activation/csi/src/test/org/apache/avalon/activation/csi/grant/components
AnotherTestComponent.java AnotherTestService.java
TestComponent.java TestService.java
merlin/activation/csi/src/test/org/apache/avalon/playground
ComplexComponent.java ComplexComponent.xinfo
ComplexService.java DemoManager.java
DemoManager.xinfo Demonstratable.java
Exploitable.java ExploitationManager.java
ExploitationManager.xinfo InvalidComponent.java
InvalidComponent.xinfo NullService.java
SimpleComponent.java SimpleComponent.xconfig
SimpleComponent.xinfo SimpleService.java
TerminalComponent.java TerminalComponent.xinfo
package.html
merlin/activation/csi/src/test/org/apache/avalon/playground/basic
BasicComponent.java BasicComponent.xconfig
BasicComponent.xinfo BasicComponent.xprofile
BasicContext.java BasicContextImp.java
BasicService.java BasicService.xservice
Log:
Taking away the CSI, and making security integral with the composition.
Revision Changes Path
1.14 +99 -99 avalon/merlin/INSTALL.TXT
Index: INSTALL.TXT
===================================================================
RCS file: /home/cvs/avalon/merlin/INSTALL.TXT,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- INSTALL.TXT 20 Feb 2004 03:57:10 -0000 1.13
+++ INSTALL.TXT 23 Feb 2004 13:00:27 -0000 1.14
@@ -1,99 +1,99 @@
-
-PROJECT: Merlin @VERSION@
-====================================================================
-
-DESCRIPTION:
-------------
-
-This directory contains the merlin system installation and related
-resources.
-
- /merlin
- /bin
- /config
- /system
- README.TXT
- LICENSE.TXT
- INSTALL.TXT
- /plugins
- @META_PLUGIN_JAR@
- @MERLIN_PLUGIN_JAR@
-
-
-Installing Merlin.
-------------------
-
-To use Merlin command line support or the Merlin NT Service
-you will need to define the MERLIN_HOME environment
-variable for your system and include MERLIN_HOME/bin in
-your system path. The MERLIN_HOME environment variable
-should point to the merlin directory.
-
-Under Windows you can set environment variables by selecting the
-Environment Tab from the System Control Panel.
-
-Under Lunix you can do this as follows:
-
- $ echo '
- > # set location of merlin
- > export MERLIN_HOME=/opt/merlin
- > # include it in the path
- > export PATH=$PATH:$MERLIN_HOME/bin
- > ' >> ~/.bash_profile
- $ source ~/.bash_profile
-
-Versions of Merlin prior to the 3.2-dev 20031210 build maintained
-a local repository of jar files under the %MERLIN_HOME%/repository
-directory. As of the 20031210 build the repository is maintained
-under AVALON_HOME which defaults to ${user.home}/.avalon. To
-override this behaviour you can either define a AVALON_HOME
-environment variable or you can add a merlin.properties file to
-${user.home} containing the "merlin.repository" property key and
-a value point to you preferred repository location.
-
-To confirm that your environment variables are correct, you
-should open a new command window and invoke the Merlin
-CLI application.
-
-Under DOS:
-
- $ merlin -version
-
-Under Lunix:
-
- $ merlin.sh -version
-
-The installation of Merlin is now complete, however, two plugins are
-provided with the installation supporting merlin development under the
-Maven platform. These plugins should be placed in the Maven plugin
-directory (${maven.home.local}\plugins).
-
- [YOUR-MAVEN-HOME]\plugins\@META_PLUGIN_JAR@
- [YOUR-MAVEN-HOME]\plugins\@MERLIN_PLUGIN_JAR@
-
-Please note that if you are upgrading an existing installation you must
-delete the following two directories:
-
- [YOUR-MAVEN-HOME]\plugins\avalon-meta-plugin-*
- [YOUR-MAVEN-HOME]\plugins\merlin-plugin-*
-
-Replace the existing avalon-meta and merlin plugin jar files with the supplied
-versions. Finally, delete all *.cache files in the Maven plugin directory.
-
-You now have everything in place to start using the Merlin Tutorial or
-building you own components. If you have any problems, please subscribe
-and post a message to users@avalon.apache.org.
-
-Special Note for JRE 1.3 and earlier.
--------------------------------------
-
-Some applications assume that XML parsing classes are available withing
-the JRE. This is not the case with JDK 1.3 and earlier. To resolve this
-you can copy the following files to the JAVAHOME/lib/ext directory or
-declare an alternative directory as a JVM argument under the
-MERLIN_JVM_OPTS environment variable, i.e. -Djava.ext.dir=someDirectory
-
- system/xml-apis/jars/xml-apis-2.0.2.jar
- system/xml-apis/jars/xmlParserAPIs-2.0.2.jar
- system/xerces/jars/xerces-2.4.0.jar
-
+
+PROJECT: Merlin @VERSION@
+====================================================================
+
+DESCRIPTION:
+------------
+
+This directory contains the merlin system installation and related
+resources.
+
+ /merlin
+ /bin
+ /config
+ /system
+ README.TXT
+ LICENSE.TXT
+ INSTALL.TXT
+ /plugins
+ @META_PLUGIN_JAR@
+ @MERLIN_PLUGIN_JAR@
+
+
+Installing Merlin.
+------------------
+
+To use Merlin command line support or the Merlin NT Service
+you will need to define the MERLIN_HOME environment
+variable for your system and include MERLIN_HOME/bin in
+your system path. The MERLIN_HOME environment variable
+should point to the merlin directory.
+
+Under Windows you can set environment variables by selecting the
+Environment Tab from the System Control Panel.
+
+Under Lunix you can do this as follows:
+
+ $ echo '
+ > # set location of merlin
+ > export MERLIN_HOME=/opt/merlin
+ > # include it in the path
+ > export PATH=$PATH:$MERLIN_HOME/bin
+ > ' >> ~/.bash_profile
+ $ source ~/.bash_profile
+
+Versions of Merlin prior to the 3.2-dev 20031210 build maintained
+a local repository of jar files under the %MERLIN_HOME%/repository
+directory. As of the 20031210 build the repository is maintained
+under AVALON_HOME which defaults to ${user.home}/.avalon. To
+override this behaviour you can either define a AVALON_HOME
+environment variable or you can add a merlin.properties file to
+${user.home} containing the "merlin.repository" property key and
+a value point to you preferred repository location.
+
+To confirm that your environment variables are correct, you
+should open a new command window and invoke the Merlin
+CLI application.
+
+Under DOS:
+
+ $ merlin -version
+
+Under Lunix:
+
+ $ merlin.sh -version
+
+The installation of Merlin is now complete, however, two plugins are
+provided with the installation supporting merlin development under the
+Maven platform. These plugins should be placed in the Maven plugin
+directory (${maven.home.local}\plugins).
+
+ [YOUR-MAVEN-HOME]\plugins\@META_PLUGIN_JAR@
+ [YOUR-MAVEN-HOME]\plugins\@MERLIN_PLUGIN_JAR@
+
+Please note that if you are upgrading an existing installation you must
+delete the following two directories:
+
+ [YOUR-MAVEN-HOME]\plugins\avalon-meta-plugin-*
+ [YOUR-MAVEN-HOME]\plugins\merlin-plugin-*
+
+Replace the existing avalon-meta and merlin plugin jar files with the supplied
+versions. Finally, delete all *.cache files in the Maven plugin directory.
+
+You now have everything in place to start using the Merlin Tutorial or
+building you own components. If you have any problems, please subscribe
+and post a message to users@avalon.apache.org.
+
+Special Note for JRE 1.3 and earlier.
+-------------------------------------
+
+Some applications assume that XML parsing classes are available withing
+the JRE. This is not the case with JDK 1.3 and earlier. To resolve this
+you can copy the following files to the JAVAHOME/lib/ext directory or
+declare an alternative directory as a JVM argument under the
+MERLIN_JVM_OPTS environment variable, i.e. -Djava.ext.dir=someDirectory
+
+ system/xml-apis/jars/xml-apis-2.0.2.jar
+ system/xml-apis/jars/xmlParserAPIs-2.0.2.jar
+ system/xerces/jars/xerces-2.4.0.jar
+
1.4 +3 -10 avalon/merlin/activation/impl/src/java/org/apache/avalon/activation/impl/ApplianceInvocationHandler.java
Index: ApplianceInvocationHandler.java
===================================================================
RCS file: /home/cvs/avalon/merlin/activation/impl/src/java/org/apache/avalon/activation/impl/ApplianceInvocationHandler.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- ApplianceInvocationHandler.java 14 Feb 2004 21:33:55 -0000 1.3
+++ ApplianceInvocationHandler.java 23 Feb 2004 13:00:31 -0000 1.4
@@ -102,7 +102,8 @@
try
{
- return secureInvocation( method, args );
+ Object instance = getInstance();
+ return method.invoke( instance, args );
}
catch( Throwable e )
{
@@ -151,14 +152,6 @@
return m_instance;
}
- private Object secureInvocation(
- final Method method, final Object[] args )
- throws Exception
- {
- Object instance = getInstance();
- return method.invoke( instance, args );
- }
-
private Throwable handleInvocationThrowable( Throwable e )
{
final String error =
1.2 +4 -3 avalon/merlin/activation/impl/src/java/org/apache/avalon/activation/impl/DefaultRuntimeFactory.java
Index: DefaultRuntimeFactory.java
===================================================================
RCS file: /home/cvs/avalon/merlin/activation/impl/src/java/org/apache/avalon/activation/impl/DefaultRuntimeFactory.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- DefaultRuntimeFactory.java 10 Feb 2004 16:19:15 -0000 1.1
+++ DefaultRuntimeFactory.java 23 Feb 2004 13:00:31 -0000 1.2
@@ -91,7 +91,8 @@
{
Appliance runtime = getRegisteredRuntime( model );
- if( null != runtime ) return runtime;
+ if( null != runtime )
+ return runtime;
//
// create the runtime
@@ -168,4 +169,4 @@
String name = model.getQualifiedName();
m_map.put( name, runtime );
}
-}
\ No newline at end of file
+}
1.6 +3 -6 avalon/merlin/activation/impl/src/test/conf/secure.xml
1.3 +0 -0 avalon/merlin/activation/impl/src/test/conf/security.policy
1.1 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/CodeSecurityDisabledTestCase.java
Index: CodeSecurityDisabledTestCase.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.activation.impl.test;
import org.apache.avalon.composition.model.DeploymentModel;
import org.apache.avalon.util.exception.ExceptionHelper;
import org.apache.avalon.framework.activity.Disposable;
import org.apache.avalon.activation.csi.grant.components.TestService;
public class CodeSecurityDisabledTestCase extends AbstractTestCase
{
//-------------------------------------------------------
// constructor
//-------------------------------------------------------
public CodeSecurityDisabledTestCase( )
{
this( "secure" );
}
public CodeSecurityDisabledTestCase( String name )
{
super( name, false );
}
//-------------------------------------------------------
// setup
//-------------------------------------------------------
DeploymentModel m_test;
//-------------------------------------------------------
// setup
//-------------------------------------------------------
/**
* Setup the model using a source balock in the conf
* directory.
* @exception Exception if things don't work out
*/
public void setUp() throws Exception
{
super.setUp( "secure.xml" );
m_model.assemble();
m_model.commission();
m_test = m_model.getModel( "/Component1/test" );
}
public void tearDown()
{
m_model.decommission();
}
private TestService getTestService() throws Exception
{
return (TestService) m_test.resolve();
}
private void releaseTestService( TestService service )
{
m_test.release( service );
}
//-------------------------------------------------------
// test
//-------------------------------------------------------
/**
* Create, assembly, deploy and decommission the block
* defined by getPath().
*/
public void testCodeSecurity() throws Exception
{
TestService test = getTestService();
try
{
test.createDirectory();
}
catch( Throwable e )
{
releaseTestService( test );
final String error = "CodeSecurityTest primary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
try
{
test.deleteDirectory();
}
catch( Throwable e )
{
releaseTestService( test );
final String error = "CodeSecurityTest secondary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
try
{
String ver = test.getJavaVersion();
}
catch( Throwable e )
{
releaseTestService( test );
final String error = "CodeSecurityTest secondary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
try
{
test.setJavaVersion( "1.0.2" );
}
catch( Throwable e )
{
releaseTestService( test );
final String error = "CodeSecurityTest primary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
releaseTestService( test );
}
}
1.1 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/CodeSecurityEnabledTestCase.java
Index: CodeSecurityEnabledTestCase.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.activation.impl.test;
import org.apache.avalon.composition.model.DeploymentModel;
import org.apache.avalon.util.exception.ExceptionHelper;
import org.apache.avalon.framework.activity.Disposable;
public class CodeSecurityEnabledTestCase extends AbstractTestCase
{
//-------------------------------------------------------
// state
//-------------------------------------------------------
private DeploymentModel m_test;
//-------------------------------------------------------
// constructor
//-------------------------------------------------------
public CodeSecurityEnabledTestCase( )
{
this( "secure" );
}
public CodeSecurityEnabledTestCase( String name )
{
super( name, true );
}
//-------------------------------------------------------
// setup
//-------------------------------------------------------
/**
* Setup the model using a source balock in the conf
* directory.
* @exception Exception if things don't work out
*/
public void setUp() throws Exception
{
super.setUp( "secure.xml" );
m_model.commission();
m_test = m_model.getModel( "/Component1/test" );
}
public void tearDown()
{
m_model.decommission();
}
private TestService getTestService() throws Exception
{
return (TestService) m_test.resolve();
}
private void releaseTestService( TestService service )
{
m_test.release( service );
}
//-------------------------------------------------------
// test
//-------------------------------------------------------
/**
* Create, assembly, deploy and decommission the block
* defined by getPath().
*/
public void testInterfaceMethods() throws Exception
{
TestService test = getTestService();
try
{
test.createDirectory();
// TODO::::
// fail( "CodeSecurityTest primary failure: This operation should not be allowed." );
}
catch( SecurityException e )
{
// ignore, expected
}
catch( Throwable e )
{
releaseTestService( test );
final String error = "CodeSecurityTest primary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
try
{
test.deleteDirectory();
// TODO::::
// fail( "CodeSecurityTest secondary failure: This operation should not be allowed." );
}
catch( SecurityException e )
{
// ignore, expected
}
catch( Throwable e )
{
releaseTestService( test );
final String error = "CodeSecurityTest primary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
try
{
// This should succeed since there is a read permission for
// system properties in the security policy.
String ver = test.getJavaVersion();
}
catch( Throwable e )
{
releaseTestService( test );
final String error = "CodeSecurityTest secondary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
try
{
test.setJavaVersion( "1.0.2" );
// TODO::::
// fail( "CodeSecurityTest failure: This operation should not be allowed." );
}
catch( SecurityException e )
{
// ignore, expected
}
catch( Throwable e )
{
releaseTestService( test );
final String error = "CodeSecurityTest primary failure.";
final String message = ExceptionHelper.packException( error, e, true );
getLogger().error( message );
throw new Exception( message );
}
releaseTestService( test );
}
}
1.1 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/components/AnotherTestComponent.java
Index: AnotherTestComponent.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.activation.csi.grant.components;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
/**
* This is a component that can be tested relative a set of
* assigned permissions.
*
* @author <a href="mailto:dev@avalon.apache.org">Avalon Development Team</a>
* @avalon.component name="anothertest" lifestyle="singleton"
* @avalon.service
* type="org.apache.avalon.activation.csi.grant.components.AnotherTestService"
*/
public class AnotherTestComponent extends AbstractLogEnabled
implements AnotherTestService, Serviceable
{
private TestService m_TestService;
/**
* Service from the container.
*
* @avalon.dependency
* type="org.apache.avalon.activation.csi.grant.components.TestService"
* key="TestService"
*/
public void service( ServiceManager man )
throws ServiceException
{
m_TestService = (TestService) man.lookup( "TestService" );
}
public String getJavaVersion()
{
return m_TestService.getJavaVersion();
}
public void setJavaVersion( String newVersion )
{
m_TestService.setJavaVersion( newVersion );
}
}
1.1 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/components/AnotherTestService.java
Index: AnotherTestService.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.activation.csi.grant.components;
import java.io.File;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Context;
/**
* This is a component that can be tested relative a set of
* assigned permissions.
*
* @author <a href="mailto:dev@avalon.apache.org">Avalon Development Team</a>
*/
public interface AnotherTestService
{
/**
* Returns the version of the Java Virtual Machine.
*/
String getJavaVersion();
/**
* Sets the version of the Java Virtual Machine.
*/
void setJavaVersion( String newVer );
}
1.1 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/components/TestComponent.java
Index: TestComponent.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.activation.csi.grant.components;
import java.io.File;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Context;
/**
* This is a component that can be tested relative a set of
* assigned permissions.
*
* @author <a href="mailto:dev@avalon.apache.org">Avalon Development Team</a>
* @avalon.component name="test" lifestyle="singleton"
* @avalon.service type="org.apache.avalon.activation.csi.grant.components.TestService"
*/
public class TestComponent extends AbstractLogEnabled
implements Contextualizable, TestService
{
//----------------------------------------------------------------------
// state
//----------------------------------------------------------------------
private File m_home;
//----------------------------------------------------------------------
// Contextualizable
//----------------------------------------------------------------------
/**
* @avalon.entry type="java.io.File" key="urn:avalon:home"
*/
public void contextualize( Context context ) throws ContextException
{
m_home = (File) context.get( "urn:avalon:home" );
}
//----------------------------------------------------------------------
// TestService
//----------------------------------------------------------------------
/**
* Does something trivial.
*/
public void createDirectory()
{
m_home.mkdirs();
}
/**
* Does something trivial.
*/
public void deleteDirectory()
{
m_home.delete();
}
public String getJavaVersion()
{
return System.getProperty( "java.version" );
}
public void setJavaVersion( String newVer )
{
System.setProperty( "java.version", newVer );
}
}
1.1 avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/components/TestService.java
Index: TestService.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.activation.csi.grant.components;
import java.io.File;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.context.Contextualizable;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Context;
/**
* This is a component that can be tested relative a set of
* assigned permissions.
*
* @author <a href="mailto:dev@avalon.apache.org">Avalon Development Team</a>
*/
public interface TestService
{
/**
* Create a test directory
*/
void createDirectory();
/**
* Delete a test directory
*/
void deleteDirectory();
/**
* Returns the version of the Java Virtual Machine.
**/
String getJavaVersion();
/**
* Sets the version of the Java Virtual Machine.
**/
void setJavaVersion( String newVer );
}
1.3 +27 -5 avalon/merlin/composition/api/src/java/org/apache/avalon/composition/data/GrantDirective.java
Index: GrantDirective.java
===================================================================
RCS file: /home/cvs/avalon/merlin/composition/api/src/java/org/apache/avalon/composition/data/GrantDirective.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- GrantDirective.java 24 Jan 2004 23:25:24 -0000 1.2
+++ GrantDirective.java 23 Feb 2004 13:00:31 -0000 1.3
@@ -27,17 +27,18 @@
*/
public final class GrantDirective implements Serializable
{
- private static final PermissionDirective[] EMPTY_PERMISSIONSETS = new PermissionDirective[0];
-
+ private static final PermissionDirective[] EMPTY_PERMISSIONSETS = new PermissionDirective[0];
+ private static final CertsDirective EMPTY_CERTIFICATE = new CertsDirective();
/**
* The permission directives
*/
private PermissionDirective[] m_permissions;
+ private CertsDirective m_certificates;
public GrantDirective()
{
- this( null );
+ this( null, null );
}
/**
@@ -45,7 +46,10 @@
*
* @param permissions the permissions to be included in the grant
*/
- public GrantDirective( final PermissionDirective[] permissions )
+ public GrantDirective(
+ final PermissionDirective[] permissions,
+ final CertsDirective certs
+ )
{
if( permissions == null )
{
@@ -55,6 +59,14 @@
{
m_permissions = permissions;
}
+ if( certs == null )
+ {
+ m_certificates = EMPTY_CERTIFICATE;
+ }
+ else
+ {
+ m_certificates = certs;
+ }
}
/**
@@ -75,5 +87,15 @@
public PermissionDirective[] getPermissionDirectives()
{
return m_permissions;
+ }
+
+ /**
+ * Return the set of permission directives.
+ *
+ * @return the permission directives
+ */
+ public CertsDirective getCertsDirective()
+ {
+ return m_certificates;
}
}
1.1 avalon/merlin/composition/api/src/java/org/apache/avalon/composition/data/CertsDirective.java
Index: CertsDirective.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.composition.data;
import java.io.Serializable;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
/**
* Description of the Certificates description.
*
* @author <a href="mailto:dev@avalon.apache.org">Avalon Development Team</a>
* @version $Revision: 1.1 $ $Date: 2004/02/23 13:00:31 $
*/
public final class CertsDirective implements Serializable
{
private X509Directive[] m_X509Certs;
private PKCS7Directive[] m_Pkcs7Certs;
CertsDirective()
{
this( null, null );
}
public CertsDirective(
final X509Directive[] x509certs,
final PKCS7Directive[] pkcs7certs
)
{
if( x509certs == null )
m_X509Certs = new X509Directive[0];
else
m_X509Certs = x509certs;
if( pkcs7certs == null )
m_Pkcs7Certs = new PKCS7Directive[0];
else
m_Pkcs7Certs = pkcs7certs;
}
public Certificate[] getCertificates()
{
int size = m_Pkcs7Certs.length + m_X509Certs.length;
Certificate[] result = new Certificate[ size ];
int counter = 0;
for( int i=0 ; i < m_X509Certs.length ; i++ )
{
Certificate[] certs = m_X509Certs[i].getCertificates();
for( int j=0 ; j < certs.length ; j++ )
result[ counter++ ] = certs[j];
}
for( int i=0 ; i < m_Pkcs7Certs.length ; i++ )
{
Certificate[] certs = m_Pkcs7Certs[i].getCertificates();
for( int j=0 ; j < certs.length ; j++ )
result[ counter++ ] = certs[j];
}
return result;
}
}
1.1 avalon/merlin/composition/api/src/java/org/apache/avalon/composition/data/PKCS7Directive.java
Index: PKCS7Directive.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.composition.data;
import java.io.InputStream;
import java.io.IOException;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Collection;
/**
* Description of PKCS#7 Certificate file.
*
* @author <a href="mailto:dev@avalon.apache.org">Avalon Development Team</a>
* @version $Revision: 1.1 $ $Date: 2004/02/23 13:00:31 $
*/
public final class PKCS7Directive implements Serializable
{
private Certificate[] m_certificates;
public PKCS7Directive(
final String href
)
throws IOException, CertificateException, MalformedURLException
{
InputStream in = null;
try
{
URL url = new URL( href );
in = url.openStream();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection certs = cf.generateCertificates(in);
m_certificates = new Certificate[ certs.size() ];
certs.toArray( m_certificates );
} finally
{
if( in != null )
in.close();
}
}
/**
* Return the Certificates.
*
* @return the Certificate array
*/
public Certificate[] getCertificates()
{
return m_certificates;
}
}
1.1 avalon/merlin/composition/api/src/java/org/apache/avalon/composition/data/X509Directive.java
Index: X509Directive.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.composition.data;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.IOException;
import java.io.Serializable;
import java.net.URL;
import java.net.MalformedURLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Collection;
/**
* Description of X.509 Certificate directive.
*
* @author <a href="mailto:dev@avalon.apache.org">Avalon Development Team</a>
* @version $Revision: 1.1 $ $Date: 2004/02/23 13:00:31 $
*/
public final class X509Directive implements Serializable
{
private Certificate[] m_certificates;
public X509Directive(
String href,
String stream
)
throws CertificateException, IOException, MalformedURLException
{
InputStream in = null;
try
{
if( href == null || "".equals( href ) )
{
in = new ByteArrayInputStream( stream.getBytes("UTF-8") );
}
else
{
URL url = new URL( href );
in = url.openStream();
}
CertificateFactory cf = CertificateFactory.getInstance( "X.509" );
Collection certs = cf.generateCertificates(in);
m_certificates = new Certificate[ certs.size() ];
certs.toArray( m_certificates );
} finally
{
if( in != null )
in.close();
}
}
/**
* Return the Certificates.
*
* @return the Certificate array
*/
public Certificate[] getCertificates()
{
return m_certificates;
}
}
1.6 +6 -13 avalon/merlin/composition/api/src/java/org/apache/avalon/composition/model/ClassLoaderModel.java
Index: ClassLoaderModel.java
===================================================================
RCS file: /home/cvs/avalon/merlin/composition/api/src/java/org/apache/avalon/composition/model/ClassLoaderModel.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- ClassLoaderModel.java 10 Feb 2004 16:23:33 -0000 1.5
+++ ClassLoaderModel.java 23 Feb 2004 13:00:31 -0000 1.6
@@ -18,8 +18,7 @@
package org.apache.avalon.composition.model;
import java.net.URL;
-import java.security.Permission;
-import java.security.cert.Certificate;
+import java.security.ProtectionDomain;
import org.apache.avalon.extension.manager.OptionalPackage;
import org.apache.avalon.extension.manager.ExtensionManager;
@@ -94,12 +93,6 @@
*/
ClassLoader getClassLoader();
- /**
- * Returns the Certificates associated with the classes that
- * can be loaded by the classloader.
- **/
- Certificate[] getCertificates();
-
/**
* Creation of a classloader model using this model as the
* relative parent.
@@ -113,14 +106,14 @@
Logger logger, ContainmentProfile profile, URL[] implied ) throws ModelException;
/**
- * Return the security Permissions defined for this ClassLoaderModel.
+ * Return the security ProtectionDomain defined for this ClassLoaderModel.
*
- * These Permissions will be enforced if code level security is enabled
+ * These ProtectionDomains will be enforced if code level security is enabled
* globally. If no Permissions are returned, all the components under
* this container will run without Permissions.
*
- * @return A SecurityPolicy which should be enagaged if codelevel
+ * @return A ProtectionDomain array which should be enagaged if codelevel
* security is enabled for the Classloader.
**/
- Permission[] getSecurityPermissions();
+ ProtectionDomain[] getProtectionDomains();
}
1.9 +52 -2 avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/data/builder/XMLContainmentProfileCreator.java
Index: XMLContainmentProfileCreator.java
===================================================================
RCS file: /home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/data/builder/XMLContainmentProfileCreator.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- XMLContainmentProfileCreator.java 21 Feb 2004 13:27:03 -0000 1.8
+++ XMLContainmentProfileCreator.java 23 Feb 2004 13:00:31 -0000 1.9
@@ -17,6 +17,9 @@
package org.apache.avalon.composition.data.builder;
+import java.io.IOException;
+import java.security.Policy;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import org.apache.avalon.logging.data.CategoriesDirective;
@@ -24,6 +27,7 @@
import org.apache.avalon.composition.data.BlockCompositionDirective;
import org.apache.avalon.composition.data.BlockIncludeDirective;
+import org.apache.avalon.composition.data.CertsDirective;
import org.apache.avalon.composition.data.ClassLoaderDirective;
import org.apache.avalon.composition.data.ClasspathDirective;
import org.apache.avalon.composition.data.ContainmentProfile;
@@ -35,11 +39,13 @@
import org.apache.avalon.composition.data.MetaDataException;
import org.apache.avalon.composition.data.NamedComponentProfile;
import org.apache.avalon.composition.data.PermissionDirective;
+import org.apache.avalon.composition.data.PKCS7Directive;
import org.apache.avalon.composition.data.RepositoryDirective;
import org.apache.avalon.composition.data.ResourceDirective;
import org.apache.avalon.composition.data.ServiceDirective;
import org.apache.avalon.composition.data.Targets;
import org.apache.avalon.composition.data.TargetDirective;
+import org.apache.avalon.composition.data.X509Directive;
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.meta.info.ServiceDescriptor;
@@ -170,7 +176,51 @@
}
PermissionDirective[] pd = new PermissionDirective[ result.size() ];
result.toArray( pd );
- return new GrantDirective( pd );
+
+
+ Configuration certChild = config.getChild( "certificates" );
+ CertsDirective certs = createCertsDirective( certChild );
+ return new GrantDirective( pd, certs );
+ }
+
+ private CertsDirective createCertsDirective( Configuration conf )
+ throws ConfigurationException
+ {
+ Configuration[] x509conf = conf.getChildren( "x509" );
+ X509Directive[] x509 = new X509Directive[ x509conf.length ];
+ for( int i=0 ; i < x509conf.length ; i++ )
+ {
+ String href = x509conf[i].getAttribute( "href", "" );
+ String data = x509conf[i].getValue();
+ try
+ {
+ x509[i] = new X509Directive( href, data );
+ } catch( CertificateException e )
+ {
+ throw new ConfigurationException( "Invalid Certificate in " + x509conf[i], e );
+ } catch( IOException e )
+ {
+ throw new ConfigurationException( "Can't access: " + href, e );
+ }
+ }
+
+ Configuration[] pkcs7conf = conf.getChildren( "pkcs7" );
+ PKCS7Directive[] pkcs7 = new PKCS7Directive[ pkcs7conf.length ];
+ for( int i=0 ; i < pkcs7conf.length ; i++ )
+ {
+ String href = pkcs7conf[i].getAttribute( "href" );
+ try
+ {
+ pkcs7[i] = new PKCS7Directive( href );
+ } catch( CertificateException e )
+ {
+ throw new ConfigurationException( "Invalid Certificate in " + pkcs7conf[i], e );
+ } catch( IOException e )
+ {
+ throw new ConfigurationException( "Can't access: " + href, e );
+ }
+ }
+ return new CertsDirective( x509, pkcs7 );
}
private PermissionDirective createPermissionDirective( Configuration config )
1.10 +39 -28 avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultClassLoaderModel.java
Index: DefaultClassLoaderModel.java
===================================================================
RCS file: /home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultClassLoaderModel.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- DefaultClassLoaderModel.java 10 Feb 2004 16:23:33 -0000 1.9
+++ DefaultClassLoaderModel.java 23 Feb 2004 13:00:31 -0000 1.10
@@ -19,15 +19,22 @@
import java.io.File;
import java.io.IOException;
+
import java.util.ArrayList;
import java.util.List;
import java.util.jar.Manifest;
+
import java.net.JarURLConnection;
import java.net.URL;
import java.net.URLClassLoader;
-import java.security.Permission;
+
+import java.security.CodeSource;
+import java.security.Permissions;
+import java.security.ProtectionDomain;
+
import java.security.cert.Certificate;
+import org.apache.avalon.composition.data.CertsDirective;
import org.apache.avalon.composition.data.ContainmentProfile;
import org.apache.avalon.composition.data.ClassLoaderDirective;
import org.apache.avalon.composition.data.FilesetDirective;
@@ -36,11 +43,14 @@
import org.apache.avalon.composition.data.PermissionDirective;
import org.apache.avalon.composition.data.RepositoryDirective;
import org.apache.avalon.composition.data.ResourceDirective;
+
import org.apache.avalon.composition.model.ClassLoaderModel;
import org.apache.avalon.composition.model.TypeRepository;
import org.apache.avalon.composition.model.ServiceRepository;
import org.apache.avalon.composition.model.ModelException;
+
import org.apache.avalon.composition.provider.ClassLoaderContext;
+
import org.apache.avalon.composition.util.StringHelper;
import org.apache.avalon.repository.Artifact;
@@ -120,7 +130,7 @@
private final URLClassLoader m_classLoader;
- private Permission[] m_permissions;
+ private ProtectionDomain[] m_protectionDomains;
private final DefaultTypeRepository m_types;
@@ -184,7 +194,7 @@
m_manager = new PackageManager( m_extension );
m_classpath = createClassPath( base, repository, directive, implicit );
- m_permissions = createPermissions( directive.getGrantDirective() );
+
if( getLocalLogger().isDebugEnabled() )
{
String str = "classpath: "
@@ -197,6 +207,7 @@
m_urls = buildQualifiedClassPath();
m_classLoader =
new URLClassLoader( m_urls, context.getClassLoader() );
+ m_protectionDomains = createProtectionDomains( directive.getGrantDirective() );
//
// scan the classpath for component type and service
@@ -340,28 +351,18 @@
}
/**
- * Returns the Certificates associated with the classes that
- * can be loaded by the classloader.
- **/
- public Certificate[] getCertificates()
- {
- // TODO: We currently don't support Certificates.
- return null;
- }
-
- /**
- * Return the security Permissions defined for this ClassLoaderModel.
+ * Return the security ProtectionDomains defined for this ClassLoaderModel.
*
- * These Permissions will be enforced if code level security is enabled
- * globally. If no Permissions are returned, all the components under
+ * These ProtectionDomains will be enforced if code level security is enabled
+ * globally. If no ProtectionDomain are returned, all the components under
* this container will run without Permissions.
*
- * @return A SecurityPolicy which should be enagaged if codelevel
+ * @return A ProtectionDomain which should be enagaged if codelevel
* security is enabled for the Classloader.
**/
- public Permission[] getSecurityPermissions()
+ public ProtectionDomain[] getProtectionDomains()
{
- return m_permissions;
+ return m_protectionDomains;
}
//==============================================================
@@ -496,15 +497,25 @@
return (String[]) classpath.toArray( new String[0] );
}
- private Permission[] createPermissions( GrantDirective directive )
+ private ProtectionDomain[] createProtectionDomains( GrantDirective directive )
{
- PermissionDirective[] permissions = directive.getPermissionDirectives();
- Permission[] result = new Permission[ permissions.length ];
- for( int i=0 ; i < permissions.length ; i++ )
- {
- result[i] = permissions[i].getPermission();
- }
- return result;
+ Permissions permissions = new Permissions();
+ PermissionDirective[] permDirectives = directive.getPermissionDirectives();
+ for( int i=0 ; i < permDirectives.length ; i++ )
+ {
+ permissions.add( permDirectives[i].getPermission() );
+ }
+
+ CertsDirective certsDirective = directive.getCertsDirective();
+ Certificate[] allCerts = certsDirective.getCertificates();
+
+ ProtectionDomain[] pd = new ProtectionDomain[ m_urls.length ];
+ for( int i=0 ; i < m_urls.length ; i++ )
+ {
+ CodeSource cs = new CodeSource( m_urls[i], allCerts );
+ pd[i] = new ProtectionDomain( cs, permissions );
+ }
+ return pd;
}
/**
1.35 +3 -3 avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultContainmentModel.java
Index: DefaultContainmentModel.java
===================================================================
RCS file: /home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultContainmentModel.java,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- DefaultContainmentModel.java 21 Feb 2004 23:54:42 -0000 1.34
+++ DefaultContainmentModel.java 23 Feb 2004 13:00:31 -0000 1.35
@@ -49,7 +49,6 @@
import org.apache.avalon.composition.model.AssemblyException;
import org.apache.avalon.composition.model.ClassLoaderModel;
import org.apache.avalon.composition.model.ContainmentModel;
-import org.apache.avalon.composition.model.ContextModel;
import org.apache.avalon.composition.model.DependencyModel;
import org.apache.avalon.composition.model.DependencyGraph;
import org.apache.avalon.composition.model.ComponentModel;
@@ -875,7 +874,8 @@
private DeploymentModel addModel(
String name, DeploymentModel model )
{
- if( model.equals( this ) ) return model;
+ if( model.equals( this ) )
+ return model;
ModelRepository repository = m_context.getModelRepository();
synchronized( repository )
{
1.3 +11 -2 avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/StandardModelFactory.java
Index: StandardModelFactory.java
===================================================================
RCS file: /home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/StandardModelFactory.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- StandardModelFactory.java 14 Feb 2004 21:33:56 -0000 1.2
+++ StandardModelFactory.java 23 Feb 2004 13:00:31 -0000 1.3
@@ -21,6 +21,7 @@
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
+import java.security.Policy;
import org.apache.avalon.composition.data.ComponentProfile;
import org.apache.avalon.composition.data.ContainmentProfile;
@@ -180,7 +181,15 @@
{
ContainmentContext context =
createRootContainmentContext( profile );
- return createContainmentModel( context );
+ ContainmentModel model = createContainmentModel( context );
+
+ if( model.isSecureExecutionEnabled() )
+ {
+ CodeSecurityPolicy policy =
+ new CodeSecurityPolicy( model );
+ Policy.setPolicy( policy );
+ }
+ return model;
}
catch( Throwable e )
{
1.1 avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/CodeSecurityPolicy.java
Index: CodeSecurityPolicy.java
===================================================================
/*
* Copyright 2004 Apache Software Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied.
*
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.avalon.composition.model.impl;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.HashMap;
import org.apache.avalon.composition.model.ClassLoaderModel;
import org.apache.avalon.composition.model.ContainmentModel;
import org.apache.avalon.composition.model.DeploymentModel;
public class CodeSecurityPolicy extends Policy
{
private HashMap m_permissions;
private ContainmentModel m_model;
public CodeSecurityPolicy( ContainmentModel model )
{
m_model = model;
refresh();
}
public PermissionCollection getPermissions( CodeSource cs )
{
return (PermissionCollection) m_permissions.get( cs );
}
public void refresh()
{
m_permissions = new HashMap();
refresh( m_model );
}
public void refresh( ContainmentModel model )
{
ClassLoaderModel clModel = model.getClassLoaderModel();
updatePermissions( clModel );
DeploymentModel[] m = model.getModels();
for( int i=0 ; i < m.length ; i++ )
{
if( m[i] instanceof ContainmentModel )
{
ContainmentModel child = (ContainmentModel) m[i];
refresh( child );
}
}
}
private void updatePermissions( ClassLoaderModel clModel )
{
ProtectionDomain[] pd = clModel.getProtectionDomains();
for( int i=0 ; i < pd.length ; i++ )
{
CodeSource cs = pd[i].getCodeSource();
PermissionCollection perm = pd[i].getPermissions();
m_permissions.put( cs, perm );
}
}
}
1.3 +8 -0 avalon/merlin/platform/xdocs/meta/block/classloader/grant/index.xml
Index: index.xml
===================================================================
RCS file: /home/cvs/avalon/merlin/platform/xdocs/meta/block/classloader/grant/index.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- index.xml 25 Jan 2004 13:28:48 -0000 1.2
+++ index.xml 23 Feb 2004 13:00:31 -0000 1.3
@@ -39,6 +39,14 @@
The permission descriptor.
</td>
</tr>
+ <tr>
+ <td><a href="certificates.html">certificates</a></td><td>0..1</td>
+ <td>
+ The certificates descriptor. In this nested element, one can list
+ the certificates required for the code sources. Either X.509 or
+ PKCS#7 certificates.
+ </td>
+ </tr>
</table>
</subsection>
1.3 +2 -1 avalon/merlin/platform/xdocs/meta/block/classloader/grant/permission.xml
Index: permission.xml
===================================================================
RCS file: /home/cvs/avalon/merlin/platform/xdocs/meta/block/classloader/grant/permission.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- permission.xml 25 Jan 2004 13:28:48 -0000 1.2
+++ permission.xml 23 Feb 2004 13:00:31 -0000 1.3
@@ -20,9 +20,10 @@
<document>
<header>
- <title>Include Directive</title>
+ <title>Permission Directive</title>
<authors>
<person name="Stephen McConnell" email="mcconnell@apache.org"/>
+ <person name="Niclas Hedhman" email="niclas@hedhman.org"/>
</authors>
</header>
1.1 avalon/merlin/platform/xdocs/meta/block/classloader/grant/certificates.xml
Index: certificates.xml
===================================================================
<?xml version="1.0"?>
<!--
Copyright 2004 Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<document>
<header>
<title>Certificates Directive</title>
<authors>
<person name="Stephen McConnell" email="mcconnell@apache.org"/>
<person name="Niclas Hedhman" email="niclas@hedhman.org"/>
</authors>
</header>
<body>
<section name="Certificates Directive">
<subsection name="Nested Elements">
<table>
<tr><th>Element</th><th>Occurance</th><th>Description</th></tr>
<tr>
<td><a href="x509.html">x509</a></td><td>0..n</td>
<td>
The descriptor for X.509 certificate. One element is required
for each certificate.
</td>
</tr>
<tr>
<td><a href="pkcs7.html">pkcs7</a></td><td>0..n</td>
<td>
The action descriptor.
</td>
</tr>
</table>
</subsection>
<subsection name="Description">
<p>
A resource directive is a logical reference to a jar file within the enclosing repository. A repository implementation is responsible for the mapping of logical directives to physical jar URL.
</p>
</subsection>
<subsection name="Example XML">
<p>
The following example block.xml demonstrates the inclusion of three blocks within another enclosing block. In this example, the common shared API (containing service interfaces classes is declared in the containing block classloader).
</p>
<source><![CDATA[
<classloader>
<classpath>
<repository>
<resource id="james:mail" version="1.3"/>
<resource id="james:activation" version="1.0"/>
<resource id="james:mailet-api" version="1.0"/>
</repository>
</classpath>
<grant>
<permission class="java.lang.RuntimePermission" name="getClassLoader" />
<permission class="java.util.PropertyPermission" name="java.*" >
<action>read</action>
</permission>
<permission class="java.util.PropertyPermission" name="org.apache.*" >
<action>read</action>
<action>write</action>
</permission>
</grant>
<!-- include blocks here -->
<include name="james" id="james:block" type="xml"/>
</classloader>
]]></source>
</subsection>
</section>
</body>
</document>
1.1 avalon/merlin/platform/xdocs/meta/block/classloader/grant/pkcs7.xml
Index: pkcs7.xml
===================================================================
<?xml version="1.0"?>
<!--
Copyright 2004 Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<document>
<header>
<title>PKCS7 Directive</title>
<authors>
<person name="Stephen McConnell" email="mcconnell@apache.org"/>
<person name="Niclas Hedhman" email="niclas@hedhman.org"/>
</authors>
</header>
<body>
<section name="PKCS7 Directive">
<subsection name="Attributes">
<table>
<tr><th>Attribute</th><th>Required</th><th>Description</th></tr>
<tr>
<td>href</td><td>yes</td>
<td>
The name of the file containing 0, one or many PKCS#7 encoded
certificates.
</td>
</tr>
</table>
</subsection>
<subsection name="Description">
<p>
Each <pkcs7> element only points to a PKCS#7 encoded file.
The "href" attribute is any valid URL.
</p>
</subsection>
<subsection name="Example XML">
<p>
The following example block.xml demonstrates the inclusion of three blocks within another enclosing block. In this example, the common shared API (containing service interfaces classes is declared in the containing block classloader).
</p>
<source><![CDATA[
<classloader>
<classpath>
<repository>
<resource id="james:mail" version="1.3"/>
<resource id="james:activation" version="1.0"/>
<resource id="james:mailet-api" version="1.0"/>
</repository>
</classpath>
<grant>
<permission class="java.lang.RuntimePermission" name="getClassLoader" />
<permission class="java.util.PropertyPermission" name="java.*" >
<action>read</action>
</permission>
<permission class="java.util.PropertyPermission" name="org.apache.*" >
<action>read</action>
<action>write</action>
</permission>
<certificates>
<pkcs7 href="http://niclas.hedhman.org/certs/signature.cert" />
</certificates>
</grant>
<!-- include blocks here -->
<include name="james" id="james:block" type="xml"/>
</classloader>
]]></source>
</subsection>
</section>
</body>
</document>
1.1 avalon/merlin/platform/xdocs/meta/block/classloader/grant/x509.xml
Index: x509.xml
===================================================================
<?xml version="1.0"?>
<!--
Copyright 2004 Apache Software Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<document>
<header>
<title>X509 Directive</title>
<authors>
<person name="Stephen McConnell" email="mcconnell@apache.org"/>
<person name="Niclas Hedhman" email="niclas@hedhman.org"/>
</authors>
</header>
<body>
<section name="X509 Directive">
<subsection name="Attributes">
<table>
<tr><th>Attribute</th><th>Required</th><th>Description</th></tr>
<tr>
<td>href</td><td>no</td>
<td>
If a href attribute is specified, the certificate is read
from the given URL.
</td>
</tr>
</table>
</subsection>
<subsection name="Description">
<p>
Each <x509> element can either contain the X.509 certificate(s) in the
body of the element OR be referenced by the href attribute. The href
has higher prescedence.
</p>
</subsection>
<subsection name="Example XML">
<p>
The following example block.xml demonstrates the inclusion of three blocks within another enclosing block. In this example, the common shared API (containing service interfaces classes is declared in the containing block classloader).
</p>
<source><![CDATA[
<classloader>
<classpath>
<repository>
<resource id="james:mail" version="1.3"/>
<resource id="james:activation" version="1.0"/>
<resource id="james:mailet-api" version="1.0"/>
</repository>
</classpath>
<grant>
<permission class="java.lang.RuntimePermission" name="getClassLoader" />
<permission class="java.util.PropertyPermission" name="java.*" >
<action>read</action>
</permission>
<permission class="java.util.PropertyPermission" name="org.apache.*" >
<action>read</action>
<action>write</action>
</permission>
<certificates>
<x509 href="http://niclas.hedhman.org/certs/signature.x509" />
</certificates>
</grant>
<!-- include blocks here -->
<include name="james" id="james:block" type="xml"/>
</classloader>
]]></source>
</subsection>
</section>
</body>
</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@avalon.apache.org
For additional commands, e-mail: cvs-help@avalon.apache.org