You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2012/01/13 09:17:16 UTC
svn commit: r1230913 [1/2] - in /river/jtsk/skunk/peterConcurrentPolicy: ./
qa/harness/trust/ qa/src/com/sun/jini/qa/harness/
qa/src/com/sun/jini/test/impl/start/
qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/
src/com/sun/jini/start/ sr...
Author: peter_firmstone
Date: Fri Jan 13 08:17:14 2012
New Revision: 1230913
URL: http://svn.apache.org/viewvc?rev=1230913&view=rev
Log:
River-323.
Refactor package locations for new classes, delete unused classes and code.
Added:
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPermissions.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicy.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicy.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicyFile.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyParser.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyScanner.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyScanner.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Messages.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Messages.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionComparator.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionComparator.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PolicyParser.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyParser.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PolicyUtils.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RemotePolicy.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevocablePolicy.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RevokeableDynamicPolicy.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Segment.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Segment.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/UnresolvedPrincipal.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/UnresolvedPrincipal.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Util.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Util.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/messages.properties
- copied unchanged from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/messages.properties
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/package.html
- copied unchanged from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/package.html
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/RemoteExecutor.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/isolate/RemoteExecutor.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/ConcurrentPermissionsTest.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/ConcurrentPermissionsTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/ConcurrentPolicyFileTest.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/ConcurrentPolicyFileTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/DefaultPolicyParserTest.java
- copied, changed from r1229137, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/DefaultPolicyParserTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PermissionCollectionTest.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/PermissionCollectionTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/Permissions_ImplTest.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/Permissions_ImplTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PolicyEntryTest.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PolicyUtilsTest.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyUtilsTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/SegmentTest.java
- copied, changed from r1222835, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/SegmentTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/policy/
Removed:
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/DynamicPermissionCollection.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/MultiReadPermissionCollection.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionComparator.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolution.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolutionCollection.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionStringEqualityWrapper.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicy.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/isolate/RemoteExecutor.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RemotePolicy.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RevokeableDynamicPolicy.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyScanner.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Messages.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/NullPolicyParser.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyParser.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Segment.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/UnresolvedPrincipal.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Util.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/messages.properties
river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/ConcurrentPermissionsTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/DynamicPermissionCollectionTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/MultiReadPermissionCollectionTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/Permissions_ImplTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/DefaultPolicyParserTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyUtilsTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/SegmentTest.java
Modified:
river/jtsk/skunk/peterConcurrentPolicy/build.xml
river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties
river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java
river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/SharedActivationPolicyPermissionActionsTest.td
river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java
river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/AggregatePolicyProvider.java
river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/LoaderSplitPolicyProvider.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/BasicInvocationDispatcher.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/tcp/TcpServerEndpoint.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/GrantPermission.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/DynamicPolicyProvider.java
river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/DelegatePermission.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CertificateGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceSetGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PrincipalGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ProtectionDomainGrant.java
river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/URIGrant.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/CodeSourceGrantTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PermissionGrantTest.java
river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PrincipalGrantTest.java
Modified: river/jtsk/skunk/peterConcurrentPolicy/build.xml
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/build.xml?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/build.xml (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/build.xml Fri Jan 13 08:17:14 2012
@@ -915,7 +915,7 @@
<arg value="-files"/>
<arg value="net.jini.security.policy.DynamicPolicyProvider"/>
<arg value="net.jini.security.policy.PolicyFileProvider"/>
- <arg value="net.jini.security.policy.ConcurrentPolicyFile"/>
+ <arg value="org.apache.river.api.security.ConcurrentPolicyFile"/>
<arg line="-in com.sun.jini"/>
<arg line="-in net.jini"/>
<arg line="-in org.apache.river"/>
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties Fri Jan 13 08:17:14 2012
@@ -6,5 +6,5 @@ policy.provider=net.jini.security.policy
#net.jini.security.policy.PolicyFileProvider.basePolicyClass=com.sun.jini.qa.harness.MergedPolicyProvider
net.jini.security.policy.DynamicPolicyProvider.basePolicyClass=com.sun.jini.qa.harness.MergedPolicyProvider
#net.jini.security.policy.DynamicPolicyProvider.basePolicyClass=net.jini.security.policy.PolicyFileProvider
-net.jini.security.policy.PolicyFileProvider.basePolicyClass=net.jini.security.policy.ConcurrentPolicyFile
+net.jini.security.policy.PolicyFileProvider.basePolicyClass=org.apache.river.api.security.ConcurrentPolicyFile
#net.jini.security.policy.PolicyFileProvider.basePolicyClass=sun.security.provider.PolicyFile
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java Fri Jan 13 08:17:14 2012
@@ -33,8 +33,8 @@ import java.util.List;
import java.util.StringTokenizer;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
-import net.jini.security.ConcurrentPermissions;
-import net.jini.security.policy.ConcurrentPolicy;
+import org.apache.river.api.security.ConcurrentPermissions;
+import org.apache.river.api.security.ConcurrentPolicy;
import net.jini.security.policy.PolicyInitializationException;
import net.jini.security.policy.PolicyFileProvider;
@@ -260,7 +260,6 @@ public class MergedPolicyProvider extend
}
}
- @Override
public boolean isConcurrent() {
if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
Iterator<Policy> it = policies.iterator();
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/SharedActivationPolicyPermissionActionsTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/SharedActivationPolicyPermissionActionsTest.td?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/SharedActivationPolicyPermissionActionsTest.td (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/SharedActivationPolicyPermissionActionsTest.td Fri Jan 13 08:17:14 2012
@@ -1,7 +1,3 @@
testClass=SharedActivationPolicyPermissionActionsTest
testCategories=start,start_impl
include0=start.properties
-#testjvmargs=\
-#-Xdebug,\
-#-Xrunjdwp:transport=dt_socket+,address=8000+,server=y+,suspend=y,\
-#${testjvmargs}
Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java Fri Jan 13 08:17:14 2012
@@ -28,14 +28,12 @@ import net.jini.security.policy.*;
import java.io.File;
import java.net.*;
import java.security.*;
-import java.util.Collections;
import com.sun.jini.qa.harness.QATest;
import com.sun.jini.qa.harness.QAConfig;
import com.sun.jini.qa.harness.TestException;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
-import org.apache.river.api.security.policy.RevokeableDynamicPolicy;
public class LoaderSplitPolicyProviderTest extends QATest {
private String ldrPolicyFile;
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/AggregatePolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/AggregatePolicyProvider.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/AggregatePolicyProvider.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/AggregatePolicyProvider.java Fri Jan 13 08:17:14 2012
@@ -40,7 +40,7 @@ import java.util.concurrent.ConcurrentMa
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import net.jini.security.SecurityContext;
-import net.jini.security.policy.ConcurrentPolicy;
+import org.apache.river.api.security.ConcurrentPolicy;
import net.jini.security.policy.DynamicPolicy;
import net.jini.security.policy.PolicyInitializationException;
import net.jini.security.policy.SecurityContextSource;
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/LoaderSplitPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/LoaderSplitPolicyProvider.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/LoaderSplitPolicyProvider.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/start/LoaderSplitPolicyProvider.java Fri Jan 13 08:17:14 2012
@@ -33,7 +33,7 @@ import java.security.ProtectionDomain;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
-import net.jini.security.policy.ConcurrentPolicy;
+import org.apache.river.api.security.ConcurrentPolicy;
import org.apache.river.api.security.PermissionGrant;
import org.apache.river.impl.util.RC;
import org.apache.river.impl.util.Ref;
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/BasicInvocationDispatcher.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/BasicInvocationDispatcher.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/BasicInvocationDispatcher.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/BasicInvocationDispatcher.java Fri Jan 13 08:17:14 2012
@@ -44,6 +44,7 @@ import java.security.AccessControlExcept
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
+import java.security.PermissionCollection;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/tcp/TcpServerEndpoint.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/tcp/TcpServerEndpoint.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/tcp/TcpServerEndpoint.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/tcp/TcpServerEndpoint.java Fri Jan 13 08:17:14 2012
@@ -854,7 +854,7 @@ public final class TcpServerEndpoint imp
if (!(t instanceof SecurityException)) {
try {
- // NYI: shed idle connections
+ // TODO: NYI: shed idle connections
} catch (OutOfMemoryError e) {
} catch (Exception e) {
}
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/GrantPermission.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/GrantPermission.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/GrantPermission.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/GrantPermission.java Fri Jan 13 08:17:14 2012
@@ -18,6 +18,7 @@
package net.jini.security;
+import org.apache.river.api.security.PermissionComparator;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InvalidObjectException;
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/DynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/DynamicPolicyProvider.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/DynamicPolicyProvider.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/DynamicPolicyProvider.java Fri Jan 13 08:17:14 2012
@@ -18,6 +18,7 @@
package net.jini.security.policy;
+import org.apache.river.api.security.ConcurrentPolicy;
import java.io.IOException;
import java.rmi.RemoteException;
import org.apache.river.api.security.DelegateSecurityManager;
@@ -47,14 +48,14 @@ import java.util.Set;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
-import net.jini.security.ConcurrentPermissions;
+import org.apache.river.api.security.ConcurrentPermissions;
import net.jini.security.GrantPermission;
-import net.jini.security.PermissionComparator;
+import org.apache.river.api.security.PermissionComparator;
import org.apache.river.api.security.PermissionGrant;
import org.apache.river.api.security.PermissionGrantBuilder;
-import org.apache.river.api.security.policy.RemotePolicy;
+import org.apache.river.api.security.RemotePolicy;
import org.apache.river.api.security.PolicyPermission;
-import org.apache.river.api.security.policy.RevokeableDynamicPolicy;
+import org.apache.river.api.security.RevocablePolicy;
import org.apache.river.impl.util.CollectionsConcurrent;
/**
@@ -156,12 +157,12 @@ import org.apache.river.impl.util.Collec
*/
public class DynamicPolicyProvider extends Policy implements RemotePolicy,
- RevokeableDynamicPolicy {
+ RevocablePolicy {
private static final Permission ALL_PERMISSION = new AllPermission();
private static final String basePolicyClassProperty =
"net.jini.security.policy.DynamicPolicyProvider.basePolicyClass";
private static final String defaultBasePolicyClass =
- "net.jini.security.policy.ConcurrentPolicyFile";
+ "org.apache.river.api.security.ConcurrentPolicyFile";
// "net.jini.security.policy.PolicyFileProvider";
private static final ProtectionDomain sysDomain =
AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
@@ -187,13 +188,6 @@ public class DynamicPolicyProvider exten
/* This lock protects write updating of remotePolicyGrants reference */
private final Object grantLock;
private final Policy basePolicy; // refresh protected by transactionWriteLock
- /* cache of ProtectionDomain and their Permissions */
-// private final ConcurrentMap<ProtectionDomain, PermissionCollection> cache; // protected by transactionWriteLock
- /* A transaction ID to avoid updating the cache with old information
- * after it has been cleared */
-// private final Lock transactionWriteLock; // Lock to protect cache clear and transactionID write.
-// private final Lock transactionReadLock; // Lock to protect cache put and transactionID reads.
-// private int transactionID; // Protected by transaction locks
// DynamicPolicy grant's for Proxy's.
private final Collection<PermissionGrant> dynamicPolicyGrants;
private final boolean basePolicyIsDynamic; // Don't use cache if true.
@@ -266,20 +260,6 @@ public class DynamicPolicyProvider exten
new ArrayList<PermissionGrant>(120));
remotePolicyGrants = new PermissionGrant[0];
- /*
- * By using a Softly referenced PermissionCollection, if the
- * JVM suffers from low memory, the cache will be cleared, even
- * when the ProtectionDomain is still strongly reachable, this will
- * slow down the performance of Dynamic Grant based permissions.
- *
- * This configuration has been chosen because a ProtectionDomain
- * may never be garbage collected even after a smart proxy is no longer
- * referenced, in the case where the client hangs onto objects
- * recieved from it.
- */
-// ConcurrentMap<Referrer<ProtectionDomain>, Referrer<PermissionCollection>> internal
-// = new ConcurrentHashMap<Referrer<ProtectionDomain>,Referrer<PermissionCollection>>(120);
-// cache = RC.concurrentMap(internal, Ref.WEAK_IDENTITY, Ref.SOFT);
loggable = logger.isLoggable(Level.FINEST);
grantLock = new Object();
revokePermission = new PolicyPermission("REVOKE");
@@ -288,8 +268,8 @@ public class DynamicPolicyProvider exten
if (basePolicy instanceof DynamicPolicy) {
DynamicPolicy dp = (DynamicPolicy) basePolicy;
basePolicyIsDynamic = dp.grantSupported();
- if (basePolicy instanceof RevokeableDynamicPolicy ) {
- RevokeableDynamicPolicy rp = (RevokeableDynamicPolicy) basePolicy;
+ if (basePolicy instanceof RevocablePolicy ) {
+ RevocablePolicy rp = (RevocablePolicy) basePolicy;
revokeable = rp.revokeSupported();
} else {
revokeable = false;
@@ -301,14 +281,9 @@ public class DynamicPolicyProvider exten
basePolicyIsRemote = basePolicy instanceof RemotePolicy ?true: false;
basePolicyIsConcurrent = basePolicy instanceof ConcurrentPolicy
? ((ConcurrentPolicy) basePolicy).isConcurrent() : false;
-// transactionID = 0;
-// ReadWriteLock rwl = new ReentrantReadWriteLock();
-// transactionWriteLock = rwl.writeLock();
-// transactionReadLock = rwl.readLock();
policyDomain = getClass().getProtectionDomain();
policyPermissions = basePolicy.getPermissions(policyDomain);
policyPermissions.setReadOnly();
-// ensureDependenciesResolved();
}
/**
@@ -325,9 +300,6 @@ public class DynamicPolicyProvider exten
dynamicPolicyGrants = CollectionsConcurrent.multiReadCollection(
new ArrayList<PermissionGrant>(120));
remotePolicyGrants = new PermissionGrant[0];
-// ConcurrentMap<Referrer<ProtectionDomain>, Referrer<PermissionCollection>> internal
-// = new ConcurrentHashMap<Referrer<ProtectionDomain>,Referrer<PermissionCollection>>(120);
-// cache = RC.concurrentMap(internal, Ref.WEAK_IDENTITY, Ref.SOFT);
loggable = logger.isLoggable(Level.FINEST);
grantLock = new Object();
revokePermission = new PolicyPermission("REVOKE");
@@ -336,8 +308,8 @@ public class DynamicPolicyProvider exten
if (basePolicy instanceof DynamicPolicy) {
DynamicPolicy dp = (DynamicPolicy) basePolicy;
basePolicyIsDynamic = dp.grantSupported();
- if (basePolicy instanceof RevokeableDynamicPolicy ) {
- RevokeableDynamicPolicy rp = (RevokeableDynamicPolicy) basePolicy;
+ if (basePolicy instanceof RevocablePolicy ) {
+ RevocablePolicy rp = (RevocablePolicy) basePolicy;
revokeable = rp.revokeSupported();
} else {
revokeable = false;
@@ -349,17 +321,14 @@ public class DynamicPolicyProvider exten
basePolicyIsRemote = basePolicy instanceof RemotePolicy ?true: false;
basePolicyIsConcurrent = basePolicy instanceof ConcurrentPolicy
? ((ConcurrentPolicy) basePolicy).isConcurrent() : false;
-// transactionID = 0;
-// ReadWriteLock rwl = new ReentrantReadWriteLock();
-// transactionWriteLock = rwl.writeLock();
-// transactionReadLock = rwl.readLock();
policyDomain = getClass().getProtectionDomain();
policyPermissions = basePolicy.getPermissions(policyDomain);
policyPermissions.setReadOnly();
-// ensureDependenciesResolved();
}
/**
+ * OLD COMMENT:
+ *
* Ensures that any classes depended on by this policy provider are
* resolved. This is to preclude lazy resolution of such classes during
* operation of the provider, which can result in deadlock as described by
@@ -410,15 +379,7 @@ Work Around
Put the policy providers and all referenced classes in the bootstrap class loader.
*/
-// private void ensureDependenciesResolved() {
-// // Investigate bug 4911907, do we need to do anything?
-// // From the work around above, we might not need to do anything.
-// // But these actions prevent the JVM from delaying classloading
-// // of required classes.
-// ProtectionDomain own = this.getClass().getProtectionDomain();
-// implies(own, new AllPermission());
-// new GrantPermission(new UmbrellaGrantPermission());
-// }
+// private void ensureDependenciesResolved()
public boolean revokeSupported() {
return revokeable;
@@ -496,19 +457,19 @@ Put the policy providers and all referen
PermissionGrant [] grants = ((ConcurrentPolicy) basePolicy).getPermissionGrants(pd);
permissions = processGrants(grants, null, true);
}
- if (revokeable == true) return convert(permissions);
- Iterator<PermissionGrant> dynamicGrants = dynamicPolicyGrants.iterator();
- while (dynamicGrants.hasNext()){
- PermissionGrant p = dynamicGrants.next();
- if ( p.implies(codesource, null) ){
- // Only use the trusted grantCache.
- Collection<Permission> perms = p.getPermissions();
- Iterator<Permission> it = perms.iterator();
- while (it.hasNext()){
- permissions.add(it.next());
- }
- }
- }
+// if (revokeable == true) return convert(permissions);
+// Iterator<PermissionGrant> dynamicGrants = dynamicPolicyGrants.iterator();
+// while (dynamicGrants.hasNext()){
+// PermissionGrant p = dynamicGrants.next();
+// if ( p.implies(codesource, null) ){
+// // Only use the trusted grantCache.
+// Collection<Permission> perms = p.getPermissions();
+// Iterator<Permission> it = perms.iterator();
+// while (it.hasNext()){
+// permissions.add(it.next());
+// }
+// }
+// }
return convert(permissions);
}
@@ -516,7 +477,7 @@ Put the policy providers and all referen
public PermissionCollection getPermissions(ProtectionDomain domain) {
if (domain == policyDomain) return policyPermissions;
/* Note: we can return revokeable permissions, the ProtectionDomain
- * only temporarily merges the permissions for toString(), not implies.
+ * only temporarily merges the permissions for toString(), for debugging.
*/
NavigableSet<Permission> permissions = null;
if (!basePolicyIsConcurrent) {
@@ -572,30 +533,12 @@ Put the policy providers and all referen
if (basePolicy.implies(domain, permission)) return true;
}
if (permission == null) throw new NullPointerException("permission not allowed to be null");
- // First check our cache if the basePolicy is not dynamic.
-
-// PermissionCollection permissions = domain != null? cache.get(domain): null;
-// if ( permissions != null ) {
-// /* Out of date cache is cleared and only updated with the latest
-// * grants don't bother retrieving it again */
-// if ( permissions.implies(permission) ) return true;
-// }
-// Thread thread = Thread.currentThread();
-// if (thread.isInterrupted()) return false;
- /* Do not call implies on the base Policy, if
+ /* If com.sun.security.provider.PolicyFile:
+ * Do not call implies on the base Policy, if
* there are UnresolvedPermission's that are undergoing resolution
* while another Permission within that collection is already
* resolved, the Enumeration will cause a ConcurrentModificationException.
*/
-// int currentTransactionID;
-// PermissionCollection bpc = null;
-// transactionReadLock.lock();
-// try {
-// currentTransactionID = transactionID;
-// bpc = basePolicy.getPermissions(domain);
-// }finally{
-// transactionReadLock.unlock();
-// }
/* Be mindful of static Permissions held by the
* ProtectionDomain, a Permission may be implied by the
@@ -612,18 +555,13 @@ Put the policy providers and all referen
* it's own private Permissions, then calls Policy.implies, however
* this is incorrect, the Policy is checked first.
*/
- //PermissionCollection pdpc = domain.getPermissions();
- //PermissionCollection[] p = { pdpc, bpc };
/* Don't use the underlying policy permission collection otherwise
* we can leak grants in to the underlying policy from our cache,
- * this could then be merged into the PermissionDomain's permission
- * cache negating the possiblity of revoking the permission.
+ * this could then be inadvertantly cached and passed to a ProtectionDomain
+ * constructor, preventing Revocation.
*/
-// permissions = PolicyUtils.asConcurrent(bpc);
- /* Don't place it in the cache half finished or check it yet since
- * mutations are blocking */
NavigableSet<Permission> permissions = null; // Keep as small as possible.
- /* If GrantPermission is being requested, we must get all Permissions
+ /* If GrantPermission is being requested, we must get all Permission objects
* and add them to the underlying collection.
*
*/
@@ -681,20 +619,8 @@ Put the policy providers and all referen
}
}
// if (thread.isInterrupted()) return false;
- // We have added dynamic grants, lets expand any UmbrellaGrant's
-
PermissionCollection pc = convert(permissions);
if (permission instanceof GrantPermission) expandUmbrella(pc);
-// if (domain != null) {
-// if (transactionReadLock.tryLock()){
-// try {
-// if (transactionID == currentTransactionID)
-// cache.putIfAbsent(domain, permissions);
-// }finally {
-// transactionReadLock.unlock();
-// }
-// }
-// }
return pc.implies(permission);
}
@@ -710,13 +636,7 @@ Put the policy providers and all referen
@SuppressWarnings("unchecked")
public void refresh() {
-// transactionWriteLock.lock();
-// try {
- basePolicy.refresh();
-// transactionID++;
-// }finally{
-// transactionWriteLock.unlock();
-// }
+ basePolicy.refresh();
// Clean up any void dynamic grants.
Collection<PermissionGrant> remove = new ArrayList<PermissionGrant>(40);
Iterator<PermissionGrant> i = dynamicPolicyGrants.iterator();
@@ -727,14 +647,6 @@ Put the policy providers and all referen
}
}
dynamicPolicyGrants.removeAll(remove);
- // Increment transaction ID after cache clear,
-// transactionWriteLock.lock();
-// try {
-// cache.clear();
-// transactionID++;
-// }finally{
-// transactionWriteLock.unlock();
-// }
// Don't bother removing void from the remotePolicy, it get's replaced anyway.
// Policy file based grant's don't become void, only dynamic grant's
// to ProtectionDomain or ClassLoader.
@@ -777,19 +689,10 @@ Put the policy providers and all referen
.permissions(permissions)
.context(PermissionGrantBuilder.CLASSLOADER)
.build();
- // This grant is new, in the grantCache and we trust it.
dynamicPolicyGrants.add(pe);
- // Increment transaction ID after cache clear,
-// transactionWriteLock.lock();
-// try {
-// cache.clear();
-// transactionID++;
-// }finally{
-// transactionWriteLock.unlock();
-// }
-// if (loggable){
-// logger.log(Level.FINEST, "Granting: {0}", pe.toString());
-// }
+ if (loggable){
+ logger.log(Level.FINEST, "Granting: {0}", pe.toString());
+ }
}
// documentation inherited from DynamicPolicy.getGrants
@@ -822,7 +725,7 @@ Put the policy providers and all referen
public Permission[] revoke(Class cl, Principal[] principals) {
revokePermission.checkGuard(null);
if (basePolicyIsDynamic && revokeable){
- RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy;
+ RevocablePolicy bp = (RevocablePolicy) basePolicy;
return bp.revoke(cl, principals);
}
ClassLoader loader = null;
@@ -844,17 +747,6 @@ Put the policy providers and all referen
grants.remove();
}
}
- // Unfortunately we don't know which
- // ProtectionDomains a ClassLoader references, so we must clear the
- // cache.
- // Increment transaction ID after cache clear.
-// transactionWriteLock.lock();
-// try {
-// cache.clear();
-// transactionID++;
-// }finally{
-// transactionWriteLock.unlock();
-// }
SecurityManager sm = System.getSecurityManager();
if (sm instanceof DelegateSecurityManager) {
@@ -978,13 +870,6 @@ Put the policy providers and all referen
PermissionGrant[] updated = new PermissionGrant[holder.size()];
remotePolicyGrants = holder.toArray(updated);
}
-// transactionWriteLock.lock();
-// try {
-// cache.clear();
-// transactionID++;
-// }finally{
-// transactionWriteLock.unlock();
-// }
Collection<PermissionGrant> oldGrants = new HashSet<PermissionGrant>(old.length);
oldGrants.addAll(Arrays.asList(old));
oldGrants.removeAll(holder);
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java Fri Jan 13 08:17:14 2012
@@ -63,7 +63,7 @@ public class PolicyFileProvider extends
"net.jini.security.policy.PolicyFileProvider.basePolicyClass";
private static final String defaultBasePolicyClass =
// Having our own implementation removes a platform dependency
- "net.jini.security.policy.ConcurrentPolicyFile";
+ "org.apache.river.api.security.ConcurrentPolicyFile";
// "sun.security.provider.PolicyFile";
private static final String policyProperty = "java.security.policy";
private static final Object propertyLock = new Object();
@@ -108,7 +108,9 @@ public class PolicyFileProvider extends
* <code>net.jini.security.policy.PolicyFileProvider.basePolicyClass</code>
* security property, or if the calling context does not have
* adequate permissions to access the base policy class
+ * @deprecated DynamicPolicyProvider now supports Umbrella grants directly.
*/
+ @Deprecated
public PolicyFileProvider() throws PolicyInitializationException {
policyFile = null;
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/DelegatePermission.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/DelegatePermission.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/DelegatePermission.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/DelegatePermission.java Fri Jan 13 08:17:14 2012
@@ -33,7 +33,7 @@ import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ConcurrentSkipListMap;
-import net.jini.security.PermissionComparator;
+import org.apache.river.api.security.PermissionComparator;
import org.apache.river.api.security.DelegateSecurityManager;
import org.apache.river.impl.util.RC;
import org.apache.river.impl.util.Ref;
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CertificateGrant.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CertificateGrant.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CertificateGrant.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CertificateGrant.java Fri Jan 13 08:17:14 2012
@@ -42,8 +42,8 @@ class CertificateGrant extends Principal
private final int hashCode;
@SuppressWarnings("unchecked")
CertificateGrant(Certificate[] codeSourceCerts, Principal[] pals,
- Permission[] perms, boolean inverse){
- super(pals, perms, inverse);
+ Permission[] perms){
+ super(pals, perms);
if (codeSourceCerts == null || codeSourceCerts.length == 0) {
certs = Collections.EMPTY_SET;
}else{
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceGrant.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceGrant.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceGrant.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceGrant.java Fri Jan 13 08:17:14 2012
@@ -35,8 +35,8 @@ class CodeSourceGrant extends Certificat
private final int hashCode;
@SuppressWarnings("unchecked")
- CodeSourceGrant(CodeSource cs, Principal[] pals, Permission[] perm, boolean inverse ){
- super( cs != null? cs.getCertificates(): null, pals, perm, inverse);
+ CodeSourceGrant(CodeSource cs, Principal[] pals, Permission[] perm){
+ super( cs != null? cs.getCertificates(): null, pals, perm);
this.cs = cs != null? normalizeCodeSource(cs) : null;
int hash = 3;
hash = 67 * hash + (this.cs != null ? this.cs.hashCode() : 0);
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceSetGrant.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceSetGrant.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceSetGrant.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceSetGrant.java Fri Jan 13 08:17:14 2012
@@ -39,8 +39,8 @@ class CodeSourceSetGrant extends Certifi
private final int hashCode;
@SuppressWarnings("unchecked")
- CodeSourceSetGrant(CodeSource[] csource, Principal[] pals, Permission[] perm, boolean inverse){
- super( null, pals, perm, inverse);
+ CodeSourceSetGrant(CodeSource[] csource, Principal[] pals, Permission[] perm){
+ super( null, pals, perm);
int l = csource == null ? 0 : csource.length;
Collection<CodeSource> list = new ArrayList<CodeSource>(l);
int hash = 3;
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPermissions.java (from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPermissions.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPermissions.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java&r1=1229137&r2=1230913&rev=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPermissions.java Fri Jan 13 08:17:14 2012
@@ -16,31 +16,50 @@
* limitations under the License.
*/
-package net.jini.security;
+package org.apache.river.api.security;
import java.io.Serializable;
+import java.lang.reflect.Constructor;
import java.security.AllPermission;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.UnresolvedPermission;
+import java.security.cert.Certificate;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
-import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
-import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.ConcurrentSkipListSet;
+import java.util.concurrent.atomic.AtomicInteger;
/**
* ConcurrentPermission's is a replacement for java.security.Permissions.
*
+ * This was originally intended to be used as a policy cache, it turns out
+ * that a policy cache is not needed, due to the efficiency of
+ * URLGrant.implies(ProtectionDomain pd). Scalability is better without
+ * a policy cache because PermissionGrant's are immutable, have no mutable shared
+ * state and are therefore not likely to causing cache misses.
+ *
+ * The only reason this class still exists is due to an unknown bug in
+ * java.security.Permissions not resolving
+ * permission com.sun.jini.phoenix.ExecOptionPermission "*";
+ * in UnresolvedPermission. This occurs in start tests using Phoenix and
+ * defaultphoenix.policy in the qa suite.
+ *
+ * This class may be removed in a future version of River, it is only public
+ * because it is required by DynamicPolicyProvider and resides in this
+ * package because it is also used by ConcurrentPolicyFile and requires access
+ * to package private utility classes as well.
+ *
* If there is heavy contention for one Permission class
* type, concurrency may suffer due to internal synchronization.
* This is due to the original PermissionsCollection spec requiring
@@ -53,9 +72,6 @@ import java.util.concurrent.ConcurrentHa
* of elements, but makes no guarantees that new elements will be
* added during an Enumeration.
*
- * For this reason it is not recommended that ConcurrentPermission be
- * used when the result from #elements() must be correct.
- *
* TODO: Serialization properly
* @version 0.4 2009/11/10
*
@@ -75,8 +91,8 @@ implements Serializable {
* This creates issues with java.security.AccessControlContext and
* causes it to throw an exception.
*/
- private transient final PermissionPendingResolutionCollection unresolved;
- private ConcurrentHashMap<Class<?>, PermissionCollection> permsMap;
+ private transient PermissionPendingResolutionCollection unresolved;
+ private final ConcurrentMap<Class<?>, PermissionCollection> permsMap;
private transient volatile boolean allPermission;
/* Let Permissions, UnresolvedPermission and
@@ -115,7 +131,7 @@ implements Serializable {
Class clas = permission.getClass();
PermissionCollection pc = permsMap.get(clas);
if (pc == null){
- pc = new DynamicPermissionCollection(null, clas);
+ pc = getPC(permission);
PermissionCollection existed =
permsMap.putIfAbsent(clas, pc);
if (existed != null) {
@@ -125,6 +141,13 @@ implements Serializable {
pc.add(permission);
}
+ private PermissionCollection getPC(Permission p){
+ if (p == null) throw new NullPointerException("null Permission");
+ PermissionCollection pc = p.newPermissionCollection();
+ if (pc == null) pc = new PC();
+ return pc;
+ }
+
/**
* Returns true if Permission is implied for this PermissionDomain.
* Threadsafe this method is also a mutator method for internal state
@@ -143,7 +166,7 @@ implements Serializable {
if (pc != null && pc.implies(permission)) { return true;}
if (unresolved.awaitingResolution() == 0 ) { return false; }
if (pc == null){
- pc = new DynamicPermissionCollection(null, clas); // once added it cannot be removed atomically.
+ pc = getPC(permission); // once added it cannot be removed atomically.
PermissionCollection existed = permsMap.putIfAbsent(clas, pc);
if (existed != null) pc = existed;
}
@@ -168,9 +191,9 @@ implements Serializable {
@Override
public Enumeration<Permission> elements() {
if (allPermission == true){
- Vector<Permission> a = new Vector<Permission>(1);
- a.add(0, new AllPermission());
- return a.elements();
+ Permission [] pa = new Permission[1];
+ pa [0] = new AllPermission();
+ return Collections.enumeration(Arrays.asList(pa));
}
ArrayList<PermissionCollection> elem =
new ArrayList<PermissionCollection>(permsMap.size()
@@ -260,5 +283,307 @@ implements Serializable {
return currentPermSet.nextElement();
}
}
+
+ private class PC extends PermissionCollection {
+ private static final long serialVersionUID = 1L;
+ private final Collection<Permission> perms;
+
+ private PC(){
+ perms = new ConcurrentSkipListSet<Permission>(new PermissionComparator());
+ }
+
+ @Override
+ public void add(Permission permission) {
+ perms.add(permission);
+ }
+
+ @Override
+ public boolean implies(Permission permission) {
+ if (perms.contains(permission)) return true;
+ Iterator<Permission> it = perms.iterator();
+ while (it.hasNext()){
+ Permission p = it.next();
+ if (p.implies(permission)) return true;
+ }
+ return false;
+ }
+
+ @Override
+ public Enumeration<Permission> elements() {
+ return Collections.enumeration(perms);
+ }
+
+ }
+
+ private static class PermissionPendingResolution extends Permission {
+ private static final long serialVersionUID = 1L;
+ private transient String type; //Class name of underlying permission
+ private transient String name; //Target name of underlying permission
+ private transient String actions;
+ /* We have our own array copy of certs, prevents unnecessary
+ * array creation every time .getUnresolvedCerts() is called.
+ */
+ private transient Certificate [] targetCerts;
+ private UnresolvedPermission unresolvedPermission;
+
+ PermissionPendingResolution(UnresolvedPermission up){
+ super(up.getUnresolvedType());
+ type = up.getUnresolvedType();
+ name = up.getUnresolvedName();
+ actions = up.getUnresolvedActions();
+ // don't need to defensive copy, UnresolvedPermission already does it.
+ targetCerts = up.getUnresolvedCerts();
+ unresolvedPermission = up;
+ }
+
+ Permission resolve(Class targetType) {
+ // check signers at first
+ if (PolicyUtils.matchSubset( targetCerts, targetType.getSigners())) {
+ try {
+ return PolicyUtils.instantiatePermission(targetType, name, actions);
+ } catch (Exception ignore) {
+ //TODO log warning?
+ }
+ }
+ return null;
+ }
+
+// Permission resolve(ClassLoader cl){
+// Class<?> targetType = null;
+// try {
+// targetType = cl.loadClass(type);
+// } catch (ClassNotFoundException e){
+// //TODO log warning?
+// System.err.println(type +" " + name + " " + actions +
+// ": Cannot be resolved due to ClassNotFoundException");
+// e.printStackTrace();
+// } catch (NullPointerException e){
+// //TODO log warning, this should never happen but if it does
+// //the class will not be resolved.
+// System.err.println(type +" " + name + " " + actions +
+// ": Cannot be resolved due to ClassLoader null instance");
+// e.printStackTrace();
+// }
+// if ( targetType == null ) {return null;}
+// return resolve(targetType);
+// }
+//
+//
+// /**
+// * Code Copied, Courtesey Apache Harmony
+// *
+// * Checks whether the objects from <code>what</code> array are all
+// * presented in <code>where</code> array.
+// *
+// * @param what first array, may be <code>null</code>
+// * @param where second array, may be <code>null</code>
+// * @return <code>true</code> if the first array is <code>null</code>
+// * or if each and every object (ignoring null values)
+// * from the first array has a twin in the second array; <code>false</code> otherwise
+// */
+// boolean matchSubset(Object[] what, Object[] where) {
+// if (what == null) {
+// return true;
+// }
+//
+// for (int i = 0; i < what.length; i++) {
+// if (what[i] != null) {
+// if (where == null) {
+// return false;
+// }
+// boolean found = false;
+// for (int j = 0; j < where.length; j++) {
+// if (what[i].equals(where[j])) {
+// found = true;
+// break;
+// }
+// }
+// if (!found) {
+// return false;
+// }
+// }
+// }
+// return true;
+// }
+//
+// // Empty set of arguments to default constructor of a Permission.
+// private static final Class[] NO_ARGS = {};
+//
+// // One-arg set of arguments to default constructor of a Permission.
+// private static final Class[] ONE_ARGS = { String.class };
+//
+// // Two-args set of arguments to default constructor of a Permission.
+// private static final Class[] TWO_ARGS = { String.class, String.class };
+//
+// /**
+// * Code copied, courtsey of Apache Harmony
+// *
+// * Tries to find a suitable constructor and instantiate a new Permission
+// * with specified parameters.
+// *
+// * @param targetType class of expected Permission instance
+// * @param targetName name of expected Permission instance
+// * @param targetActions actions of expected Permission instance
+// * @return a new Permission instance
+// * @throws IllegalArgumentException if no suitable constructor found
+// * @throws Exception any exception thrown by Constructor.newInstance()
+// */
+// Permission instantiatePermission(Class<?> targetType,
+// String targetName, String targetActions) throws Exception {
+//
+// // let's guess the best order for trying constructors
+// Class[][] argTypes = null;
+// Object[][] args = null;
+// if (targetActions != null) {
+// argTypes = new Class[][] { TWO_ARGS, ONE_ARGS, NO_ARGS };
+// args = new Object[][] { { targetName, targetActions },
+// { targetName }, {} };
+// } else if (targetName != null) {
+// argTypes = new Class[][] { ONE_ARGS, TWO_ARGS, NO_ARGS };
+// args = new Object[][] { { targetName },
+// { targetName, targetActions }, {} };
+// } else {
+// argTypes = new Class[][] { NO_ARGS, ONE_ARGS, TWO_ARGS };
+// args = new Object[][] { {}, { targetName },
+// { targetName, targetActions } };
+// }
+//
+// // finally try to instantiate actual permission
+// for (int i = 0; i < argTypes.length; i++) {
+// try {
+// Constructor<?> ctor = targetType.getConstructor(argTypes[i]);
+// return (Permission)ctor.newInstance(args[i]);
+// }
+// catch (NoSuchMethodException ignore) {}
+// }
+// throw new IllegalArgumentException(type + name + actions);//$NON-NLS-1$
+// }
+
+ @Override
+ public boolean implies(Permission permission) {
+ return false;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if ( obj == this ) {return true;}
+ if ( !(obj instanceof PermissionPendingResolution)) {return false;}
+ PermissionPendingResolution ob = (PermissionPendingResolution) obj;
+ if (this.unresolvedPermission.equals(ob.unresolvedPermission)) {return true;}
+ return false;
+ }
+
+ @Override
+ public int hashCode() {
+ return unresolvedPermission.hashCode();
+ }
+
+ @Override
+ public String getActions() {
+ return "";
+ }
+
+ @Override
+ public PermissionCollection newPermissionCollection(){
+ return new PermissionPendingResolutionCollection();
+ }
+
+ public UnresolvedPermission asUnresolvedPermission(){
+ return unresolvedPermission;
+ }
+ }
+
+ private static class PermissionPendingResolutionCollection extends PermissionCollection {
+ private static final long serialVersionUID = 1L;
+ private ConcurrentHashMap<String,Collection<PermissionPendingResolution>> klasses;
+ // This is a best effort counter, it doesn't try to identify duplicates.
+ // If it equals 0, it definitely has no pendings, however it may be greater
+ // than 0 and have no pending Permission's for resolution.
+ private AtomicInteger pending;
+ PermissionPendingResolutionCollection(){
+ klasses = new ConcurrentHashMap<String,Collection<PermissionPendingResolution>>(2);
+ pending = new AtomicInteger(0);
+ }
+
+ public int awaitingResolution(){
+ return pending.get();
+ }
+
+ void clear(){
+ klasses.clear();
+ pending.set(0);
+ }
+
+
+ public void add(Permission permission) {
+ if (isReadOnly()) {
+ throw new SecurityException("attempt to add a Permission to a readonly Permissions object"); //$NON-NLS-1$
+ }
+ if (permission == null) { throw new IllegalArgumentException("Null Permission");}
+ if ( permission.getClass() != PermissionPendingResolution.class || permission.getClass() != PermissionPendingResolution.class ) {
+ throw new IllegalArgumentException("Not instance of PermissionPendingResolution");
+ }
+ String klass = permission.getName();
+ Collection<PermissionPendingResolution> klassMates = klasses.get(klass);
+ if (klassMates != null){
+ klassMates.add((PermissionPendingResolution) permission);
+ pending.incrementAndGet();
+ return;
+ }
+ Collection<PermissionPendingResolution> klassMatesExists = null;
+ Set<PermissionPendingResolution> pprs = new HashSet<PermissionPendingResolution>();
+ klassMates = Collections.synchronizedSet(pprs);
+ klassMatesExists = klasses.putIfAbsent(klass, klassMates);
+ if (klassMatesExists == null){
+ klassMates.add((PermissionPendingResolution) permission);
+ pending.incrementAndGet();
+ }else{
+ klassMatesExists.add((PermissionPendingResolution) permission);
+ pending.incrementAndGet();
+ }
+ }
+
+ PermissionCollection resolveCollection(Permission target, PermissionCollection holder ){
+ if (target == null || holder == null) throw new NullPointerException("target or holder cannot be null");
+ if (pending.get() == 0) { return holder; }
+ String klass = target.getClass().getName();
+ Collection<PermissionPendingResolution> klassMates = klasses.remove(klass);
+ if (klassMates != null) {
+ for (Iterator<PermissionPendingResolution> iter = klassMates.iterator(); iter.hasNext();) {
+ PermissionPendingResolution element = iter.next();
+ Permission resolved = element.resolve(target.getClass());
+ if (resolved != null) {
+ holder.add(resolved);
+ iter.remove();
+ pending.decrementAndGet();
+ }
+ }
+ // If for some reason something wasn't resolved we better put it back
+ // We should never get here, should I throw an exception instead?
+ if (klassMates.size() > 0 ) {
+ Collection<PermissionPendingResolution> existed
+ = klasses.putIfAbsent(klass, klassMates);
+ if ( existed != null ) {
+ existed.addAll(klassMates);
+ }
+ }
+ }
+ return holder;
+ }
+
+ @Override
+ public boolean implies(Permission permission) {
+ return false;
+ }
+
+ @SuppressWarnings("unchecked")
+ public Enumeration<Permission> elements() {
+ Collection all = new ArrayList();
+ for (Iterator iter = klasses.values().iterator(); iter.hasNext();) {
+ all.addAll((Collection)iter.next());
+ }
+ return Collections.enumeration(all);
+ }
+ }
}
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicy.java (from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicy.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicy.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicy.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicy.java&r1=1229137&r2=1230913&rev=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicy.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicy.java Fri Jan 13 08:17:14 2012
@@ -16,7 +16,7 @@
* limitations under the License.
*/
-package net.jini.security.policy;
+package org.apache.river.api.security;
import java.security.CodeSource;
import java.security.ProtectionDomain;
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicyFile.java (from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicyFile.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicyFile.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java&r1=1229137&r2=1230913&rev=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ConcurrentPolicyFile.java Fri Jan 13 08:17:14 2012
@@ -24,7 +24,7 @@
* @version $Revision$
*/
-package net.jini.security.policy;
+package org.apache.river.api.security;
import java.io.File;
import java.net.URL;
@@ -50,11 +50,9 @@ import java.util.List;
import java.util.NavigableSet;
import java.util.Properties;
import java.util.TreeSet;
-import net.jini.security.PermissionComparator;
+import org.apache.river.api.security.PermissionComparator;
+import net.jini.security.policy.PolicyInitializationException;
import org.apache.river.api.security.PermissionGrant;
-import org.apache.river.impl.security.policy.util.DefaultPolicyParser;
-import org.apache.river.impl.security.policy.util.PolicyParser;
-import org.apache.river.impl.security.policy.util.PolicyUtils;
/**
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyParser.java (from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyParser.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyParser.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java&r1=1229137&r2=1230913&rev=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyParser.java Fri Jan 13 08:17:14 2012
@@ -20,7 +20,7 @@
* @version $Revision$
*/
-package org.apache.river.impl.security.policy.util;
+package org.apache.river.api.security;
import java.io.BufferedReader;
import java.io.File;
@@ -33,32 +33,25 @@ import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.AccessController;
-import java.security.CodeSource;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Permission;
import java.security.Principal;
import java.security.UnresolvedPermission;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
-import java.util.SortedSet;
import java.util.StringTokenizer;
-import java.util.TreeSet;
-import org.apache.river.api.security.PermissionGrant;
-import org.apache.river.api.security.PermissionGrantBuilder;
-import org.apache.river.impl.security.policy.util.DefaultPolicyScanner.GrantEntry;
-import org.apache.river.impl.security.policy.util.DefaultPolicyScanner.KeystoreEntry;
-import org.apache.river.impl.security.policy.util.DefaultPolicyScanner.PermissionEntry;
-import org.apache.river.impl.security.policy.util.DefaultPolicyScanner.PrincipalEntry;
-import org.apache.river.impl.security.policy.util.PolicyUtils.ExpansionFailedException;
+import org.apache.river.api.security.DefaultPolicyScanner.GrantEntry;
+import org.apache.river.api.security.DefaultPolicyScanner.KeystoreEntry;
+import org.apache.river.api.security.DefaultPolicyScanner.PermissionEntry;
+import org.apache.river.api.security.DefaultPolicyScanner.PrincipalEntry;
+import org.apache.river.api.security.PolicyUtils.ExpansionFailedException;
/**
@@ -81,7 +74,7 @@ import org.apache.river.impl.security.po
* @see org.apache.river.imp.security.policy.util.DefaultPolicyScanner
* @see org.apache.river.api.security.PermissionGrant
*/
-public class DefaultPolicyParser implements PolicyParser {
+class DefaultPolicyParser implements PolicyParser {
// Pluggable scanner for a specific file format
private final DefaultPolicyScanner scanner;
@@ -91,7 +84,7 @@ public class DefaultPolicyParser impleme
* {@link org.apache.river.imp.security.policy.util.DefaultPolicyScanner DefaultPolicyScanner}
* is used.
*/
- public DefaultPolicyParser() {
+ DefaultPolicyParser() {
scanner = new DefaultPolicyScanner();
}
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyScanner.java (from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyScanner.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyScanner.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyScanner.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyScanner.java&r1=1229137&r2=1230913&rev=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyScanner.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DefaultPolicyScanner.java Fri Jan 13 08:17:14 2012
@@ -20,7 +20,7 @@
* @version $Revision$
*/
-package org.apache.river.impl.security.policy.util;
+package org.apache.river.api.security;
import java.io.IOException;
import java.io.Reader;
@@ -32,7 +32,7 @@ import java.util.List;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
-import org.apache.river.impl.security.policy.util.PolicyUtils.ExpansionFailedException;
+import org.apache.river.api.security.PolicyUtils.ExpansionFailedException;
/**
@@ -71,7 +71,7 @@ import org.apache.river.impl.security.po
*
* @see org.apache.harmony.security.fortress.DefaultPolicyParser
*/
-public class DefaultPolicyScanner {
+class DefaultPolicyScanner {
/**
* Specific exception class to signal policy file syntax error.
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java Fri Jan 13 08:17:14 2012
@@ -49,7 +49,6 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.logging.Level;
import java.util.logging.Logger;
-import net.jini.security.PermissionComparator;
import org.apache.river.api.delegates.DelegatePermission;
import org.apache.river.impl.util.RC;
import org.apache.river.impl.util.Ref;
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Messages.java (from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Messages.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Messages.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Messages.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Messages.java&r1=1229137&r2=1230913&rev=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Messages.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Messages.java Fri Jan 13 08:17:14 2012
@@ -21,7 +21,7 @@
* if this tool runs again. Better make changes in the template file.
*/
-package org.apache.river.impl.security.policy.util;
+package org.apache.river.api.security;
import java.security.AccessController;
@@ -46,7 +46,7 @@ import java.util.ResourceBundle;
* should a reasonable human-readable (english) string.
*
*/
-public class Messages {
+class Messages {
// ResourceBundle holding the system messages.
static final private ResourceBundle bundle ;
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionComparator.java (from r1229137, river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionComparator.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionComparator.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionComparator.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionComparator.java&r1=1229137&r2=1230913&rev=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionComparator.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionComparator.java Fri Jan 13 08:17:14 2012
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package net.jini.security;
+package org.apache.river.api.security;
import java.io.Serializable;
import java.security.Permission;
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java Fri Jan 13 08:17:14 2012
@@ -37,21 +37,6 @@ import java.util.Collection;
public interface PermissionGrant {
/**
- * If true, the PermissionGrant is said to be inverse, so if it implies
- * a ProtectionDomain and is inverse then that ProtectionDomain must be
- * denied any Permission implied by any inverse PermissionGrant.
- *
- * Inverse PermissionGrant's must be checked first by the policy, before
- * checking any normal PermissionGrant.
- *
- * All Permissions contained by an inverse PermissionGrant's must be
- * grouped by implied ProtectionDomain's and stored in PermissionCollections.
- *
- * @return
- */
- boolean inverse();
-
- /**
* Optimisation for AllPermission.
*
* @return true - if PermissionGrant contains AllPermission.
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java Fri Jan 13 08:17:14 2012
@@ -50,8 +50,17 @@ public abstract class PermissionGrantBui
public static final int CLASSLOADER = 0;
/**
* The PermissionGrant generated will apply to all classes loaded from
- * the CodeSource.
+ * the CodeSource. This has been provided for strict compatibility
+ * with the standard Java Policy, where a DNS lookup may be performed
+ * to determine if CodeSource.implies(CodeSource). In addition, to
+ * resolve a File URL, will require disk access.
+ *
+ * This is very bad for Policy performance, so it's use should be
+ * kept to an absolute minimum, it's use is discouraged.
+ *
+ * @deprecated use URI instead.
*/
+ @Deprecated
public static final int CODESOURCE = 1;
/**
* The PermissionGrant generated will apply to all classes belonging to
@@ -79,6 +88,17 @@ public abstract class PermissionGrantBui
*/
public static final int PRINCIPAL = 4;
+ /**
+ * The PermissionGrant generated will apply to the ProtectionDomain or
+ * CodeSource who's URL is implied by the given URI. This behaves
+ * similarly to CodeSource.implies(CodeSource), except no DNS lookup is
+ * performed, nor file system access to verify the file exists.
+ *
+ * The DNS lookup is avoided for security and performance reasons,
+ * DNS is not authenticated and therefore cannot be trusted. Doing so,
+ * could allow an attacker to use DNS Cache poisoning to escalate
+ * Permission, by imitating a URL with greater privileges.
+ */
public static final int URI = 5;
public static PermissionGrantBuilder newBuilder(){
@@ -90,16 +110,7 @@ public abstract class PermissionGrantBui
* PermissionGrantBuilder.
*/
public abstract PermissionGrantBuilder reset();
-
- /**
- * If supported, the grant created will be inverse, in other words a deny.
- *
- * Any ProtectionDomain implied will be denied the contained permissions
- * and any other Permissions they imply.
- *
- * @return
- */
- public abstract PermissionGrantBuilder inverse();
+
/**
* Sets the context of the PermissionGrant to on of the static final
* fields in this class.
@@ -113,7 +124,9 @@ public abstract class PermissionGrantBui
* Sets the CodeSource that will receive the PermissionGrant
* @param cs
* @return PermissionGrantBuilder
+ * @deprecated use uri instead.
*/
+ @Deprecated
public abstract PermissionGrantBuilder codeSource(CodeSource cs);
public abstract PermissionGrantBuilder multipleCodeSources();
Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java?rev=1230913&r1=1230912&r2=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java Fri Jan 13 08:17:14 2012
@@ -64,7 +64,6 @@ class PermissionGrantBuilderImp extends
private int context;
private boolean hasMultipleCodeSources;
private boolean hasDomain;
- private boolean inverse;
// Transient Fields
private transient Collection<CodeSource> multipleCodeSources;
@@ -93,18 +92,9 @@ class PermissionGrantBuilderImp extends
multipleCodeSources = null;
csources = null;
hasMultipleCodeSources = false;
- inverse = false;
return this;
}
- @Override
- public PermissionGrantBuilder inverse() {
- inverse = true;
- return this;
- }
-
-
-
public PermissionGrantBuilder context(int context) {
if (context < 0) {
throw new IllegalStateException("context must be >= 0");
@@ -180,26 +170,24 @@ class PermissionGrantBuilderImp extends
case CLASSLOADER: //Dynamic grant
// Don't return principal grant if domain null, dynamic grant's
// are treated special.
- if (inverse) throw new UnsupportedOperationException("Inverse ClassLoader permissions not implemented");
return new ClassLoaderGrant(domain, principals, permissions );
case URI:
if (uris != null && !uris.isEmpty() ) uri = uris.toArray(new URI[uris.size()]);
if (uri == null ) uri = new URI[0];
- return new URIGrant(uri, certs, principals, permissions, inverse);
+ return new URIGrant(uri, certs, principals, permissions);
case CODESOURCE:
if (hasMultipleCodeSources) {
if (multipleCodeSources != null) csources =
multipleCodeSources.toArray(new CodeSource[multipleCodeSources.size()]);
- return new CodeSourceSetGrant(csources, principals, permissions, inverse);
+ return new CodeSourceSetGrant(csources, principals, permissions);
}
- return new CodeSourceGrant(cs, principals, permissions, inverse);
+ return new CodeSourceGrant(cs, principals, permissions);
case CODESOURCE_CERTS:
- return new CertificateGrant(certs, principals, permissions, inverse);
+ return new CertificateGrant(certs, principals, permissions);
case PROTECTIONDOMAIN: //Dynamic grant
- if (inverse) throw new UnsupportedOperationException("Inverse ProtectionDomain permissions not implemented");
return new ProtectionDomainGrant(domain, principals, permissions );
case PRINCIPAL:
- return new PrincipalGrant(principals, permissions, inverse);
+ return new PrincipalGrant(principals, permissions);
default:
return nullGrant;
}
@@ -274,11 +262,6 @@ class PermissionGrantBuilderImp extends
private Object readResolve(){
return nullGrant;
}
-
- public boolean inverse() {
- return false;
- }
-
public boolean isPrivileged() {
return false;
Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PolicyParser.java (from r1222835, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyParser.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PolicyParser.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PolicyParser.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyParser.java&r1=1222835&r2=1230913&rev=1230913&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyParser.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PolicyParser.java Fri Jan 13 08:17:14 2012
@@ -16,7 +16,7 @@
* limitations under the License.
*/
-package org.apache.river.impl.security.policy.util;
+package org.apache.river.api.security;
import java.net.URL;
import java.util.Collection;