You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2010/09/23 15:34:24 UTC
svn commit: r1000463 - in /incubator/river/jtsk/skunk/pepe: ./
src/net/jini/security/policy/ src/org/apache/river/api/delegates/
src/org/apache/river/api/security/
src/org/apache/river/imp/security/policy/cdc/
src/org/apache/river/imp/security/policy/se/
Author: peter_firmstone
Date: Thu Sep 23 13:34:23 2010
New Revision: 1000463
URL: http://svn.apache.org/viewvc?rev=1000463&view=rev
Log:
Removed AccessControlDelegate (which was renamed from ExcutionContextManager)
Implemented an InternetSecurityManager which caches AccessControlContext results for increased performance for repeated checkPermission calls, this replaces the ExecutionContextManager and simplifies the use of delegates.
Delegates are now implemented as per Li Gong's suggestion on page 176 of "Inside Java 2 Platform Security", Second Edition ISBN 0201787911
Implemented the first delegate, for FileInputStream.
Added:
incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/delegates/
incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/delegates/FileInputStream.java (with props)
incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java (with props)
Removed:
incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/AccessControlDelegate.java
incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/ACCC.java
Modified:
incubator/river/jtsk/skunk/pepe/build.xml
incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java
incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java
incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java
Modified: incubator/river/jtsk/skunk/pepe/build.xml
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/build.xml?rev=1000463&r1=1000462&r2=1000463&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/build.xml (original)
+++ incubator/river/jtsk/skunk/pepe/build.xml Thu Sep 23 13:34:23 2010
@@ -2072,7 +2072,8 @@
-->
<target name="qa.run" depends="" description="Run QA tests">
<property name="run.categories"
- value="id,loader,policyprovider,locatordiscovery,activation,config,discoverymanager,joinmanager,url,iiop,jrmp,reliability,thread,renewalmanager,constraint,export,lookupdiscovery,servicediscovery,io,security"/>
+ value="id,loader,policyprovider,locatordiscovery,activation,config,discoverymanager,joinmanager,url,iiop,jrmp,reliability,thread,renewalmanager,constraint,export,lookupdiscovery,servicediscovery,io,security,lookupservice,renewalservice,eventmailbox,jeri,start,discoveryservice,discoveryproviders"
+ />
<!-- Call qa subcomponent build -->
<ant dir="qa" target="run-categories" inheritall="false" >
<property name="run.categories" value="${run.categories}" />
Modified: incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java?rev=1000463&r1=1000462&r2=1000463&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java (original)
+++ incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java Thu Sep 23 13:34:23 2010
@@ -6,9 +6,6 @@
package net.jini.security.policy;
import java.util.List;
-import org.apache.river.api.security.Denied;
-import org.apache.river.api.security.AccessControlDelegate;
-import org.apache.river.api.security.PermissionGrantBuilder;
import org.apache.river.imp.security.policy.cdc.DynamicPolicyProviderImpl;
import java.security.AccessControlException;
import java.security.AccessController;
@@ -324,8 +321,4 @@ public class DynamicPolicyProvider exten
public List<PermissionGrant> getPermissionGrants() {
return instance.getPermissionGrants();
}
-
- public AccessControlDelegate getAccessControlDelegate() {
- return instance.getAccessControlDelegate();
- }
}
Added: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/delegates/FileInputStream.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/delegates/FileInputStream.java?rev=1000463&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/delegates/FileInputStream.java (added)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/delegates/FileInputStream.java Thu Sep 23 13:34:23 2010
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.delegates;
+
+import java.io.File;
+import java.io.FileDescriptor;
+import java.io.FileNotFoundException;
+import java.io.FilePermission;
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.Guard;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import org.apache.river.api.security.DelegatePermission;
+import sun.security.util.SecurityConstants;
+
+/**
+ *
+ * @author Peter Firmstone
+ */
+public class FileInputStream extends java.io.InputStream {
+ private final Guard g;
+ private final java.io.FileInputStream in;
+ public FileInputStream(final String name) throws FileNotFoundException, Throwable{
+ try {
+ // Permission check is delayed.
+ g = new DelegatePermission(new FilePermission(name, SecurityConstants.FILE_READ_ACTION));
+ in = AccessController.doPrivileged(new PrivilegedExceptionAction<java.io.FileInputStream>() {
+
+ public java.io.FileInputStream run() throws FileNotFoundException {
+ return new java.io.FileInputStream(name);
+ }
+ });
+ } catch (PrivilegedActionException ex) {
+ throw ex.getCause();
+ }
+ }
+ public FileInputStream(final File file) throws FileNotFoundException, Throwable{
+ try {
+ // If we get here the path is not null.
+ g = new DelegatePermission(new FilePermission(file.getPath(), SecurityConstants.FILE_READ_ACTION));
+ in = AccessController.doPrivileged(new PrivilegedExceptionAction<java.io.FileInputStream>() {
+
+ public java.io.FileInputStream run() throws FileNotFoundException {
+ return new java.io.FileInputStream(file);
+ }
+ });
+ } catch (PrivilegedActionException ex) {
+ throw ex.getCause();
+ }
+ }
+ public FileInputStream(final FileDescriptor fdObj) {
+ g = new DelegatePermission(new RuntimePermission("readFileDescriptor"));
+ in = AccessController.doPrivileged(new PrivilegedAction<java.io.FileInputStream>() {
+ public java.io.FileInputStream run() {
+ return new java.io.FileInputStream(fdObj);
+ }
+ });
+ }
+
+ @Override
+ public int read() throws IOException {
+ g.checkGuard(this);
+ return in.read();
+ }
+
+ @Override
+ public int read(byte b[]) throws IOException {
+ g.checkGuard(this);
+ return in.read(b);
+ }
+
+ @Override
+ public int read(byte b[], int off, int len) throws IOException {
+ g.checkGuard(this);
+ return in.read(b, off, len);
+ }
+
+ @Override
+ public long skip(long n) throws IOException {
+ g.checkGuard(this);
+ return in.skip(n);
+ }
+
+ @Override
+ public int available() throws IOException {
+ g.checkGuard(this);
+ return in.available();
+ }
+
+}
Propchange: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/delegates/FileInputStream.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java?rev=1000463&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java (added)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java Thu Sep 23 13:34:23 2010
@@ -0,0 +1,245 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.security;
+
+import java.lang.reflect.Field;
+import java.security.AccessControlContext;
+import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.Guard;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.apache.river.api.security.DelegatePermission;
+import org.apache.river.api.security.RevokePermission;
+import org.apache.river.imp.util.ConcurrentCollections;
+import org.apache.river.imp.util.ConcurrentSoftMap;
+
+/**
+ * Only a Single instance of InternetSecurityManager is required per policy, it is threadsafe.
+ * Threads will wait until revoke is complete.
+ *
+ * Implementers Note: It hasn't been determined if the cache should be
+ * Map<AccessControlContext,Set<Permission>> or the opposite as implemented,
+ * in any case the emphasis needs to be placed on the permission check
+ * since these are called the most. There will be less exposure to hashCode
+ * and equals() implementation issues if the current cache structure is reversed.
+ * However the performance of AccessControlContext.hashCode needs to be
+ * determined first.
+ *
+ * @author Peter Firmstone
+ */
+public class InternetSecurityManager extends SecurityManager {
+
+ private final ConcurrentMap<AccessControlContext,DelegateContextCheck> checks;
+ private final ReadWriteLock revokeLock;
+ private final Lock rl; // This lock is held briefly by callers of begin and end.
+ private final Lock wl; // This lock is held by revocation.
+ private final Guard g;
+
+ /* REMIND: do the DelegatePermission check and check the candidate Permission
+ * contained within is checked also.
+ *
+ * It is important that the DelegatePermission check is not expanded in
+ * the Policy, since this would exclude Static ProtectionDomain's or
+ * different Security Frameworks from working, eg OSGi.
+ *
+ * The DelegatePermission or candidate Permission have to be checked
+ * and return true for each ProtectionDomain in the AccessControlContext.
+ * This requires a slightly different algorithm than the AccessControlContext
+ * permission check.
+ *
+ * We would first have to get the current AccessControlContext from the stack,
+ * this would already have been optimised and combined.
+ *
+ * Then we would need to use reflection to access the ProtectionDomain[]
+ * context and iterate through each domain and check implies for
+ * the DelegatePermission or candidate Permission the DelegatePermission
+ * contains.
+ */
+
+ public InternetSecurityManager(){
+ /* This checks adequate permission is held */
+ super();
+ /* Previous checks */
+ checks = new ConcurrentSoftMap<AccessControlContext,DelegateContextCheck>(40);
+ /* This lock guards revocation, although if Permission has already
+ * been removed from the policy then this lock isn't really necessary
+ */
+ revokeLock = new ReentrantReadWriteLock();
+ rl = revokeLock.readLock();
+ wl = revokeLock.writeLock();
+ g = new RevokePermission();
+ }
+
+ public void revoke(Set<Permission> perms) throws InterruptedException, ExecutionException{
+ g.checkGuard(this);
+ wl.lock();
+ try {
+ // Identify Permission's with matching class files to those revoked.
+ Set<Class> permClasses = new HashSet<Class>();
+ Iterator<Permission> itp = perms.iterator();
+ while (itp.hasNext()){
+ permClasses.add(itp.next().getClass());
+ }
+ // Remove Permission's and AccessControlContexts from the checked cache.
+ Iterator<DelegateContextCheck> checkIt = checks.values().iterator();
+ while (checkIt.hasNext()){
+ DelegateContextCheck c = checkIt.next();
+ Iterator<Class> it = permClasses.iterator();
+ while (it.hasNext()){
+ c.removePermission(it.next());
+ }
+ }
+ /* We're done, go home & rest */
+ } finally {
+ wl.unlock();
+ }
+ }
+
+ @Override
+ public void checkPermission(Permission perm) throws SecurityException {
+ Object context = getSecurityContext();
+ checkPermission(perm, context);
+ }
+
+ @Override
+ public void checkPermission(Permission perm, Object context) throws SecurityException {
+ if (!(context instanceof AccessControlContext)) throw new SecurityException();
+ if (perm == null ) throw new NullPointerException("Permission Collection null");
+ //Thread currentThread = Thread.currentThread();
+ AccessControlContext executionContext = (AccessControlContext) context;
+ rl.lock();
+ try {
+ // checkedCache - the permission check, fast for repeated calls.
+ //Set<AccessControlContext> checked = checkedCache.get(perm);
+ DelegateContextCheck checked = checks.get(executionContext);
+ if (checked == null ){
+ checked = new DelegateContextCheck(executionContext);
+ DelegateContextCheck existed =
+ checks.putIfAbsent(executionContext, checked);
+ if (existed != null){
+ checked = existed;
+ }
+ }
+ checked.checkPermission(perm); // Throws AccessControlException
+ } finally {
+ rl.unlock();
+ }
+ }
+
+ private static class DelegateContextCheck {
+ private final AccessControlContext acc;
+ private final ConcurrentMap<Class,Set<Permission>> passed;
+ // The context is only consulted directly for DelegatePermission
+ private final ProtectionDomain[] context;
+
+ DelegateContextCheck(final AccessControlContext acc){
+ this.acc = acc;
+ passed = new ConcurrentHashMap<Class,Set<Permission>>();
+ /* If context is null for whatever reason, then the AccessControlContext
+ * will be consulted directly, but only for the DelegatePermission,
+ * in most cases, the context is null because only system classes
+ * are on the stack.
+ * However if there is an error, then we default to the safest
+ * action of directly consulting the AccessControlContext instead.
+ */
+ ProtectionDomain[] contx = AccessController.doPrivileged( new PrivilegedAction<ProtectionDomain[]>(){
+ public ProtectionDomain[] run() {
+ try {
+ Field field = acc.getClass().getDeclaredField("context");
+ field.setAccessible(true);
+ return (ProtectionDomain[]) field.get(acc);
+ } catch (IllegalArgumentException ex) {
+ Logger.getLogger(InternetSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
+ return null;
+ } catch (IllegalAccessException ex) {
+ Logger.getLogger(InternetSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
+ return null;
+ } catch (NoSuchFieldException ex) {
+ Logger.getLogger(InternetSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
+ return null;
+ } catch (SecurityException ex) {
+ Logger.getLogger(InternetSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
+ return null;
+ }
+ }
+ });
+ if ( contx != null ){
+ context = contx.clone();
+ }else{
+ context = null;
+ }
+ }
+
+ void checkPermission(Permission perm) throws AccessControlException {
+ if (perm == null) throw new NullPointerException("null Permission" +
+ " not allowed");
+ Set<Permission> perms = passed.get(perm.getClass());
+ if (perms.contains(perm)) return;
+ // We haven't checked this permission before!
+ if ( perm instanceof DelegatePermission ) {
+ // This throws AccessControlException when Permission not true
+ if( !implies((DelegatePermission) perm) ){
+ // context was null if we get here.
+ acc.checkPermission(perm);
+ }
+ } else {
+ acc.checkPermission(perm);
+ }
+ // If we get to here then we have permission.
+ if (perms == null ){
+ perms = ConcurrentCollections.multiReadSet(new HashSet<Permission>());
+ Set<Permission> existed = passed.putIfAbsent(perm.getClass(), perms);
+ if ( existed != null ){
+ perms = existed;
+ }
+ }
+ perms.add(perm);
+ }
+
+ private boolean implies(DelegatePermission perm) throws AccessControlException{
+ if (context == null) return false; // safe
+ int l = context.length;
+ for (int i = 0; i < l; i++){
+ if ( context[i] != null && (!context[i].implies(perm)
+ || !context[i].implies(perm.getPermission()))) {
+ throw new AccessControlException("access denied " + perm, perm);
+ }
+ }
+ return true;
+ }
+
+ void removePermission(Class c){
+ passed.remove(c);
+ }
+
+ }
+}
Propchange: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java?rev=1000463&r1=1000462&r2=1000463&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java (original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java Thu Sep 23 13:34:23 2010
@@ -96,33 +96,6 @@ public interface RevokeableDynamicPolicy
*/
public List<PermissionGrant> getPermissionGrants();
/**
- * The Revocation of Permission's requires an optimised check permission
- * call. Typically many objects that provide privileged functionality
- * are guarded in their constructor by a checkPermission(Permission) call
- * or by a GuardedObject, once a check has succeeded, the caller receives
- * a reference to the guarded object. These Permission's cannot be
- * revoked completely, because the reference has escaped, the permission
- * check will not be called again.
- *
- * Instead what is needed is a permission check that is efficient enough
- * to allow the methods that provide the privileged functionality to be
- * called for every method invocation. What the AccessControlDelegate
- * does is minimise the checkPermission calls by skipping checkPermission for
- * any execution AccessControlContext that has already passed, unless
- * a Permission related to the one being managed is revoked, in which case
- * the cache of AccessControlContext's previously checked are cleared.
- *
- * The AccessControlDelegate also manages special semantics required by
- * DelegatePermission checks, which require that a ProtectionDomain, have
- * either the DelegatePermission, or the candidate Permission which the
- * DelegatePermission represents (contains).
- *
- * @see DelegatePermission
- * @param p Permission the AccessControlDelegate will check.
- * @return a new AccessControlDelegate instance.
- */
- public AccessControlDelegate getAccessControlDelegate();
- /**
*
* @return true if Revoke supported.
*/
Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java?rev=1000463&r1=1000462&r2=1000463&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java (original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java Thu Sep 23 13:34:23 2010
@@ -49,7 +49,6 @@ import net.jini.security.GrantPermission
import org.apache.river.api.security.Denied;
import org.apache.river.api.security.PermissionGrant;
import org.apache.river.api.security.PermissionGrantBuilder;
-import org.apache.river.api.security.AccessControlDelegate;
import org.apache.river.imp.security.policy.spi.RevokeableDynamicPolicySpi;
/**
@@ -582,8 +581,4 @@ public class DynamicPolicyProviderImpl e
public List<PermissionGrant> getPermissionGrants() {
throw new UnsupportedOperationException("Not supported.");
}
-
- public AccessControlDelegate getAccessControlDelegate() {
- throw new UnsupportedOperationException("Not supported yet.");
- }
}
Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java?rev=1000463&r1=1000462&r2=1000463&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java (original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java Thu Sep 23 13:34:23 2010
@@ -2,9 +2,11 @@
package org.apache.river.imp.security.policy.se;
+import org.apache.river.api.security.InternetSecurityManager;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
+import java.security.Guard;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
@@ -32,9 +34,7 @@ import net.jini.security.GrantPermission
import net.jini.security.policy.DynamicPolicy;
import net.jini.security.policy.PolicyInitializationException;
import net.jini.security.policy.UmbrellaGrantPermission;
-import org.apache.river.api.security.Denied;
import org.apache.river.api.security.PermissionGrant;
-import org.apache.river.api.security.AccessControlDelegate;
import org.apache.river.imp.security.policy.spi.RevokeableDynamicPolicySpi;
import org.apache.river.api.security.PermissionGrantBuilder;
import org.apache.river.api.security.RevokePermission;
@@ -157,12 +157,13 @@ public class DynamicConcurrentPolicyProv
// do something about some domain permissions for this domain so we can
// avoid dead locks due to bug 4911907
/* This lock Protects denied */
- private final ReentrantReadWriteLock drwl;
+// private final ReentrantReadWriteLock drwl;
// private final ReadLock drl;
// private final WriteLock dwl;
// private final Set<Denied> denied;
// private volatile boolean checkDenied;
- private final ACCC execControlManager;
+ private final SecurityManager sm;
+ private final Guard g;
public DynamicConcurrentPolicyProvider(){
@@ -174,13 +175,19 @@ public class DynamicConcurrentPolicyProv
revokeable = true;
logger = Logger.getLogger("net.jini.security.policy");
loggable = logger.isLoggable(Level.FINEST);
- drwl = new ReentrantReadWriteLock();
+// drwl = new ReentrantReadWriteLock();
// drl = drwl.readLock();
// dwl = drwl.writeLock();
// denied = new HashSet<Denied>(30);
// checkDenied = false;
grantLock = new Object();
- execControlManager = new ACCC();
+ SecurityManager s = System.getSecurityManager();
+ if (s == null) {
+ s = new InternetSecurityManager();
+ System.setSecurityManager(s);
+ }
+ sm = s;
+ g = new RevokePermission();
}
/**
@@ -496,7 +503,8 @@ public class DynamicConcurrentPolicyProv
Collection<Permission> permCol = grant.getPermissions();
Permission[] perms = permCol.toArray(new Permission [permCol.size()]);
checkNullElements(perms);
- AccessController.checkPermission(new GrantPermission(perms));
+ Guard g = new GrantPermission(perms);
+ g.checkGuard(this);
allowed.put(grant, perms);
}
return allowed;
@@ -534,12 +542,12 @@ public class DynamicConcurrentPolicyProv
public void revoke(List<PermissionGrant> grants) throws Exception {
if (initialized == false) throw new RuntimeException("Object not initialized");
+ g.checkGuard(this);
if (basePolicyIsDynamic && revokeable){
RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy;
bp.revoke(grants);
return;
}
- AccessController.checkPermission(new RevokePermission());
HashSet<Permission> removed = new HashSet<Permission>();
List<Runnable> jobs = null;
HashSet<PermissionGrant> holder = new HashSet<PermissionGrant>(pGrants.length);
@@ -560,7 +568,9 @@ public class DynamicConcurrentPolicyProv
}
PermissionGrant[] updated = new PermissionGrant[holder.size()];
pGrants = holder.toArray(updated);
- execControlManager.revoke(removed);
+ if (sm instanceof InternetSecurityManager) {
+ ((InternetSecurityManager) sm).revoke(removed);
+ }
}
}
@@ -578,8 +588,4 @@ public class DynamicConcurrentPolicyProv
return grants;
}
- public AccessControlDelegate getAccessControlDelegate() {
- return execControlManager;
- }
-
}