You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2013/03/19 13:38:29 UTC
svn commit: r1458247 - in /river/jtsk/skunk/qa_refactor/trunk:
qa/src/com/sun/jini/test/impl/outrigger/leasing/
qa/src/com/sun/jini/test/spec/javaspace/conformance/
qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/
qa/src/com/sun/jini/test/...
Author: peter_firmstone
Date: Tue Mar 19 12:38:28 2013
New Revision: 1458247
URL: http://svn.apache.org/r1458247
Log:
Minor adjustments to test timing and fixed some more visibility issues with tests.
Documentation updates.
Modified:
river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td
river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/javaspace.properties
river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotNotifyLeaseANYTest.td
river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/jrmp/jrmpexporter/Unexport_BehaviorTest.java
river/jtsk/skunk/qa_refactor/trunk/src-doc/static/manpages-index.html
river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java
river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/impl/net/UriString.java
river/jtsk/skunk/qa_refactor/trunk/test/src/org/apache/river/impl/net/UriStringTest.java
Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td?rev=1458247&r1=1458246&r2=1458247&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td (original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td Tue Mar 19 12:38:28 2013
@@ -4,4 +4,4 @@ include0=../outrigger.properties
com.sun.jini.test.share.exact=true
com.sun.jini.test.share.renew=2
-com.sun.jini.test.share.slop=3000
+com.sun.jini.test.share.slop=1000
Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/javaspace.properties
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/javaspace.properties?rev=1458247&r1=1458246&r2=1458247&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/javaspace.properties (original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/javaspace.properties Tue Mar 19 12:38:28 2013
@@ -15,8 +15,8 @@ com.sun.jini.test.spec.javaspace.conform
# timeout2 must be greater than (timeout1 + instantTime)
# it is recommended that timeout2 be greater than (timeout1 + 2*instantTime)
-com.sun.jini.test.spec.javaspace.conformance.timeout1=20000
-com.sun.jini.test.spec.javaspace.conformance.timeout2=45000
+com.sun.jini.test.spec.javaspace.conformance.timeout1=24000
+com.sun.jini.test.spec.javaspace.conformance.timeout2=48000
# general round trip time expected to non-blocking operations.
# should be set to checkTime / 2.
Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotNotifyLeaseANYTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotNotifyLeaseANYTest.td?rev=1458247&r1=1458246&r2=1458247&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotNotifyLeaseANYTest.td (original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotNotifyLeaseANYTest.td Tue Mar 19 12:38:28 2013
@@ -1,3 +1,3 @@
testClass=SnapshotNotifyLeaseANYTest
testCategories=javaspace,javaspace_spec,javaspace_conformance,snapshot
-include0=../javaspace.properties
+include0=../javaspace.properties
\ No newline at end of file
Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/jrmp/jrmpexporter/Unexport_BehaviorTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/jrmp/jrmpexporter/Unexport_BehaviorTest.java?rev=1458247&r1=1458246&r2=1458247&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/jrmp/jrmpexporter/Unexport_BehaviorTest.java (original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/jrmp/jrmpexporter/Unexport_BehaviorTest.java Tue Mar 19 12:38:28 2013
@@ -242,13 +242,13 @@ public class Unexport_BehaviorTest exten
class Unexporter extends Thread {
/** JrmpExporter which unexport method will be invoked */
- JrmpExporter jExp;
+ final JrmpExporter jExp;
/** Value of parameter for unexport method invocation */
- boolean val;
+ final boolean val;
/** Result of unexport method invocation */
- boolean res;
+ volatile boolean res;
/**
* Constructor which initialize fields of the class.
Modified: river/jtsk/skunk/qa_refactor/trunk/src-doc/static/manpages-index.html
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src-doc/static/manpages-index.html?rev=1458247&r1=1458246&r2=1458247&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/src-doc/static/manpages-index.html (original)
+++ river/jtsk/skunk/qa_refactor/trunk/src-doc/static/manpages-index.html Tue Mar 19 12:38:28 2013
@@ -94,11 +94,12 @@ specifics for services, utilities, and t
<H2>Infrastructure</H2>
<ul>
<li><a href="api/org/apache/river/api/security/package-summary.html">Apache River's
- Security Extensions</a>
+ Security Extensions</a> - A scalable SecurityManager and ConcurrentPolicyFile
+ solve long standing performance issues in distributed environments.
<li><a href="api/org/apache/river/api/io/package-summary.html">Distributed objects</a>
- an extension of the Serialization protocol, Distributed objects are themselves
not Serialized, instead only instructions for recreating an object remotely
- using reflection are marshalled. This allows Distributed objects to utilised
+ using reflection are Marshalled. This allows Distributed objects to utilised
public api methods for construction, avoid publishing their internal state
and to be immutable and safely constructed with invariants checked or
defensively copied using final fields.
Modified: river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java?rev=1458247&r1=1458246&r2=1458247&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java (original)
+++ river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java Tue Mar 19 12:38:28 2013
@@ -21,6 +21,8 @@ package org.apache.river.api.security;
import java.lang.ref.WeakReference;
import java.net.URI;
import java.net.URISyntaxException;
+import java.net.URL;
+import java.net.URLClassLoader;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
@@ -58,42 +60,125 @@ public abstract class PermissionGrantBui
* ClassLoader combination, the reason for this is the DomainCombiner may
* create new instances of ProtectionDomain's from those that exist on
* the stack.
+ * <p>
+ * DNS is not consulted, the RFC3986 normalized URI and all Certificates contained
+ * by the CodeSources must be equal.
+ *
* @see java.security.AccessControlContext
* @see java.security.DomainCombiner
* @see javax.security.auth.SubjectDomainCombiner
*/
public static final int PROTECTIONDOMAIN = 2;
/**
- * The PermissionGrant generated will apply to all classes loaded from
- * CodeSource's that have at a minimum the defined array Certificate[]
- *
- */
- public static final int CODESOURCE_CERTS = 3;
- /**
* The PermissionGrant generated will apply to the Subject that has
* all the principals provided.
*
* @see Subject
*/
- public static final int PRINCIPAL = 4;
+ public static final int PRINCIPAL = 3;
+ /**
+ * The PermissionGrant generated will apply to all classes loaded from
+ * CodeSource's that have at a minimum the defined array Certificate[]
+ * provided the logged in Subject also has all Principals when defined.
+ */
+ public static final int CODESOURCE_CERTS = 4;
/**
- * The PermissionGrant generated will apply to the ProtectionDomain or
- * CodeSource who's URL is implied by the given URI. The outcome of
- * URI comparison is identical to {@link CodeSource.implies(CodeSource)},
- * except for item 3.4; host names are normalized according to RFC3986
- * and compared.
- *
- * The DNS lookup is avoided for security and performance reasons,
+ * The PermissionGrant generated will imply the ProtectionDomain run as
+ * a Subject with all Principals (when applicable) and
+ * CodeSource that has the Certificates and URI RFC3986 location as specified.
+ * <p>
+ * The outcome of URI comparison is similar to
+ * {@link CodeSource.implies(CodeSource)}.
+ * <p>
+ * DNS lookup is avoided for security and performance reasons,
* DNS is not authenticated and therefore cannot be trusted. Doing so,
* could allow an attacker to use DNS Cache poisoning to escalate
- * Permission, by imitating a URL with greater privileges.
- *
+ * Permission, by imitating a URL with privilege, such as AllPermission.
+ * <p>
* CodeSource URL are converted to URI and normalized according
* to {@link http://www.ietf.org/rfc/rfc3986.txt} RFC3986 before being
- * compared.
- *
- * @see java.security.CodeSource#implies
+ * compared as Strings.
+ * <p>
+ * A URI based PermissionGrant "implies" a specified {@link ProtectionDomain} if:
+ * <P>
+ * <ol>
+ * <li> The {@link ProtectionDomain}'s <i>{@link CodeSource}</i> is not null.
+ * <li> All {@link Principal}'s, if defined in the {@link PermissionGrant} are present in the
+ * {@link ProtectionDomain}, when run as a {@link Subject}, in any order.
+ * <li> A URI based PermissionGrant "implies" a specified {@link ProtectionDomain}
+ * or non null {@link CodeSource} if:
+ * <ol>
+ * <li> All {@link Certificate}'s included in a URI based
+ * PermissionGrant are present in that {@link ProtectionDomain}'s
+ * <i>{@link CodeSource}</i>'s certificates, in any order, or no Certificates
+ * are defined by the PermissionGrant.
+ * <li> For any {@link URI} in a PermissionGrant, checks are made in the
+ * following order:
+ * <p>
+ * <ol>
+ * <li> Any null {@link URI} implies any
+ * {@link ProtectionDomain} that contains a non null
+ * {@link CodeSource}, including a null {@link URL} returned by
+ * {@link CodeSource#getLocation()}.
+ *
+ * <li> If any RFC3986 normalized URI equals the {@link ProtectionDomain}'s
+ * <i>{@link CodeSource#getLocation()}</i>'s {@link URL}
+ * after it is converted to a RFC3986 normalized {@link URI},
+ * the {@link PermissionGrant#implies(java.security.ProtectionDomain)}
+ * method will return true.
+ *
+ * <li> The {@link CodeSource#getLocation()}'s {@link URL} is checked
+ * against each {@link URI} contained in a PermissionGrant and
+ * returns true if all the following conditions are met for at least
+ * one {@link URI}:
+ * <ol>
+ * <li> The {@link URI#getScheme()} scheme must be
+ * equal to a {@link CodeSource}'s {@link URL#getProtocol()}
+ * protocol, after normalization to RFC3986 rules.
+ *
+ * <li> If {@link URI#getHost()} is non null,
+ * and {@link URL#getHost()} is equal after RFC3986 compliant normalization
+ * performed.
+ *
+ * <li> If the {@link URI#getPort()} port is not
+ * equal to -1 (that is, if a port is specified), it must equal the
+ * CodeSource URL's port.
+ *
+ * <li> URI and URL path's are normalized to RFC3986, in addition file: scheme
+ * paths are normalized to upper case, on platforms with a backslash
+ * path separator.
+ * <li> After normalization, if this {@link URI#getPath()} path doesn't equal
+ * <i>codesource</i>'s {@link URL#getPath()} path, then the following checks are made:
+ * If this URI's path ends with "/-",
+ * then <i>codesource</i>'s URL path must start with this URI's
+ * path (exclusive the trailing "-").
+ * If this URI's path ends with a "/*",
+ * then <i>codesource</i>'s URL path must start with this URI's
+ * path and must not have any further "/" separators.
+ * If this URI's path doesn't end with a "/",
+ * then <i>codesource</i>'s URL path must match this URI's
+ * path with a '/' appended.
+ *
+ * <li> If this {@link URI#getFragment()} fragment is
+ * not null, it must equal <i>codesource</i>'s
+ * {@link URL#getRef()} reference.
+ *
+ * <li> Unlike {@link CodeSource#implies(java.security.CodeSource) }
+ * {@link URI#getQuery()} query is not appended to the path because
+ * normalization to specific platforms is undefined. It appears
+ * that {@link URL} was developed prior to RFC2396 and as such
+ * the {@link URL#getFile()} included the query component, later
+ * in Java 1.3 the {@link URL#getPath() } method was added, however
+ * earlier developed classes like {@link URLClassLoader} continued
+ * to use {@link URL#getFile() } and append this with path
+ * separators and wild cards after the query, if it existed. In
+ * any case, Certificate and Principal are more prudent identifiers for
+ * privileges.
+ * </ol>
+ * </ol>
+ * </ol>
+ * </ol>
*/
public static final int URI = 5;
@@ -105,6 +190,7 @@ public abstract class PermissionGrantBui
* resets the state for reuse, identical to a newly created
* PermissionGrantBuilder, this step must be performed to avoid unintentional
* grants to previously added URI.
+ * @return PermissionGrantBuilder
*/
public abstract PermissionGrantBuilder reset();
@@ -122,7 +208,7 @@ public abstract class PermissionGrantBui
* The URI will be added to the PermissionGrant, multiple may be specified by
* calling multiple times.
*
- * @param uri
+ * @param uri - RFC3986 compliant URI or null.
* @return
*/
public abstract PermissionGrantBuilder uri(URI uri);
Modified: river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/impl/net/UriString.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/impl/net/UriString.java?rev=1458247&r1=1458246&r2=1458247&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/impl/net/UriString.java (original)
+++ river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/impl/net/UriString.java Tue Mar 19 12:38:28 2013
@@ -146,6 +146,8 @@ public class UriString {
* encoded, since they are legal and in case the string already
* contains escaped characters. The percent character must be encoded
* manually prior to calling this method.
+ * <p>
+ * No normalisation or platform specific changes are performed.
*
* @param str
* @return
@@ -218,9 +220,9 @@ public class UriString {
/**
* Normalises a URI, eliminating pathname symbols, in addition
* to normalisation compliant with RFC3986 this method, uses platform specific
- * canonical file path for "file" scheme URIs, then normalises using
- * RFC3986 rules.
- *
+ * canonical file path for "file" scheme URIs, followed by normalisation using
+ * RFC3986 rules by calling {@link UriString#normalisation(java.net.URI)}.
+ * <p>
* This minimises false negatives for URI equals and policy based URI
* comparison.
*
@@ -283,7 +285,12 @@ public class UriString {
/**
* Normalisation of URI for comparison in compliance with RFC 3986 Section 6,
- * without regard for platform specific dependencies.
+ * without regard for platform specific dependencies for, scheme, host and path
+ * components.
+ *
+ * This method does not perform escaping of illegal characters, instead characters
+ * that shouldn't be escaped are un-escaped and case and formats are
+ * changed to conform with RFC3986 where applicable.
*
* @param uri to be normalised.
* @return URI in normalised from for comparison.
@@ -498,14 +505,14 @@ public class UriString {
}
// TODO: query and fragment normalisation.
try {
- return new URI(scheme, uri.getRawUserInfo(), host, uri.getPort(), path, uri.getQuery(), uri.getFragment());
+ return new URI(scheme, uri.getUserInfo(), host, uri.getPort(), path, uri.getQuery(), uri.getFragment());
} catch (URISyntaxException e){
//Somethings gone horribly wrong! Normalisation failed.
logger.log(Level.SEVERE, "Normalisation failed: {0}", e.getMessage());
return uri;
}
}
-
+
private static void processLatin(){
/* Complete list of Unicode Latin possible to represent with percentage encoding.*/
Modified: river/jtsk/skunk/qa_refactor/trunk/test/src/org/apache/river/impl/net/UriStringTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/test/src/org/apache/river/impl/net/UriStringTest.java?rev=1458247&r1=1458246&r2=1458247&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/test/src/org/apache/river/impl/net/UriStringTest.java (original)
+++ river/jtsk/skunk/qa_refactor/trunk/test/src/org/apache/river/impl/net/UriStringTest.java Tue Mar 19 12:38:28 2013
@@ -92,7 +92,8 @@ public class UriStringTest {
URI url = new URI("HTTP://river.apache.ORG/foo%7ebar/file%3clib");
URI expResult = new URI("http://river.apache.org/foo~bar/file%3Clib");
URI result = UriString.normalisation(url);
- assertEquals(expResult.toString(), result.toString());
+ assertEquals(expResult, result);
+ assertEquals(result.toString(), "http://river.apache.org/foo~bar/file%3Clib");
}
@Test