You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2010/05/23 10:33:24 UTC
svn commit: r947380 - in /incubator/river/jtsk/trunk: qa/
qa/src/com/sun/jini/qa/harness/
qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/
src/net/jini/core/discovery/ src/org/apache/river/api/security/
src/org/apache/river/imp/secur...
Author: peter_firmstone
Date: Sun May 23 08:33:23 2010
New Revision: 947380
URL: http://svn.apache.org/viewvc?rev=947380&view=rev
Log:
River-323 All tests now passing
By default the qa tests now utilise the ConcurrentDynamicPolicyProvider and DynamicPolicyProvider is a pluggable SPI.
Next Step will be to add new types of Grants, such as ProtectionDomain, combined Certficate and Principal Grants.
Note the RevokeablePolicy interface will undergo more refactoring before complete, feel free to assist with comments.
Some newly added junit tests will be removed shortly.
Added:
incubator/river/jtsk/trunk/test/src/net/jini/security/policy/
incubator/river/jtsk/trunk/test/src/net/jini/security/policy/DynamicPolicyProviderTest.java (with props)
incubator/river/jtsk/trunk/test/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProviderTest.java (with props)
Modified:
incubator/river/jtsk/trunk/qa/build.xml
incubator/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java
incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java
incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java
incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.java
incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java
incubator/river/jtsk/trunk/src/net/jini/core/discovery/LookupLocator.java
incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java
incubator/river/jtsk/trunk/test/src/tests/support/MyPrincipal.java
Modified: incubator/river/jtsk/trunk/qa/build.xml
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/qa/build.xml?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/qa/build.xml (original)
+++ incubator/river/jtsk/trunk/qa/build.xml Sun May 23 08:33:23 2010
@@ -255,13 +255,13 @@
<!--<property name="run.tests" value="com/sun/jini/test/impl/discoverymanager/RemoveGroupsLocsDiscard.td"/>-->
<!--<property name="run.tests" value="com/sun/jini/test/impl/locatordiscovery/DelayDiscoveryAfterDiscard.td,com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoGetProperty.td,com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td,com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td,com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoGetProperty.td"/>-->
<!--<property name="run.tests" value="com/sun/jini/test/impl/joinmanager/LeaseRenewDurRFE.td"/>-->
- <!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/policyFileProvider/NullPolicy.td"/>*fails*-->
+ <!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/policyFileProvider/NullPolicy.td"/>*pass*-->
<!--<property name="run.tests" value="com/sun/jini/test/spec/joinmanager/GetDiscoveryManager.td"/>-->
<!--<property name="run.tests" value="com/sun/jini/test/spec/joinmanager/TerminateDiscovery.td"/>-->
- <property name="run.tests" value="com/sun/jini/test/impl/joinmanager/ZRegisterStorm.td"/>
+ <!--<property name="run.tests" value="com/sun/jini/test/impl/joinmanager/ZRegisterStorm.td"/>*pass*-->
<!--<property name="run.tests" value="com/sun/jini/test/impl/joinmanager/LeaseRenewDurRFE.td"/>-->
<!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipalSame.td"/>-->
- <!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td"/>*fails*-->
+ <property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td"/>
<!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.td"/>*fails*-->
<!--<property name="run.tests" value=""/>-->
<!--<property name="run.tests" value=""/>-->
Modified: incubator/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java Sun May 23 08:33:23 2010
@@ -102,7 +102,7 @@ public class MergedPolicyProvider extend
*
* @param source the <code>CodeSource</code>
*/
- public PermissionCollection getPermissions(CodeSource source) {
+ public synchronized PermissionCollection getPermissions(CodeSource source) {
Iterator it = policies.iterator();
if (it.hasNext()) {
PermissionCollection pc =
@@ -131,7 +131,7 @@ public class MergedPolicyProvider extend
*
* @param domain the <code>ProtectionDomain</code>
*/
- public PermissionCollection getPermissions(ProtectionDomain domain) {
+ public synchronized PermissionCollection getPermissions(ProtectionDomain domain) {
Iterator it = policies.iterator();
ArrayList list = new ArrayList();
if (it.hasNext()) {
@@ -190,7 +190,7 @@ public class MergedPolicyProvider extend
* @param permission the <code>Permission</code> to check
* @return true if the permission is granted
*/
- public boolean implies(ProtectionDomain domain, Permission permission) {
+ public synchronized boolean implies(ProtectionDomain domain, Permission permission) {
Iterator it = policies.iterator();
while (it.hasNext()) {
Policy p = (Policy) it.next();
@@ -205,7 +205,7 @@ public class MergedPolicyProvider extend
/**
* Refresh all of the underlying policies.
*/
- public void refresh() {
+ public synchronized void refresh() {
System.out.println("In REFRESH");
Iterator it = policies.iterator();
while (it.hasNext()) {
Modified: incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java (original)
+++ incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java Sun May 23 08:33:23 2010
@@ -347,12 +347,18 @@ public abstract class DynamicPolicyProvi
*
* @param pd the ProtectionDomain or null.
* @param p permissions granted earlier or null.
+ * @param dynamicallyGranted This indicates that these permissions
+ * have been dynamically granted.
+ * If the policy being tested supports revoking
+ * permissions, dynamically granted permissions passed in must not be present, as this
+ * will remove the ability to revoke the permissions as they will become
+ * merged into the PermissionDomain's cached PermissionCollection.
* @param msg string to format log message.
*
* @throws TestException if failed
*
*/
- protected void callGetPermissions(ProtectionDomain pd, Permission[] p,
+ protected void callGetPermissions(ProtectionDomain pd, Permission[] p, boolean dynamicallyGranted,
String msg) throws TestException {
// Returned permissions.
PermissionCollection pReturned = null;
@@ -372,7 +378,18 @@ public abstract class DynamicPolicyProvi
throw new TestException(Util.fail(msg, SNULL,
"PermissionCollection"));
}
-
+ if ( dynamicallyGranted && policy.revokeSupported()){
+ for (int i = 0; i < p.length; i++) {
+ if (pReturned.implies(p[i])) {
+ String prm = p[i].toString();
+ String exp = "PermissionCollection does not contain " + prm;
+ String ret = "PermissionCollection contains " + prm;
+ throw new TestException(Util.fail(msg, ret, exp));
+ }
+ }
+ logger.log(Level.FINE, Util.pass(msg, "permission(s) not present"));
+ return;
+ }
for (int i = 0; i < p.length; i++) {
if (!pReturned.implies(p[i])) {
String prm = p[i].toString();
@@ -396,7 +413,8 @@ public abstract class DynamicPolicyProvi
* @throws TestException if failed
*
*/
- protected void callGetPermissions(CodeSource cs, Permission[] p, String msg)
+ protected void callGetPermissions(CodeSource cs, Permission[] p,
+ boolean dynamicallyGranted, String msg)
throws TestException {
// Returned permissions.
PermissionCollection pReturned = null;
@@ -420,7 +438,18 @@ public abstract class DynamicPolicyProvi
throw new TestException(Util.fail(msg, SNULL,
"PermissionCollection"));
}
-
+ if ( dynamicallyGranted && policy.revokeSupported()){
+ for (int i = 0; i < p.length; i++) {
+ if (pReturned.implies(p[i])) {
+ String prm = p[i].toString();
+ String exp = "PermissionCollection does not contain " + prm;
+ String ret = "PermissionCollection contains " + prm;
+ throw new TestException(Util.fail(msg, ret, exp));
+ }
+ }
+ logger.log(Level.FINE, Util.pass(msg, "permission(s) not present"));
+ return;
+ }
for (int i = 0; i < p.length; i++) {
if (!pReturned.implies(p[i])) {
String prm = p[i].toString();
Modified: incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java (original)
+++ incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java Sun May 23 08:33:23 2010
@@ -453,7 +453,7 @@ public class GrantNoPrincipalCase02 exte
* Policy.getPermissions(CodeSource).
*/
callGetPermissionsNoGranted(s, pmAsided);
- callGetPermissions(s, pmAll, null);
+ callGetPermissions(s, pmAll, true, null);
}
}
}
Modified: incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.java (original)
+++ incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.java Sun May 23 08:33:23 2010
@@ -428,6 +428,12 @@ public class GrantPrincipal extends Dyna
/*
* Iterate over array of array of QAPrincipals.
+ * This is where ConcurrentDynamicPolicyProvider has some issues,
+ * due to it's granting permission by ProtectionDomain instead
+ * of ClassLoader. When implies is called in the original spec
+ * it grants by ClassLoader, such that multiple protection domains
+ * are given identical Permissions.
+ *
*/
for (int j = 0; j < praBase.length; j++) {
Modified: incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java (original)
+++ incubator/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java Sun May 23 08:33:23 2010
@@ -154,15 +154,17 @@ public class NullCases extends DynamicPo
// Some times call grant() passing various array of Principal
// that contains null and verify that
// NullPointerExceptions are thrown.
+ // Changed permissions from null to avoid early
+ // return performance optimisation.
msg = "policy.grant(null, new Principal[] {..., null,... }, null)";
pra = new Principal[] { null };
- callGrantNPE(null, pra, null, msg);
+ callGrantNPE(null, pra, pmGranted, msg);
pra = new Principal[] { null, pr1, pr2, null, pr3 };
- callGrantNPE(null, pra, null, msg);
+ callGrantNPE(null, pra, pmGranted, msg);
pra = new Principal[] { pr1, pr2, pr3, null, pr3 };
- callGrantNPE(null, pra, null, msg);
+ callGrantNPE(null, pra, pmGranted, msg);
pra = new Principal[] { pr1, pr2, pr3, pr3, null };
- callGrantNPE(null, pra, null, msg);
+ callGrantNPE(null, pra, pmGranted, msg);
// some times call grant() passing various array of Permission
// that contains null and verify that NullPointerExceptions
@@ -202,7 +204,7 @@ public class NullCases extends DynamicPo
// also verify that returned array contains Permissions granted
// earlier.
msg = "policy.getPermissions((ProtectionDomain) null)";
- callGetPermissions((ProtectionDomain) null, pmGranted, msg);
+ callGetPermissions((ProtectionDomain) null, pmGranted, true, msg);
// Call getPermissions() passing null as CodeSource
// and verify that NullPointerException is thrown;
Modified: incubator/river/jtsk/trunk/src/net/jini/core/discovery/LookupLocator.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/net/jini/core/discovery/LookupLocator.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/net/jini/core/discovery/LookupLocator.java (original)
+++ incubator/river/jtsk/trunk/src/net/jini/core/discovery/LookupLocator.java Sun May 23 08:33:23 2010
@@ -47,7 +47,9 @@ import net.jini.io.MoToMiInputStream;
* @author Sun Microsystems, Inc.
*
* @since 1.0
+ * @deprecated replaced by @link{net.jini.discovery.LookupLocatorDiscovery}
*/
+@Deprecated
public class LookupLocator implements Serializable {
private static final long serialVersionUID = 1448769379829432795L;
Modified: incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java Sun May 23 08:33:23 2010
@@ -22,8 +22,7 @@ import net.jini.security.policy.DynamicP
public interface RevokeablePolicy extends DynamicPolicy {
/**
- * Revokes permissions based on Principal's and a ProtectionDomain belonging
- * to the class cl.
+ * ClassLoader based permission revocation.
* @param cl
* @param principals
* @param permissions
Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java Sun May 23 08:33:23 2010
@@ -183,7 +183,15 @@ public class DynamicConcurrentPolicyProv
if (initialized == false) throw new RuntimeException("Object not initialized");
// Investigate bug 4911907, do we need to do anything more here? Is this sufficient.
if (sysDomain == null ) System.out.println("System Domain is null");
- implies(sysDomain, new AllPermission());
+ basePolicy.implies(sysDomain, new AllPermission());
+ PermissionCollection pc = getPermissions(sysDomain);
+ pc = PolicyUtils.toConcurrentPermissionsCopy(pc);
+ cache.putIfAbsent(sysDomain, pc);
+ ProtectionDomain own = this.getClass().getProtectionDomain();
+ basePolicy.implies(own, new AllPermission());
+ PermissionCollection mypc = getPermissions(own);
+ mypc = PolicyUtils.toConcurrentPermissionsCopy(mypc);
+ cache.putIfAbsent(own, mypc);
}
public void revoke(Class cl, Principal[] principals, Permission[] permissions) {
@@ -208,45 +216,53 @@ public class DynamicConcurrentPolicyProv
* possible to prevent possible deadlocks, increase concurrency at the
* risk of possible positive implies() the the mean time.
*/
- ProtectionDomain domain = cl.getProtectionDomain();
- CodeSource codeSource = domain.getCodeSource();
- if (principals == null){
- principals = new Principal[0];
- }
- if (principals.length > 0) {
+ ClassLoader loader = cl.getClassLoader();
+ if ( principals != null && principals.length > 0) {
principals = principals.clone();
checkNullElements(principals);
- }
+ } else {
+ principals = new Principal[0];
+ }
permissions = permissions.clone();
checkNullElements(permissions);
Collection<Permission> permToBeRemoved = Arrays.asList(permissions);
- Collection<Permission> remainingGrants = new HashSet<Permission>();
+ Collection<PolicyEntry> removed = new HashSet<PolicyEntry>();
try {
wl.lock();
Iterator<PolicyEntry> it = dynamicGrants.iterator();
while (it.hasNext()) {
PolicyEntry ge = it.next();
- if (ge.impliesPrincipals(domain == null ? null : principals)
- && ge.impliesProtectionDomain(domain)
- && ge.impliesCodeSource(domain == null ? null : codeSource)) {
- remainingGrants.addAll( ge.getPermissions());
+ // This ignores ServiceItem's context as we want to capture
+ // and remove all grants that may be granted by other means.
+ // such as ProtectionDomain or Principals alone.
+ // When we have Certificates we might want to check that
+ // too because otherwise we might remove a grant that doesn't
+ // imply or apply.
+ if ( ge.impliesPrincipals(loader == null ? null : principals)
+ && ge.impliesClassLoader(loader)) {
+ removed.add(ge);
it.remove();
}
}
- if (remainingGrants.isEmpty()) return; // nothing to do.
+ if (removed.isEmpty()) return; // nothing to do.
} finally { wl.unlock(); }
- /* Now we can remove the PermissionDomain from the cache.
+ /* Now we can remove the PermissionDomain's from the cache.
* The cache will populate itself again correctly when implies() is
* called on that PermissionDomain again.
*/
- cache.remove(domain.toString());
+ Collection<PolicyEntry> prevail = new HashSet<PolicyEntry>(removed.size());
+ Iterator<PolicyEntry> pdIterator = removed.iterator();
+ while (pdIterator.hasNext()){
+ PolicyEntry pe = pdIterator.next();
+ cache.remove(pe);
+ Collection<Permission> p = pe.getPermissions();
+ p.removeAll(permToBeRemoved);
+ prevail.add(new PolicyEntry(pe, p));
+ }
/* We must re-enter the remaining grants if any exist. */
- remainingGrants.removeAll(permToBeRemoved);
- PolicyEntry policyEntry = new PolicyEntry(codeSource,
- Arrays.asList(principals), remainingGrants);
try {
wl.lock();
- dynamicGrants.add(policyEntry);
+ dynamicGrants.addAll(prevail);
} finally { wl.unlock(); }
}
@@ -267,72 +283,68 @@ public class DynamicConcurrentPolicyProv
public PermissionCollection getPermissions(CodeSource codesource) {
if (initialized == false) throw new RuntimeException("Object not initialized");
- return basePolicy.getPermissions(codesource);
-// The following code breaks revoke.
-// Collection<Permission> dynamicallyGrantedPermissions = getGrants(codesource, null);
-// PermissionCollection pc = null;
-// pc = basePolicy.getPermissions(codesource);
-// if (pc == null) pc = new Permissions();
-// Iterator<Permission> dgpi = dynamicallyGrantedPermissions.iterator();
-// while (dgpi.hasNext()){
-// pc.add(dgpi.next());
-// }
-// return pc;
+ return basePolicy.getPermissions(codesource);
}
public PermissionCollection getPermissions(ProtectionDomain domain) {
if (initialized == false) throw new RuntimeException("Object not initialized");
return basePolicy.getPermissions(domain);
-// The following code breaks revoke.
-// CodeSource cs = (domain == null ? null : domain.getCodeSource());
-// Principal[] pals = (domain == null ? null : domain.getPrincipals());
-// Collection<Permission> dynamicallyGrantedPermissions = getGrants(cs, pals);
-// PermissionCollection pc = null;
-// pc = cache.get(domain); // saves new object creation.
-// if (pc == null){
-// pc = basePolicy.getPermissions(domain);
-// //if (pc == null) pc = new ConcurrentPermissions();
-// if (pc == null) pc = new Permissions();
-//// if (!(pc instanceof ConcurrentPermissions)) {
-//// pc = PolicyUtils.toConcurrentPermissionsCopy(pc);
-//// }
-// PermissionCollection existed = cache.putIfAbsent(domain, pc);
-// if ( !(existed == null) ){ pc = existed;} //Another thread might have just done it!
-// }
-// Iterator<Permission> dgpi = dynamicallyGrantedPermissions.iterator();
-// while (dgpi.hasNext()){
-// pc.add(dgpi.next());
-// }
-// return pc;
}
public boolean implies(ProtectionDomain domain, Permission permission) {
if (initialized == false) throw new RuntimeException("Object not initialized");
// First check the our cache if the basePolicy is not dynamic.
+ PermissionCollection pc = cache.get(domain);
if (!basePolicyIsDynamic) {
- PermissionCollection pc = cache.get(domain);
if ( pc != null){
if (pc.implies(permission)) return true;
}
}
- // Then check the base policy
- if (basePolicy.implies(domain, permission)) return true;
+ // Then check the base policy, this will resolve any unresolved
+ // permissions, but we should the add that domain's permissions to
+ // our cache, to reduce any contention.
+ if (basePolicy.implies(domain, permission)) {
+ if (basePolicyIsDynamic) return true;
+ PermissionCollection bpc = basePolicy.getPermissions(domain);
+ if (pc == null){
+ pc = PolicyUtils.toConcurrentPermissionsCopy(bpc);
+ PermissionCollection existed = cache.putIfAbsent(domain, pc);
+ if ( existed != null ) {
+ if (existed.implies(permission)) return true;
+ if (pc.implies(permission)) {
+ throw new RuntimeException("Underlying policy not dynamic" +
+ " but has changed");
+ }
+ }
+ }
+ if (pc.implies(permission)) {return true; }
+ else {
+ throw new RuntimeException("Underlying policy implies but" +
+ " PermissionCollection doesn't");
+ }
+ }
if (basePolicyIsDynamic) return false;
if (loggable){
logger.log(Level.FINEST, domain + permission.toString() +
": Base policy is not dynamic and returned false" );
}
// If it doesn't then we should check for dynamic grants
- Principal[] pals = (domain == null ? null : domain.getPrincipals());
- CodeSource cs = ( domain == null ? null : domain.getCodeSource());
- Collection<Permission> dynamicallyGrantedPermissions = getGrants(domain, cs, pals);
+ Collection<Permission> dynamicallyGrantedPermissions = new HashSet<Permission>();
+ try {
+ rl.lock();
+ Iterator<PolicyEntry> it = dynamicGrants.iterator();
+ while (it.hasNext()) {
+ PolicyEntry ge = it.next();
+ if ( ge.implies(domain)) {
+ dynamicallyGrantedPermissions.addAll( ge.getPermissions());
+ }
+ }
+ } finally { rl.unlock(); }
if (loggable) {
logger.log(Level.FINEST, "Grants: " + dynamicallyGrantedPermissions.toString());
}
if (dynamicallyGrantedPermissions.isEmpty()) return false;
- // Operation starts to get expensive
- PermissionCollection pc = null;
- pc = cache.get(domain); // saves new object creation.
+// // Operation starts to get expensive
if (pc == null){
pc = basePolicy.getPermissions(domain);
/* Don't use the underlying policy permission collection otherwise
@@ -344,7 +356,7 @@ public class DynamicConcurrentPolicyProv
pc = PolicyUtils.toConcurrentPermissionsCopy(pc);
PermissionCollection existed = cache.putIfAbsent(domain, pc);
if ( (existed != null) ){ pc = existed;} //Another thread might have just done it!
- }
+ }
Iterator<Permission> dgpi = dynamicallyGrantedPermissions.iterator();
while (dgpi.hasNext()){
pc.add(dgpi.next());
@@ -377,7 +389,7 @@ public class DynamicConcurrentPolicyProv
}
}
} finally {wl.unlock();}
-
+ ensureDependenciesResolved();
}
public boolean grantSupported() {
@@ -387,16 +399,12 @@ public class DynamicConcurrentPolicyProv
public void grant(Class cl, Principal[] principals, Permission[] permissions) {
if (initialized == false) throw new RuntimeException("Object not initialized");
- if (permissions == null || permissions.length == 0) {
- return;
- }
- if (principals == null){
- principals = new Principal[0];
- }
+ if (permissions == null || permissions.length == 0) {return;}
+ if (principals == null){ principals = new Principal[0];}
if (principals.length > 0) {
principals = principals.clone();
checkNullElements(principals);
- }
+ }
permissions = permissions.clone();
checkNullElements(permissions);
if ( basePolicyIsDynamic ){
@@ -420,7 +428,7 @@ public class DynamicConcurrentPolicyProv
if ( cl != null){
domain = getDomain(cl);
}
- PolicyEntry pe = new PolicyEntry(domain, pal, perm);
+ PolicyEntry pe = new PolicyEntry(domain, 0, pal, perm);
if (loggable){
logger.log(Level.FINEST, "Granting: " + pe.toString());
}
@@ -433,18 +441,33 @@ public class DynamicConcurrentPolicyProv
// documentation inherited from DynamicPolicy.getGrants
public Permission[] getGrants(Class cl, Principal[] principals) {
if (initialized == false) throw new RuntimeException("Object not initialized");
- ProtectionDomain pd = null;
- CodeSource cs = null;
- if ( cl != null ) {
- pd = getDomain(cl);
- cs = pd.getCodeSource();
+ ClassLoader loader = null;
+ if( cl != null ) {
+ loader = cl.getClassLoader();
}
// defensive copy array
if (principals != null && principals.length > 0) {
principals = principals.clone();
checkNullElements(principals);
}
- Collection<Permission> cperms = getGrants(pd, cs, principals);
+ Collection<Permission> cperms = new HashSet();
+ try {
+ wl.lock();
+ Iterator<PolicyEntry> it = dynamicGrants.iterator();
+ while (it.hasNext()) {
+ PolicyEntry ge = it.next();
+ // This ignores ServiceItem's context as we want to capture
+ // and remove all grants that may be granted by other means.
+ // such as ProtectionDomain or Principals alone.
+ // When we have Certificates we might want to check that
+ // too because otherwise we might remove a grant that doesn't
+ // imply or apply.
+ if ( ge.impliesPrincipals(loader == null ? null : principals)
+ && ge.impliesClassLoader(loader)) {
+ cperms.addAll(ge.getPermissions());
+ }
+ }
+ } finally { wl.unlock(); }
Permission[] perms = cperms.toArray(new Permission[cperms.size()]);
return perms;
}
@@ -457,8 +480,8 @@ public class DynamicConcurrentPolicyProv
Iterator<PolicyEntry> it = dynamicGrants.iterator();
while (it.hasNext()) {
PolicyEntry ge = it.next();
- if ( ge.impliesProtectionDomain(pd)
- && ge.impliesCodeSource(cs)
+ if ( ge.implies(pd) ||
+ ge.impliesCodeSource(cs)
&& ge.impliesPrincipals(pals)) {
dynamicallyGrantedPermissions.addAll( ge.getPermissions());
}
Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java Sun May 23 08:33:23 2010
@@ -30,13 +30,14 @@ import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
-import java.util.Set;
+import sun.security.util.SecurityConstants;
/**
@@ -49,13 +50,16 @@ import java.util.Set;
*
*/
public final class PolicyEntry {
-
+
+ public static final int CLASSLOADER = 0;
+ public static final int CODESOURCE = 1;
+ public static final int PROTECTIONDOMAIN = 2;
// Store CodeSource
private final CodeSource cs;
-
+ private final Certificate[] certs; //TODO certs comparison etc.
private final WeakReference<ProtectionDomain> domain;
private final boolean hasDomain;
-
+
// Array of principals
private final List<Principal> principals;
@@ -63,10 +67,43 @@ public final class PolicyEntry {
private final Collection<Permission> permissions;
private transient final int hashcode;
-
+
+ private final int context;
+
/**
* Constructor with initialization parameters. Passed collections are not
- * referenced directly, but copied.
+ * referenced directly, but copied. This constructor is for
+ * grants by CodeSource either read from files or granted at runtime.
+ */
+ public PolicyEntry(Certificate[] codeSourceCertificates, Collection<? extends Principal> prs,
+ Collection<? extends Permission> permissions) {
+ if ( prs == null || prs.isEmpty()) {
+ this.principals = Collections.emptyList(); // Java 1.5
+ }else{
+ this.principals = new ArrayList<Principal>(prs.size());
+ this.principals.addAll(prs);
+ }
+ if (permissions == null || permissions.isEmpty()) {
+ this.permissions = Collections.emptySet(); // Java 1.5
+ }else{
+ this.permissions = new HashSet<Permission>(permissions.size());
+ this.permissions.addAll(permissions);
+ }
+ certs = codeSourceCertificates.clone();
+ cs = null;
+ domain = null;
+ hasDomain = false;
+ context = 1;
+ /* Effectively immutable, this will make any hash this is contained in perform.
+ * May need to consider Serializable for this class yet, we'll see.
+ */
+ hashcode = calculateHashCode();
+ }
+
+ /**
+ * Constructor with initialization parameters. Passed collections are not
+ * referenced directly, but copied. This constructor is for
+ * grants by CodeSource either read from files or granted at runtime.
*/
public PolicyEntry(CodeSource cs, Collection<? extends Principal> prs,
Collection<? extends Permission> permissions) {
@@ -85,22 +122,31 @@ public final class PolicyEntry {
}
domain = null;
hasDomain = false;
+ context = 1;
+ certs = null;
/* Effectively immutable, this will make any hash this is contained in perform.
* May need to consider Serializable for this class yet, we'll see.
*/
- if (this.cs == null){
- hashcode = (principals.hashCode() + this.permissions.hashCode()
- - Boolean.valueOf(hasDomain).hashCode());
- } else {
- hashcode = (this.cs.hashCode() + principals.hashCode()
- + this.permissions.hashCode()
- - Boolean.valueOf(hasDomain).hashCode());
- }
+ hashcode = calculateHashCode();
}
- public PolicyEntry(ProtectionDomain pd, Collection<? extends Principal> prs,
+ /**
+ * Runtime Permission Grants, collections are copied.
+ * @param pd ProtectionDomain
+ * @param context int constant for the context of the PolicyEntry grant.
+ * @param prs principals
+ * @param permissions
+ */
+ public PolicyEntry(ProtectionDomain pd, int context, Collection<? extends Principal> prs,
Collection<? extends Permission> permissions ){
+ if ( context < 0 ){
+ throw new IllegalStateException("context must be >= 0");
+ }
+ if ( context > 2 ){
+ throw new IllegalStateException("context must be <= 2");
+ }
+ this.context = context;
if ( prs == null || prs.isEmpty()) {
this.principals = Collections.emptyList(); // Java 1.5
}else{
@@ -120,32 +166,108 @@ public final class PolicyEntry {
hasDomain = false;
domain = null;
cs = null;
- hashcode = (principals.hashCode() + this.permissions.hashCode()
- - Boolean.valueOf(hasDomain).hashCode());
- } else {
+ } else if (context != 1) {
hasDomain = true;
domain = new WeakReference<ProtectionDomain>(pd);
- CodeSource code = pd.getCodeSource();
- int codeBaseHash;
- if (code != null){
- codeBaseHash = code.hashCode();
- cs = normalizeCodeSource(code);
- } else {
- cs = null;
- codeBaseHash = 0;
+ cs = pd.getCodeSource();
+ } else {
+ // context == 1 and pd != null
+ hasDomain = false;
+ domain = null;
+ cs = pd.getCodeSource();
+ }
+ certs = null;
+ hashcode = calculateHashCode();
+ }
+
+ public PolicyEntry(PolicyEntry pe,
+ Collection<? extends Permission> permissions){
+ this.cs = pe.cs;
+ this.hasDomain = pe.hasDomain;
+ this.domain = pe.domain;
+ this.principals = pe.principals;
+ this.context = pe.context;
+ this.certs = pe.certs;
+ if (permissions == null || permissions.isEmpty()) {
+ this.permissions = Collections.emptySet(); // Java 1.5
+ }else{
+ this.permissions = new HashSet<Permission>(permissions.size());
+ this.permissions.addAll(permissions);
+ }
+ hashcode = calculateHashCode();
+ }
+
+ public ProtectionDomain getProtectionDomain(){
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(SecurityConstants.GET_PD_PERMISSION);
+ }
+ if (hasDomain){
+ return domain.get();
+ }
+ return null;
+ }
+
+ /**
+ * This is a multi comparison
+ * @param pd ProtectionDomain
+ * @return
+ */
+ public boolean implies(ProtectionDomain pd){
+ CodeSource cs = null;
+ ClassLoader cl = null;
+ Principal[] pals = null;
+ if (pd != null){
+ cs = pd.getCodeSource();
+ cl = pd.getClassLoader();
+ pals = pd.getPrincipals();
+ }
+ if (context == 0){
+ // ClassLoader comparison
+ if (impliesClassLoader(cl) && impliesPrincipals(pals)){
+ return true;
}
- hashcode = (pd.hashCode() + principals.hashCode()
- + this.permissions.hashCode() + codeBaseHash
- - Boolean.valueOf(hasDomain).hashCode());
+ } else if (context == 2){
+ // ProtectionDomain comparison
+ if (impliesProtectionDomain(pd)){
+ return true;
+ }
+ } else if (context == 1){
+ // CodeSource comparison
+ if (impliesCodeSource(cs) && impliesPrincipals(pals))
+ return true;
}
+ return false;
+ }
+
+ /**
+ * Checks if passed ClassLoader matches this PolicyEntry. Null ProtectionDomain of
+ * PolicyEntry implies any ClassLoader, unless the ProtectionDomain has
+ * become garbage collected, in which case it will be false;
+ *
+ * This implies is public to assist in removal of Permission grants
+ * from a ClassLoader space. In other words it ignores context.
+ *
+ * It isn't very smart, it misses other grants, so isn't a guarantee that
+ * a permission grant won't apply to a particluar ClassLoader, in the
+ * case of Principals and Certificate grants.
+ *
+ * non-null ProtectionDomain's are
+ * compared with equals();
+ */
+ public boolean impliesClassLoader(ClassLoader cl) {
+ if (hasDomain == false) return true;
+ if (cl == null) return false;
+ if (domain.get() == null ) return false; // hasDomain already true
+ return domain.get().getClassLoader().equals(cl); // pd not null
}
/**
* Checks if passed ProtectionDomain matches this PolicyEntry. Null ProtectionDomain of
- * PolicyEntry implies any ProtectionDomain; non-null ProtectionDomain is
+ * PolicyEntry implies any ProtectionDomain; non-null ProtectionDomain's are
* compared with equals();
*/
- public boolean impliesProtectionDomain(ProtectionDomain pd) {
+ private boolean impliesProtectionDomain(ProtectionDomain pd) {
if (hasDomain == false) return true;
if (pd == null) return false;
if (domain.get() == null ) return false; // hasDomain already true
@@ -203,7 +325,7 @@ public final class PolicyEntry {
// if (permissions.isEmpty()) return null; // not sure if this is good needs further investigation
return Collections.unmodifiableCollection(permissions);
}
-
+
/**
* Returns true if this PolicyEntry defines no Permissions, false otherwise.
*/
@@ -232,6 +354,28 @@ public final class PolicyEntry {
return hashcode;
}
+ /* Effectively immutable, this will make any hash this is contained in perform.
+ * May need to consider Serializable for this class yet, we'll see.
+ */
+ private int calculateHashCode(){
+ int pdHash = 0;
+ int codeHash = 0;
+ if (hasDomain){
+ ProtectionDomain d = domain.get();
+ if (d != null){
+ pdHash = d.hashCode();
+ }
+ }
+ if (cs != null){
+ codeHash = cs.hashCode();
+ }
+ return (
+ pdHash + codeHash
+ + context * 31
+ + principals.hashCode()
+ + permissions.hashCode());
+ }
+
@Override
public String toString(){
String domainString = ( domain == null || domain.get() == null)
Added: incubator/river/jtsk/trunk/test/src/net/jini/security/policy/DynamicPolicyProviderTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/net/jini/security/policy/DynamicPolicyProviderTest.java?rev=947380&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/test/src/net/jini/security/policy/DynamicPolicyProviderTest.java (added)
+++ incubator/river/jtsk/trunk/test/src/net/jini/security/policy/DynamicPolicyProviderTest.java Sun May 23 08:33:23 2010
@@ -0,0 +1,176 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package net.jini.security.policy;
+
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.security.Provider;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author peter
+ */
+public class DynamicPolicyProviderTest {
+
+ public DynamicPolicyProviderTest() {
+ }
+
+ DynamicPolicyProvider instance;
+
+ @org.junit.Before
+ public void setUp() throws Exception {
+ instance = new DynamicPolicyProvider();
+ }
+
+ @org.junit.After
+ public void tearDown() throws Exception {
+ }
+
+ /**
+ * Test of revoke method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void revoke() {
+ System.out.println("revoke");
+ Class cl = null;
+ Principal[] principals = null;
+ Permission[] permissions = null;
+ instance.revoke(cl, principals, permissions);
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of revokeSupported method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void revokeSupported() {
+ System.out.println("revokeSupported");
+ boolean expResult = false;
+ boolean result = instance.revokeSupported();
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of getProvider method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void getProvider() {
+ System.out.println("getProvider");
+ Provider expResult = null;
+ Provider result = instance.getProvider();
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of getType method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void getType() {
+ System.out.println("getType");
+ String expResult = "";
+ String result = instance.getType();
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of getPermissions method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void getPermissions() {
+ System.out.println("getPermissions");
+ CodeSource codesource = null;
+ PermissionCollection expResult = null;
+ PermissionCollection result = instance.getPermissions(codesource);
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of implies method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void implies() {
+ System.out.println("implies");
+ ProtectionDomain domain = null;
+ Permission permission = null;
+ boolean expResult = false;
+ boolean result = instance.implies(domain, permission);
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of refresh method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void refresh() {
+ System.out.println("refresh");
+ instance.refresh();
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of grantSupported method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void grantSupported() {
+ System.out.println("grantSupported");
+ boolean expResult = false;
+ boolean result = instance.grantSupported();
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of grant method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void grant() {
+ System.out.println("grant");
+ Class cl = null;
+ Principal[] principals = null;
+ Permission[] permissions = null;
+ instance.grant(cl, principals, permissions);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of getGrants method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void getGrants() {
+ System.out.println("getGrants");
+ Class cl = null;
+ Principal[] principals = null;
+ Permission[] expResult = null;
+ Permission[] result = instance.getGrants(cl, principals);
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+}
\ No newline at end of file
Propchange: incubator/river/jtsk/trunk/test/src/net/jini/security/policy/DynamicPolicyProviderTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/river/jtsk/trunk/test/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProviderTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProviderTest.java?rev=947380&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/test/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProviderTest.java (added)
+++ incubator/river/jtsk/trunk/test/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProviderTest.java Sun May 23 08:33:23 2010
@@ -0,0 +1,194 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+package org.apache.river.imp.security.policy.se;
+
+import java.io.FilePermission;
+import net.jini.security.policy.*;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.security.Provider;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import tests.support.MyPrincipal;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author peter
+ */
+public class DynamicConcurrentPolicyProviderTest {
+
+ public DynamicConcurrentPolicyProviderTest() {
+ }
+
+ DynamicConcurrentPolicyProvider instance;
+ Principal[] pra = null;
+ Permission[] pma = null;
+ Principal pr1 = new MyPrincipal("1");
+ Principal pr2 = new MyPrincipal("1");
+ Principal pr3 = new MyPrincipal("2");
+ Permission pm1 = new FilePermission("1", "read");
+ Permission pm2 = new FilePermission("1", "read");
+ Permission pm3 = new FilePermission("2", "read");
+ Permission pm4 = new FilePermission("4", "read");
+ Permission[] pmGranted = new Permission[] { pm1, pm2, pm3 };
+
+ @org.junit.Before
+ public void setUp() throws Exception {
+ Policy basePolicy = new PolicyFileProvider();
+ instance = new DynamicConcurrentPolicyProvider();
+ instance.basePolicy(basePolicy);
+ instance.initialize();
+ }
+
+ @org.junit.After
+ public void tearDown() throws Exception {
+ }
+
+ /**
+ * Test of revoke method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void revoke() {
+ System.out.println("revoke");
+ Class cl = null;
+ Principal[] principals = null;
+ Permission[] permissions = null;
+ instance.revoke(cl, principals, permissions);
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of revokeSupported method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void revokeSupported() {
+ System.out.println("revokeSupported");
+ boolean expResult = false;
+ boolean result = instance.revokeSupported();
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of getProvider method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void getProvider() {
+ System.out.println("getProvider");
+ Provider expResult = null;
+ Provider result = instance.getProvider();
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of getType method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void getType() {
+ System.out.println("getType");
+ String expResult = "";
+ String result = instance.getType();
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of getPermissions method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void getPermissions() {
+ System.out.println("getPermissions");
+ CodeSource codesource = null;
+ PermissionCollection expResult = null;
+ PermissionCollection result = instance.getPermissions(codesource);
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of implies method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void implies() {
+ System.out.println("implies");
+ ProtectionDomain domain = null;
+ Permission permission = null;
+ boolean expResult = false;
+ boolean result = instance.implies(domain, permission);
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of refresh method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void refresh() {
+ System.out.println("refresh");
+ instance.refresh();
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of grantSupported method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void grantSupported() {
+ System.out.println("grantSupported");
+ boolean expResult = false;
+ boolean result = instance.grantSupported();
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of grant method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void grant() {
+ System.out.println("grant");
+ Class cl = null;
+ Principal[] principals = null;
+ instance.grant(cl, principals, pmGranted);
+ // TODO review the generated test code and remove the default call to fail.
+ assertTrue(instance.implies(null, pm1));
+ assertTrue(instance.implies(null, pm2));
+ assertTrue(instance.implies(null, pm3));
+ //fail("The test case is a prototype.");
+ }
+
+ /**
+ * Test of getGrants method, of class DynamicPolicyProvider.
+ */
+ @org.junit.Test
+ public void getGrants() {
+ System.out.println("getGrants");
+ Class cl = null;
+ Principal[] principals = null;
+ Permission[] expResult = null;
+ Permission[] result = instance.getGrants(cl, principals);
+ assertEquals(expResult, result);
+ // TODO review the generated test code and remove the default call to fail.
+ fail("The test case is a prototype.");
+ }
+
+}
\ No newline at end of file
Propchange: incubator/river/jtsk/trunk/test/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProviderTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/river/jtsk/trunk/test/src/tests/support/MyPrincipal.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/test/src/tests/support/MyPrincipal.java?rev=947380&r1=947379&r2=947380&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/test/src/tests/support/MyPrincipal.java (original)
+++ incubator/river/jtsk/trunk/test/src/tests/support/MyPrincipal.java Sun May 23 08:33:23 2010
@@ -35,4 +35,23 @@ public class MyPrincipal implements Prin
public String getName() {
return name;
}
+
+ // documentation inherited from java.security.Principal.hashCode
+ @Override
+ public int hashCode() {
+ return name.hashCode();
+ }
+
+ // documentation inherited from java.security.Principal.toString
+ @Override
+ public String toString() {
+ return "MyPrincipal[" + name + "]";
+ }
+
+ // documentation inherited from java.security.Principal.equals
+ @Override
+ public boolean equals(Object obj) {
+ return (obj instanceof MyPrincipal
+ && name.equals(((MyPrincipal) obj).name));
+ }
}
\ No newline at end of file