You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2010/05/13 12:29:25 UTC
svn commit: r943864 - in /incubator/river/jtsk/trunk: qa/
src/net/jini/security/policy/ src/org/apache/river/api/security/
src/org/apache/river/imp/security/policy/cdc/
src/org/apache/river/imp/security/policy/concurrent/
src/org/apache/river/imp/secur...
Author: peter_firmstone
Date: Thu May 13 10:29:25 2010
New Revision: 943864
URL: http://svn.apache.org/viewvc?rev=943864&view=rev
Log:
River-323 Just some more refactoring still experiencing failled tests
This will break some tests maybe causing a failled Hudson build, however I think it best to get the code out there, so I can get some assistance.
By default the qa tests now utilise the ConcurrentDynamicPolicyProvider and DynamicPolicyProvider uses a pluggable SPI.
Modified:
incubator/river/jtsk/trunk/qa/build.xml
incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java
incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokePermission.java
incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java
Modified: incubator/river/jtsk/trunk/qa/build.xml
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/qa/build.xml?rev=943864&r1=943863&r2=943864&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/qa/build.xml (original)
+++ incubator/river/jtsk/trunk/qa/build.xml Thu May 13 10:29:25 2010
@@ -255,14 +255,14 @@
<!--<property name="run.tests" value="com/sun/jini/test/impl/discoverymanager/RemoveGroupsLocsDiscard.td"/>-->
<!--<property name="run.tests" value="com/sun/jini/test/impl/locatordiscovery/DelayDiscoveryAfterDiscard.td,com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoGetProperty.td,com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td,com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td,com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoGetProperty.td"/>-->
<!--<property name="run.tests" value="com/sun/jini/test/impl/joinmanager/LeaseRenewDurRFE.td"/>-->
- <!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/policyFileProvider/NullPolicy.td"/>-->
+ <!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/policyFileProvider/NullPolicy.td"/>*fails*-->
<!--<property name="run.tests" value="com/sun/jini/test/spec/joinmanager/GetDiscoveryManager.td"/>-->
<!--<property name="run.tests" value="com/sun/jini/test/spec/joinmanager/TerminateDiscovery.td"/>-->
- <!--<property name="run.tests" value="com/sun/jini/test/impl/joinmanager/ZRegisterStorm.td"/>-->
+ <property name="run.tests" value="com/sun/jini/test/impl/joinmanager/ZRegisterStorm.td"/>
<!--<property name="run.tests" value="com/sun/jini/test/impl/joinmanager/LeaseRenewDurRFE.td"/>-->
<!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipalSame.td"/>-->
- <!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td"/>-->
- <property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.td"/>
+ <!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td"/>*fails*-->
+ <!--<property name="run.tests" value="com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.td"/>*fails*-->
<!--<property name="run.tests" value=""/>-->
<!--<property name="run.tests" value=""/>-->
<!--<property name="run.tests" value=""/>-->
Modified: incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java?rev=943864&r1=943863&r2=943864&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java Thu May 13 10:29:25 2010
@@ -313,5 +313,13 @@ public class DynamicPolicyProvider exten
public Object parameters() throws UnsupportedOperationException {
throw new UnsupportedOperationException("Not supported yet.");
}
+
+ public void revoke(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ instance.revoke(cs, principals, permissions);
+ }
+
+ public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ instance.grant(cs, principals, permissions);
+ }
}
Modified: incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokePermission.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokePermission.java?rev=943864&r1=943863&r2=943864&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokePermission.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokePermission.java Thu May 13 10:29:25 2010
@@ -8,16 +8,14 @@ package org.apache.river.api.security;
import java.security.Permission;
/**
- * RevokePermission allows for a permission to be granted at runtime or
- * revoked. The revoker thread needs no permission other than a this.
- * A RevokePermission cannot grant itself a permission it doesn't already have.
+ * <p>RevokePermission allows for a permission to be revoked at runtime provided
+ * it has been dynamically granted.<p>
*
- * A domain with revoke permission can not revoke a RevokePermission
- * unless it has been
+ * A RevokePermission cannot dynamically grant itself a permission.<p>
*
- * It should cache all revokes, such that a refresh operation, doesn't add
- * any revoked permissions. I'm not sure about grant's though, should they be
- * refreshed and require re granting if they didn't exist in the configuration
+ * A domain with revoke permission can not revoke a RevokePermission
+ * unless it has been granted dynamically. </p>
+ *
* -- seems logical.
*
*
Modified: incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java?rev=943864&r1=943863&r2=943864&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java Thu May 13 10:29:25 2010
@@ -5,6 +5,7 @@
package org.apache.river.api.security;
+import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
import net.jini.security.policy.DynamicPolicy;
@@ -20,7 +21,40 @@ import net.jini.security.policy.DynamicP
*/
public interface RevokeablePolicy extends DynamicPolicy {
+ /**
+ * Revokes permissions based on Principal's and a ProtectionDomain belonging
+ * to the class cl.
+ * @param cl
+ * @param principals
+ * @param permissions
+ * @throws java.lang.UnsupportedOperationException
+ */
public void revoke(Class cl, Principal[] principals, Permission[] permissions)
throws UnsupportedOperationException;
+ /**
+ * Revokes permissions based on CodeSource and Principals.
+ * @param cs
+ * @param principals
+ * @param permissions
+ * @throws java.lang.UnsupportedOperationException
+ */
+ public void revoke(CodeSource cs, Principal[] principals, Permission[] permissions)
+ throws UnsupportedOperationException;
+ /**
+ * Grants permissions based on a CodeSource and Principal's. This may be
+ * useful to perform dynamic grants based on a CodeSource rather than
+ * a PermissionDomain. Granting Permission's by CodeSource can apply to
+ * multiple PermissionDomain's.
+ * @param cs
+ * @param principals
+ * @param permissions
+ * @throws java.lang.UnsupportedOperationException
+ */
+ public void grant(CodeSource cs, Principal[] principals, Permission[] permissions)
+ throws UnsupportedOperationException;
+ /**
+ *
+ * @return
+ */
public boolean revokeSupported();
}
Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java?rev=943864&r1=943863&r2=943864&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java Thu May 13 10:29:25 2010
@@ -572,4 +572,12 @@ public class DynamicPolicyProviderImpl e
public Object parameters() throws UnsupportedOperationException {
throw new UnsupportedOperationException("Not supported yet.");
}
+
+ public void revoke(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
+
+ public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
}
Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java?rev=943864&r1=943863&r2=943864&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java Thu May 13 10:29:25 2010
@@ -390,6 +390,15 @@ public class DynamicConcurrentPolicyProv
if (permissions == null || permissions.length == 0) {
return;
}
+ if (principals == null){
+ principals = new Principal[0];
+ }
+ if (principals.length > 0) {
+ principals = principals.clone();
+ checkNullElements(principals);
+ }
+ permissions = permissions.clone();
+ checkNullElements(permissions);
if ( basePolicyIsDynamic ){
/* Delegate, otherwise, if base policy is an instance of this class, we
* may have multi combinations of permissions that together should
@@ -401,15 +410,6 @@ public class DynamicConcurrentPolicyProv
dp.grant(cl, principals, permissions);
return;
}
- if (principals == null){
- principals = new Principal[0];
- }
- if (principals.length > 0) {
- principals = principals.clone();
- checkNullElements(principals);
- }
- permissions = permissions.clone();
- checkNullElements(permissions);
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new GrantPermission(permissions));
@@ -486,6 +486,14 @@ public class DynamicConcurrentPolicyProv
"ungrantable protection domain");
}
return pd;
- }
+ }
+
+ public void revoke(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
+
+ public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws UnsupportedOperationException {
+ throw new UnsupportedOperationException("Not supported yet.");
+ }
}
Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java?rev=943864&r1=943863&r2=943864&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/util/PolicyEntry.java Thu May 13 10:29:25 2010
@@ -188,11 +188,11 @@ public final class PolicyEntry {
* @return
*/
public boolean impliesPrincipals(Principal[] prs) {
- return PolicyUtils.matchSubset(principals.toArray(new Principal[principals.size()]), prs);
-// if ( principals.isEmpty()) return true;
-// if ( prs == null || prs.length == 0 ) return false;
-// List<Principal> princp = Arrays.asList(prs);
-// return princp.containsAll(principals);
+// return PolicyUtils.matchSubset(principals.toArray(new Principal[principals.size()]), prs);
+ if ( principals.isEmpty()) return true;
+ if ( prs == null || prs.length == 0 ) return false;
+ List<Principal> princp = Arrays.asList(prs);
+ return princp.containsAll(principals);
}
/**