You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by ml...@apache.org on 2006/04/04 07:42:33 UTC
svn commit: r391227 - in /incubator/harmony/enhanced/classlib/trunk/modules:
luni-kernel/src/main/java/java/lang/System.java
security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java
Author: mloenko
Date: Mon Apr 3 22:42:32 2006
New Revision: 391227
URL: http://svn.apache.org/viewcvs?rev=391227&view=rev
Log:
Fixes for HARMONY-121
Modified:
incubator/harmony/enhanced/classlib/trunk/modules/luni-kernel/src/main/java/java/lang/System.java
incubator/harmony/enhanced/classlib/trunk/modules/security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java
Modified: incubator/harmony/enhanced/classlib/trunk/modules/luni-kernel/src/main/java/java/lang/System.java
URL: http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/luni-kernel/src/main/java/java/lang/System.java?rev=391227&r1=391226&r2=391227&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/luni-kernel/src/main/java/java/lang/System.java (original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/luni-kernel/src/main/java/java/lang/System.java Mon Apr 3 22:42:32 2006
@@ -22,6 +22,9 @@
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.PrintStream;
+import java.security.AccessController;
+import java.security.Policy;
+import java.security.PrivilegedAction;
import java.util.Properties;
import java.util.PropertyPermission;
@@ -60,6 +63,10 @@
// The System default SecurityManager
private static SecurityManager security;
+ // Indicates whether the classes needed for
+ // permission checks was initialized or not
+ private static boolean security_initialized;
+
// Initialize all the slots in System on first use.
static {
// Fill in the properties from the VM information.
@@ -790,12 +797,14 @@
*/
public static void setSecurityManager(final SecurityManager s) {
final SecurityManager currentSecurity = security;
- try {
- // Preload classes used for checkPackageAccess(),
- // otherwise we could go recursive
- s.checkPackageAccess("java.lang");
- } catch (Exception e) {
- }
+ if (!security_initialized) {
+ try {
+ // Preload and initialize Policy implementation classes
+ // otherwise we could go recursive
+ Policy.getPolicy();
+ } catch (Exception e) { }
+ security_initialized = true;
+ }
security = s;
}
Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java
URL: http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java?rev=391227&r1=391226&r2=391227&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java (original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java Mon Apr 3 22:42:32 2006
@@ -1,308 +1,309 @@
-/*
- * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
-* @author Alexey V. Varlamov
-* @version $Revision$
-*/
-
-package org.apache.harmony.security.fortress;
-
-import java.io.File;
-import java.net.URL;
-import java.security.AccessController;
-import java.security.CodeSource;
-import java.security.PermissionCollection;
-import java.security.Policy;
-import java.security.ProtectionDomain;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.WeakHashMap;
-
-import org.apache.harmony.security.PolicyEntry;
-
-
-/**
- * Default Policy implementation based on policy configuration files. This
- * implementation recognizes text files, consisting of clauses with the
- * following syntax:
- *
- * <pre>
- * keystore "some_keystore_url" [, "keystore_type"];
- * </pre>
- <pre>
- * grant [SignedBy "signer_names"] [, CodeBase "URL"]
- * [, Principal [principal_class_name] "principal_name"]
- * [, Principal [principal_class_name] "principal_name"] ... {
- * permission permission_class_name [ "target_name" ] [, "action"]
- * [, SignedBy "signer_names"];
- * permission ...
- * };
- *
- * </pre>
- *
- * The <i>keystore </i> clause specifies reference to a keystore, which is a
- * database of private keys and their associated digital certificates. The
- * keystore is used to look up the certificates of signers specified in the
- * <i>grant </i> entries of the file. The policy file can contain any number of
- * <i>keystore </i> entries which can appear at any ordinal position. However,
- * only the first successfully loaded keystore is used, others are ignored. The
- * keystore must be specified if some grant clause refers to a certificate's
- * alias. <br>
- * The <i>grant </i> clause associates a CodeSource (consisting of an URL and a
- * set of certificates) of some executable code with a set of Permissions which
- * should be granted to the code. So, the CodeSource is defined by values of
- * <i>CodeBase </i> and <i>SignedBy </i> fields. The <i>CodeBase </i> value must
- * be in URL format, while <i>SignedBy </i> value is a (comma-separated list of)
- * alias(es) to keystore certificates. These fields can be omitted to denote any
- * codebase and any signers (including case of unsigned code), respectively.
- * <br>
- * Also, the code may be required to be executed on behalf of some Principals
- * (in other words, code's ProtectionDomain must have the array of Principals
- * associated) in order to possess the Permissions. This fact is indicated by
- * specifying one or more <i>Principal </i> fields in the <i>grant </i> clause.
- * Each Principal is specified as class/name pair; name and class can be either
- * concrete value or wildcard <i>* </i>. As a special case, the class value may
- * be omitted and then the name is treated as an alias to X.509 Certificate, and
- * the Principal is assumed to be javax.security.auth.x500.X500Principal with a
- * name of subject's distinguished name from the certificate. <br>
- * The order between the <i>CodeBase </i>, <i>SignedBy </i>, and <i>Principal
- * </i> fields does not matter. The policy file can contain any number of grant
- * clauses. <br>
- * Each <i>grant </i> clause must contain one or more <i>permission </i> entry.
- * The permission entry consist of a fully qualified class name along with
- * optional <i>name </i>, <i>actions </i> and <i>signedby </i> values. Name and
- * actions are arguments to the corresponding constructor of the permission
- * class. SignedBy value represents the keystore alias(es) to certificate(s)
- * used to sign the permission class. That is, this permission entry is
- * effective (i.e., access control permission will be granted based on this
- * entry) only if the bytecode implementation of permission class is verified to
- * be correctly signed by the said alias(es). <br>
- * <br>
- * The policy content may be parameterized via property expansion. Namely,
- * expressions like <i>${key} </i> are replaced by values of corresponding
- * system properties. Also, the special <i>slash </i> key (i.e. ${/}) is
- * supported, it is a shortcut to "file.separator" key. Property
- * expansion is performed anywhere a double quoted string is allowed in the
- * policy file. However, this feature is controlled by security properties and
- * should be turned on by setting "policy.expandProperties" property
- * to <i>true </i>. <br>
- * If property expansion fails (due to a missing key), a corresponding entry is
- * ignored. For fields of <i>keystore </i> and <i>grant </i> clauses, the whole
- * clause is ignored, and for <i>permission </i> entry, only that entry is
- * ignored. <br>
- * <br>
- * The policy also supports generalized expansion in permissions names, of
- * expressions like <i>${{protocol:data}} </i>. Currently the following
- * protocols supported:
- * <dl>
- * <dt>self
- * <dd>Denotes substitution to a principal information of the parental Grant
- * entry. Replaced by a space-separated list of resolved Principals (including
- * wildcarded), each formatted as <i>class "name" </i>. If parental
- * Grant entry has no Principals, the permission is ignored.
- * <dt>alias: <i>name </i>
- * <dd>Denotes substitution of a KeyStore alias. Namely, if a KeyStore has an
- * X.509 certificate associated with the specified name, then replaced by
- * <i>javax.security.auth.x500.X500Principal " <i>DN </i>" </i>
- * string, where <i>DN </i> is a certificate's subject distinguished name.
- * </dl>
- * <br>
- * <br>
- * This implementation is thread-safe. The policy caches sets of calculated
- * permissions for the requested objects (ProtectionDomains and CodeSources) via
- * WeakHashMap; the cache is cleaned either explicitly during refresh()
- * invokation, or naturally by garbage-collecting the corresponding objects.
- *
- * @see org.apache.harmony.security.PolicyUtils#getPolicyURLs(Properties, String,
- * String)
- */
-
-public class DefaultPolicy extends Policy {
-
- /**
- * System property for dynamically added policy location.
- */
- public static final String JAVA_SECURITY_POLICY = "java.security.policy";
-
- /**
- * Prefix for numbered Policy locations specified in security.properties.
- */
- public static final String POLICY_URL_PREFIX = "policy.url.";
-
- // A set of PolicyEntries constituting this Policy.
- private final Set/* <PolicyEntry> */grants = new HashSet();
-
- // Calculated Permissions cache, organized as
- // Map{Object->Collection<Permission>}.
- // The Object is a ProtectionDomain, a CodeSource or
- // any other permissions-granted entity.
- private final Map cache = new WeakHashMap();
-
- // A specific parser for a particular policy file format.
- private final DefaultPolicyParser parser;
-
- // A flag indicating brand new instance which needs to be loaded
- // on the first appeal to it's data.
- private boolean initiailized;
-
- /**
- * Default constructor, equivalent to
- * <code>DefaultPolicy(new DefaultPolicyParser())</code>.
- */
- public DefaultPolicy() {
- this(new DefaultPolicyParser());
- }
-
- /**
- * Extension constructor for plugging-in a custom parser. Defers policy data
- * initialization before the first <code>getPermissions()</code> call
- * (though policy may be refreshed explicitly, as well).
- */
- public DefaultPolicy(DefaultPolicyParser dpr) {
- parser = dpr;
- initiailized = false;
- }
-
- /**
- * Returns collection of permissions allowed for the domain
- * according to the policy. The evalueated characteristics of the
- * domain are it's codesource and principals; they are assumed
- * to be <code>null</code> if the domain is <code>null</code>.
- */
- public PermissionCollection getPermissions(ProtectionDomain pd) {
- if (!initiailized) {
- synchronized (this) {
- if (!initiailized) {
- refresh();
- }
- }
- }
- Collection pc = (Collection)cache.get(pd);
- if (pc == null) {
- //have to synchronize to exclude cache pollution after refresh
- synchronized (cache) {
-
- // double check in case value has been put to cache
- // while we've been awaiting monitor
- pc = (Collection)cache.get(pd);
- if (pc == null) {
- pc = new HashSet();
- Iterator it = grants.iterator();
- while (it.hasNext()) {
- PolicyEntry ge = (PolicyEntry)it.next();
- if (ge.impliesPrincipals(pd == null ? null : pd.getPrincipals())
- && ge.impliesCodeSource(pd == null ? null : pd.getCodeSource())) {
- pc.addAll(ge.getPermissions());
- }
- }
- cache.put(pd, pc);
- }
- }
- }
- return PolicyUtils.toPermissionCollection(pc);
-
- }
-
- /**
- * Returns collection of permissions allowed for the codesource
- * according to the policy.
- * The evaluation assumes that current principals are undefined.
- */
- public PermissionCollection getPermissions(CodeSource cs) {
- if (!initiailized) {
- synchronized (this) {
- if (!initiailized) {
- refresh();
- }
- }
- }
- Collection pc = (Collection)cache.get(cs);
- if (pc == null) {
- //have to synchronize to exclude cache pollution after refresh
- synchronized (cache) {
-
- // double check in case value has been put to cache
- // while we've been awaiting monitor
- pc = (Collection)cache.get(cs);
- if (pc == null) {
- pc = new HashSet();
- Iterator it = grants.iterator();
- while (it.hasNext()) {
- PolicyEntry ge = (PolicyEntry)it.next();
- if (ge.impliesPrincipals(null)
- && ge.impliesCodeSource(cs)) {
- pc.addAll(ge.getPermissions());
- }
- }
- cache.put(cs, pc);
- }
- }
- }
- return PolicyUtils.toPermissionCollection(pc);
- }
-
- /**
- * Gets fresh list of locations and tries to load all of them in sequence;
- * failed loads are ignored. After processing all locations, old policy
- * settings are discarded and new ones come into force. <br>
- * This method is declared synchronized to avoid concurrent reloading.
- *
- * @see PolicyUtils#getPolicyURLs(Properties, String, String)
- */
- public synchronized void refresh() {
- Set fresh = new HashSet();
- Properties system = new Properties((Properties)AccessController
- .doPrivileged(new PolicyUtils.SystemKit()));
- system.setProperty("/", File.separator);
- URL[] policyLocations = PolicyUtils.getPolicyURLs(system,
- JAVA_SECURITY_POLICY,
- POLICY_URL_PREFIX);
- for (int i = 0; i < policyLocations.length; i++) {
- try {
- //TODO debug log
- //System.err.println("Parsing policy file: " + policyLocations[i]);
- fresh.addAll(parser.parse(policyLocations[i], system));
- } catch (Exception e) {
- // TODO log warning
- //System.err.println("Ignoring policy file: "
- // + policyLocations[i] + ". Reason:\n"+ e);
- }
- }
- // XXX: what if new policy is empty - provide some default??
-
- // we could safely replace references instead of
- // synchronizing access:
- // <pre>
- // grants = fresh;
- // cache = new WeakHashMap();
- // </pre>
- // but there is possibility that concurrent thread will put
- // old data to cache right after we finish refresh(),
- // thus synchronization is added in getPermissions() methods...
- synchronized (cache) {
- grants.clear();
- grants.addAll(fresh);
-
- cache.clear();
- }
- initiailized = true;
- }
-}
+/*
+ * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+* @author Alexey V. Varlamov
+* @version $Revision$
+*/
+
+package org.apache.harmony.security.fortress;
+
+import java.io.File;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.WeakHashMap;
+
+import org.apache.harmony.security.PolicyEntry;
+
+
+/**
+ * Default Policy implementation based on policy configuration files. This
+ * implementation recognizes text files, consisting of clauses with the
+ * following syntax:
+ *
+ * <pre>
+ * keystore "some_keystore_url" [, "keystore_type"];
+ * </pre>
+ <pre>
+ * grant [SignedBy "signer_names"] [, CodeBase "URL"]
+ * [, Principal [principal_class_name] "principal_name"]
+ * [, Principal [principal_class_name] "principal_name"] ... {
+ * permission permission_class_name [ "target_name" ] [, "action"]
+ * [, SignedBy "signer_names"];
+ * permission ...
+ * };
+ *
+ * </pre>
+ *
+ * The <i>keystore </i> clause specifies reference to a keystore, which is a
+ * database of private keys and their associated digital certificates. The
+ * keystore is used to look up the certificates of signers specified in the
+ * <i>grant </i> entries of the file. The policy file can contain any number of
+ * <i>keystore </i> entries which can appear at any ordinal position. However,
+ * only the first successfully loaded keystore is used, others are ignored. The
+ * keystore must be specified if some grant clause refers to a certificate's
+ * alias. <br>
+ * The <i>grant </i> clause associates a CodeSource (consisting of an URL and a
+ * set of certificates) of some executable code with a set of Permissions which
+ * should be granted to the code. So, the CodeSource is defined by values of
+ * <i>CodeBase </i> and <i>SignedBy </i> fields. The <i>CodeBase </i> value must
+ * be in URL format, while <i>SignedBy </i> value is a (comma-separated list of)
+ * alias(es) to keystore certificates. These fields can be omitted to denote any
+ * codebase and any signers (including case of unsigned code), respectively.
+ * <br>
+ * Also, the code may be required to be executed on behalf of some Principals
+ * (in other words, code's ProtectionDomain must have the array of Principals
+ * associated) in order to possess the Permissions. This fact is indicated by
+ * specifying one or more <i>Principal </i> fields in the <i>grant </i> clause.
+ * Each Principal is specified as class/name pair; name and class can be either
+ * concrete value or wildcard <i>* </i>. As a special case, the class value may
+ * be omitted and then the name is treated as an alias to X.509 Certificate, and
+ * the Principal is assumed to be javax.security.auth.x500.X500Principal with a
+ * name of subject's distinguished name from the certificate. <br>
+ * The order between the <i>CodeBase </i>, <i>SignedBy </i>, and <i>Principal
+ * </i> fields does not matter. The policy file can contain any number of grant
+ * clauses. <br>
+ * Each <i>grant </i> clause must contain one or more <i>permission </i> entry.
+ * The permission entry consist of a fully qualified class name along with
+ * optional <i>name </i>, <i>actions </i> and <i>signedby </i> values. Name and
+ * actions are arguments to the corresponding constructor of the permission
+ * class. SignedBy value represents the keystore alias(es) to certificate(s)
+ * used to sign the permission class. That is, this permission entry is
+ * effective (i.e., access control permission will be granted based on this
+ * entry) only if the bytecode implementation of permission class is verified to
+ * be correctly signed by the said alias(es). <br>
+ * <br>
+ * The policy content may be parameterized via property expansion. Namely,
+ * expressions like <i>${key} </i> are replaced by values of corresponding
+ * system properties. Also, the special <i>slash </i> key (i.e. ${/}) is
+ * supported, it is a shortcut to "file.separator" key. Property
+ * expansion is performed anywhere a double quoted string is allowed in the
+ * policy file. However, this feature is controlled by security properties and
+ * should be turned on by setting "policy.expandProperties" property
+ * to <i>true </i>. <br>
+ * If property expansion fails (due to a missing key), a corresponding entry is
+ * ignored. For fields of <i>keystore </i> and <i>grant </i> clauses, the whole
+ * clause is ignored, and for <i>permission </i> entry, only that entry is
+ * ignored. <br>
+ * <br>
+ * The policy also supports generalized expansion in permissions names, of
+ * expressions like <i>${{protocol:data}} </i>. Currently the following
+ * protocols supported:
+ * <dl>
+ * <dt>self
+ * <dd>Denotes substitution to a principal information of the parental Grant
+ * entry. Replaced by a space-separated list of resolved Principals (including
+ * wildcarded), each formatted as <i>class "name" </i>. If parental
+ * Grant entry has no Principals, the permission is ignored.
+ * <dt>alias: <i>name </i>
+ * <dd>Denotes substitution of a KeyStore alias. Namely, if a KeyStore has an
+ * X.509 certificate associated with the specified name, then replaced by
+ * <i>javax.security.auth.x500.X500Principal " <i>DN </i>" </i>
+ * string, where <i>DN </i> is a certificate's subject distinguished name.
+ * </dl>
+ * <br>
+ * <br>
+ * This implementation is thread-safe. The policy caches sets of calculated
+ * permissions for the requested objects (ProtectionDomains and CodeSources) via
+ * WeakHashMap; the cache is cleaned either explicitly during refresh()
+ * invokation, or naturally by garbage-collecting the corresponding objects.
+ *
+ * @see org.apache.harmony.security.PolicyUtils#getPolicyURLs(Properties, String,
+ * String)
+ */
+
+public class DefaultPolicy extends Policy {
+
+ /**
+ * System property for dynamically added policy location.
+ */
+ public static final String JAVA_SECURITY_POLICY = "java.security.policy";
+
+ /**
+ * Prefix for numbered Policy locations specified in security.properties.
+ */
+ public static final String POLICY_URL_PREFIX = "policy.url.";
+
+ // A set of PolicyEntries constituting this Policy.
+ private final Set/* <PolicyEntry> */grants = new HashSet();
+
+ // Calculated Permissions cache, organized as
+ // Map{Object->Collection<Permission>}.
+ // The Object is a ProtectionDomain, a CodeSource or
+ // any other permissions-granted entity.
+ private final Map cache = new WeakHashMap();
+
+ // A specific parser for a particular policy file format.
+ private final DefaultPolicyParser parser;
+
+ // A flag indicating brand new instance which needs to be loaded
+ // on the first appeal to it's data.
+ private boolean initiailized;
+
+ /**
+ * Default constructor, equivalent to
+ * <code>DefaultPolicy(new DefaultPolicyParser())</code>.
+ */
+ public DefaultPolicy() {
+ this(new DefaultPolicyParser());
+ }
+
+ /**
+ * Extension constructor for plugging-in a custom parser. Defers policy data
+ * initialization before the first <code>getPermissions()</code> call
+ * (though policy may be refreshed explicitly, as well).
+ */
+ public DefaultPolicy(DefaultPolicyParser dpr) {
+ parser = dpr;
+ initiailized = false;
+ refresh();
+ }
+
+ /**
+ * Returns collection of permissions allowed for the domain
+ * according to the policy. The evalueated characteristics of the
+ * domain are it's codesource and principals; they are assumed
+ * to be <code>null</code> if the domain is <code>null</code>.
+ */
+ public PermissionCollection getPermissions(ProtectionDomain pd) {
+ if (!initiailized) {
+ synchronized (this) {
+ if (!initiailized) {
+ refresh();
+ }
+ }
+ }
+ Collection pc = (Collection)cache.get(pd);
+ if (pc == null) {
+ //have to synchronize to exclude cache pollution after refresh
+ synchronized (cache) {
+
+ // double check in case value has been put to cache
+ // while we've been awaiting monitor
+ pc = (Collection)cache.get(pd);
+ if (pc == null) {
+ pc = new HashSet();
+ Iterator it = grants.iterator();
+ while (it.hasNext()) {
+ PolicyEntry ge = (PolicyEntry)it.next();
+ if (ge.impliesPrincipals(pd == null ? null : pd.getPrincipals())
+ && ge.impliesCodeSource(pd == null ? null : pd.getCodeSource())) {
+ pc.addAll(ge.getPermissions());
+ }
+ }
+ cache.put(pd, pc);
+ }
+ }
+ }
+ return PolicyUtils.toPermissionCollection(pc);
+
+ }
+
+ /**
+ * Returns collection of permissions allowed for the codesource
+ * according to the policy.
+ * The evaluation assumes that current principals are undefined.
+ */
+ public PermissionCollection getPermissions(CodeSource cs) {
+ if (!initiailized) {
+ synchronized (this) {
+ if (!initiailized) {
+ refresh();
+ }
+ }
+ }
+ Collection pc = (Collection)cache.get(cs);
+ if (pc == null) {
+ //have to synchronize to exclude cache pollution after refresh
+ synchronized (cache) {
+
+ // double check in case value has been put to cache
+ // while we've been awaiting monitor
+ pc = (Collection)cache.get(cs);
+ if (pc == null) {
+ pc = new HashSet();
+ Iterator it = grants.iterator();
+ while (it.hasNext()) {
+ PolicyEntry ge = (PolicyEntry)it.next();
+ if (ge.impliesPrincipals(null)
+ && ge.impliesCodeSource(cs)) {
+ pc.addAll(ge.getPermissions());
+ }
+ }
+ cache.put(cs, pc);
+ }
+ }
+ }
+ return PolicyUtils.toPermissionCollection(pc);
+ }
+
+ /**
+ * Gets fresh list of locations and tries to load all of them in sequence;
+ * failed loads are ignored. After processing all locations, old policy
+ * settings are discarded and new ones come into force. <br>
+ * This method is declared synchronized to avoid concurrent reloading.
+ *
+ * @see PolicyUtils#getPolicyURLs(Properties, String, String)
+ */
+ public synchronized void refresh() {
+ Set fresh = new HashSet();
+ Properties system = new Properties((Properties)AccessController
+ .doPrivileged(new PolicyUtils.SystemKit()));
+ system.setProperty("/", File.separator);
+ URL[] policyLocations = PolicyUtils.getPolicyURLs(system,
+ JAVA_SECURITY_POLICY,
+ POLICY_URL_PREFIX);
+ for (int i = 0; i < policyLocations.length; i++) {
+ try {
+ //TODO debug log
+ //System.err.println("Parsing policy file: " + policyLocations[i]);
+ fresh.addAll(parser.parse(policyLocations[i], system));
+ } catch (Exception e) {
+ // TODO log warning
+ //System.err.println("Ignoring policy file: "
+ // + policyLocations[i] + ". Reason:\n"+ e);
+ }
+ }
+ // XXX: what if new policy is empty - provide some default??
+
+ // we could safely replace references instead of
+ // synchronizing access:
+ // <pre>
+ // grants = fresh;
+ // cache = new WeakHashMap();
+ // </pre>
+ // but there is possibility that concurrent thread will put
+ // old data to cache right after we finish refresh(),
+ // thus synchronization is added in getPermissions() methods...
+ synchronized (cache) {
+ grants.clear();
+ grants.addAll(fresh);
+
+ cache.clear();
+ }
+ initiailized = true;
+ }
+}
Re: svn commit: r391227 - in /incubator/harmony/enhanced/classlib/trunk/modules: luni-kernel/src/main/java/java/lang/System.java security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java
Posted by Mikhail Loenko <ml...@gmail.com>.
Ok, sure
(I've committed fix for 283 before I see this message)
Mikhail
2006/4/4, Tim Ellison <t....@gmail.com>:
> Could you put the summary title of HARMONY-121 in the log message please
> -- going off to JIRA is always a lengthy experience (for me).
>
> Thanks
> Tim
>
> mloenko@apache.org wrote:
> > Author: mloenko
> > Date: Mon Apr 3 22:42:32 2006
> > New Revision: 391227
> >
> > URL: http://svn.apache.org/viewcvs?rev=391227&view=rev
> > Log:
> > Fixes for HARMONY-121
>
>
> --
>
> Tim Ellison (t.p.ellison@gmail.com)
> IBM Java technology centre, UK.
>
> ---------------------------------------------------------------------
> Terms of use : http://incubator.apache.org/harmony/mailing.html
> To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
> For additional commands, e-mail: harmony-dev-help@incubator.apache.org
>
>
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: svn commit: r391227 - in /incubator/harmony/enhanced/classlib/trunk/modules:
luni-kernel/src/main/java/java/lang/System.java security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java
Posted by Geir Magnusson Jr <ge...@pobox.com>.
Agreed - along with other information that's relevant, like what you did
to fix a JIRA issue....
Tim Ellison wrote:
> Could you put the summary title of HARMONY-121 in the log message please
> -- going off to JIRA is always a lengthy experience (for me).
>
> Thanks
> Tim
>
> mloenko@apache.org wrote:
>> Author: mloenko
>> Date: Mon Apr 3 22:42:32 2006
>> New Revision: 391227
>>
>> URL: http://svn.apache.org/viewcvs?rev=391227&view=rev
>> Log:
>> Fixes for HARMONY-121
>
>
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org
Re: svn commit: r391227 - in /incubator/harmony/enhanced/classlib/trunk/modules:
luni-kernel/src/main/java/java/lang/System.java security/src/common/javasrc/org/apache/harmony/security/fortress/DefaultPolicy.java
Posted by Tim Ellison <t....@gmail.com>.
Could you put the summary title of HARMONY-121 in the log message please
-- going off to JIRA is always a lengthy experience (for me).
Thanks
Tim
mloenko@apache.org wrote:
> Author: mloenko
> Date: Mon Apr 3 22:42:32 2006
> New Revision: 391227
>
> URL: http://svn.apache.org/viewcvs?rev=391227&view=rev
> Log:
> Fixes for HARMONY-121
--
Tim Ellison (t.p.ellison@gmail.com)
IBM Java technology centre, UK.
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: harmony-dev-unsubscribe@incubator.apache.org
For additional commands, e-mail: harmony-dev-help@incubator.apache.org