You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2010/09/13 23:13:08 UTC
svn commit: r996690 - in /incubator/river/jtsk/skunk/pepe:
src/org/apache/river/api/security/
src/org/apache/river/imp/security/policy/se/
src/org/apache/river/imp/security/policy/util/
test/src/org/apache/river/imp/security/policy/util/
Author: peter_firmstone
Date: Mon Sep 13 21:13:08 2010
New Revision: 996690
URL: http://svn.apache.org/viewvc?rev=996690&view=rev
Log:
Improvements, as suggested by Fred Oliver
Modified:
incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/PermissionGrant.java
incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFile.java
incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java
incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/util/PrincipalGrant.java
incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java
incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java
Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/PermissionGrant.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/PermissionGrant.java?rev=996690&r1=996689&r2=996690&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/PermissionGrant.java (original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/PermissionGrant.java Mon Sep 13 21:13:08 2010
@@ -22,6 +22,7 @@ import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
import java.security.ProtectionDomain;
+import java.util.Collection;
/**
* PermissionGrant's are expected to be effectively immutable,
@@ -76,11 +77,11 @@ public interface PermissionGrant {
boolean equals(Object o);
/**
- * Returns an array of permissions defined by this PermissionGrant, array
- * may be null, but array must not contain null elements.
+ * Returns an unmodifiable Collection of permissions defined by this
+ * PermissionGrant, which may be empty, but not null.
* @return
*/
- Permission[] getPermissions();
+ Collection<Permission> getPermissions();
@Override
int hashCode();
Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFile.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFile.java?rev=996690&r1=996689&r2=996690&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFile.java (original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFile.java Mon Sep 13 21:13:08 2010
@@ -236,7 +236,8 @@ public class ConcurrentPolicyFile extend
// && ge.impliesCodeSource(pd == null ? null : pd.getCodeSource())) {
if (ge.implies(pd == null ? null : pd.getCodeSource(),
pd == null ? null : pd.getPrincipals() )){
- Permission[] perm = ge.getPermissions();
+ Collection<Permission> permCol = ge.getPermissions();
+ Permission[] perm = permCol.toArray(new Permission [permCol.size()]);
pc.addAll(Arrays.asList(perm));
}
}
@@ -269,7 +270,8 @@ public class ConcurrentPolicyFile extend
// if (ge.impliesPrincipals(null)
// && ge.impliesCodeSource(cs)) {
if (ge.implies(cs,null )){
- Permission[] perm = ge.getPermissions();
+ Collection<Permission> permCol = ge.getPermissions();
+ Permission[] perm = permCol.toArray(new Permission [permCol.size()]);
pc.addAll(Arrays.asList(perm)); // we still hold a reference
// pc.addAll(ge.getPermissions()); // we still hold a reference
}
Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java?rev=996690&r1=996689&r2=996690&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java (original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProvider.java Mon Sep 13 21:13:08 2010
@@ -493,7 +493,8 @@ public class DynamicConcurrentPolicyProv
Iterator<PermissionGrant> grantsItr = grants.iterator();
while (grantsItr.hasNext()){
PermissionGrant grant = grantsItr.next();
- Permission[] perms = grant.getPermissions().clone();
+ Collection<Permission> permCol = grant.getPermissions();
+ Permission[] perms = permCol.toArray(new Permission [permCol.size()]);
checkNullElements(perms);
AccessController.checkPermission(new GrantPermission(perms));
allowed.put(grant, perms);
Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/util/PrincipalGrant.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/util/PrincipalGrant.java?rev=996690&r1=996689&r2=996690&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/util/PrincipalGrant.java (original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/imp/security/policy/util/PrincipalGrant.java Mon Sep 13 21:13:08 2010
@@ -34,6 +34,7 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
+import java.util.Set;
import org.apache.river.api.security.PermissionGrant;
/**
@@ -41,22 +42,24 @@ import org.apache.river.api.security.Per
* @author Peter Firmstone.
*/
abstract class PrincipalGrant implements PermissionGrant {
- private final Collection<Principal> principals;
+ private final Set<Principal> principals;
private final int hashCode;
- private final Collection<Permission> permissions;
+ private final Set<Permission> permissions;
@SuppressWarnings("unchecked")
protected PrincipalGrant(Principal[] pals, Permission[] perm){
if ( pals != null ){
- principals = new ArrayList<Principal>(pals.length);
- principals.addAll(Arrays.asList(pals));
+ Set<Principal> palCol = new HashSet<Principal>(pals.length);
+ palCol.addAll(Arrays.asList(pals));
+ principals = Collections.unmodifiableSet(palCol);
}else {
- principals = Collections.EMPTY_LIST;
+ principals = Collections.EMPTY_SET;
}
if (perm == null || perm.length == 0) {
- this.permissions = Collections.EMPTY_LIST;
+ this.permissions = Collections.EMPTY_SET;
}else{
- this.permissions = new HashSet<Permission>(perm.length);
- this.permissions.addAll(Arrays.asList(perm));
+ Set<Permission> perms = new HashSet<Permission>(perm.length);
+ perms.addAll(Arrays.asList(perm));
+ this.permissions = Collections.unmodifiableSet(perms);
}
int hash = 5;
hash = 97 * hash + (this.principals != null ? this.principals.hashCode() : 0);
@@ -188,8 +191,8 @@ abstract class PrincipalGrant implements
return pgb;
}
- public Permission[] getPermissions() {
- return permissions.toArray(new Permission[permissions.size()]);
+ public Collection<Permission> getPermissions() {
+ return permissions;
}
public boolean isVoid() {
Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java?rev=996690&r1=996689&r2=996690&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java (original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java Mon Sep 13 21:13:08 2010
@@ -74,8 +74,7 @@ public class DefaultPolicyParserTest ext
assertEquals(2, entries.size());
for (Iterator iter = entries.iterator(); iter.hasNext();) {
PermissionGrant element = (PermissionGrant)iter.next();
- Permission[] perm = element.getPermissions();
- List<Permission> permissions = Arrays.asList(perm);
+ Collection<Permission> permissions = element.getPermissions();
if (permissions
.contains(new SecurityPermission("ZZZ"))) {
assertTrue(element.implies(new CodeSource(null,
Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java?rev=996690&r1=996689&r2=996690&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java (original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java Mon Sep 13 21:13:08 2010
@@ -57,7 +57,7 @@ public class PolicyEntryTest extends Tes
// new PolicyEntry((CodeSource) null, (Collection<Principal>) null,
// (Collection<Permission>)null);
assertTrue(pe.isVoid());
- assertTrue(pe.getPermissions().length == 0);
+ assertTrue(pe.getPermissions().size() == 0);
// pe = new PolicyEntry(new CodeSource(null, (Certificate[])null),
// new ArrayList<Principal>(), new ArrayList<Permission>());
@@ -66,14 +66,14 @@ public class PolicyEntryTest extends Tes
.permissions(new Permission[0])
.build();
assertTrue(pe.isVoid());
- assertTrue(pe.getPermissions().length == 0);
+ assertTrue(pe.getPermissions().size() == 0);
Permission[] perms = new Permission[] {
new SecurityPermission("dsfg"), new AllPermission() };
//pe = new PolicyEntry((CodeSource) null, (Collection<Principal>) null, perms);
pe = pgb.codeSource(null).principals(null).permissions(perms).build();
assertFalse(pe.isVoid());
- assertTrue(Arrays.deepEquals(perms, pe.getPermissions()));
+ assertTrue(Arrays.asList(perms).containsAll(pe.getPermissions()));
}
/**