avalon-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mcconn...@apache.org
Subject cvs commit: avalon/merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl DefaultFactory.java
Date Wed, 25 Feb 2004 18:55:41 GMT
mcconnell    2004/02/25 10:55:40

  Modified:    merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test
                        SystemContextBuilder.java
               merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl
                        DefaultClassLoaderModel.java
                        DefaultSystemContext.java Scanner.java
                        StandardModelFactory.java
               merlin/composition/impl/src/test/org/apache/avalon/composition/model/test
                        SystemContextBuilder.java
               merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl
                        DefaultFactory.java
  Added:       merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl
                        DefaultSecurityModel.java
  Log:
  Add a SecurityModel holding the trusted certificates and default permissions and expose
this under the SystemContext. The SecurityModel is not complete yet - also need to add operations
to get supplimentaty permissions on a per-container basis (derived from targets).
  
  Revision  Changes    Path
  1.3       +10 -2     avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/SystemContextBuilder.java
  
  Index: SystemContextBuilder.java
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/activation/impl/src/test/org/apache/avalon/activation/impl/test/SystemContextBuilder.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- SystemContextBuilder.java	19 Feb 2004 08:58:04 -0000	1.2
  +++ SystemContextBuilder.java	25 Feb 2004 18:55:40 -0000	1.3
  @@ -25,8 +25,10 @@
   
   import org.apache.avalon.composition.model.ContainmentModel;
   import org.apache.avalon.composition.model.impl.DefaultSystemContext;
  +import org.apache.avalon.composition.model.impl.DefaultSecurityModel;
   import org.apache.avalon.composition.provider.ModelFactory;
   import org.apache.avalon.composition.provider.SystemContext;
  +import org.apache.avalon.composition.provider.SecurityModel;
   
   import org.apache.avalon.logging.provider.LoggingManager;
   import org.apache.avalon.logging.data.CategoryDirective;
  @@ -89,11 +91,17 @@
           final File home = new File( base, "home" );
           final File temp = new File( base, "temp" );
   
  +        //
  +        // FIX ME - build the security model from a configuration
  +        //
  +
  +        SecurityModel security = new DefaultSecurityModel( null, null, secure );
  +
           Class clazz = DefaultRuntime.class;
   
           return new DefaultSystemContext( 
             clazz, logging, base, home, temp, repository, "system", 
  -          false, deploymenttimeout, secure );
  +          false, deploymenttimeout, security );
       }
   
       private static Repository createTestRepository( InitialContext context, File cache
) throws Exception
  
  
  
  1.11      +11 -1     avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultClassLoaderModel.java
  
  Index: DefaultClassLoaderModel.java
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultClassLoaderModel.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- DefaultClassLoaderModel.java	23 Feb 2004 13:00:31 -0000	1.10
  +++ DefaultClassLoaderModel.java	25 Feb 2004 18:55:40 -0000	1.11
  @@ -207,6 +207,15 @@
               m_urls = buildQualifiedClassPath();
               m_classLoader = 
                 new URLClassLoader( m_urls, context.getClassLoader() );
  +
  +            //
  +            // changes needed here - grants must be under the control of 
  +            // system administrator which means that grants can only exist in 
  +            // either the kernel configuration or a targets override 
  +            // configuration - more specifically, a block's classloader directive
  +            // cannot grant permissions
  +            //
  +
               m_protectionDomains = createProtectionDomains( directive.getGrantDirective()
);
   
               //
  @@ -230,6 +239,7 @@
               Logger serviceLogger = getLocalLogger().getChildLogger( "services" );
               m_services = new DefaultServiceRepository( 
                 serviceLogger, context.getServiceRepository(), services );
  +
           }
           catch( Throwable e )
           {
  
  
  
  1.20      +16 -12    avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContext.java
  
  Index: DefaultSystemContext.java
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContext.java,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- DefaultSystemContext.java	19 Feb 2004 08:58:04 -0000	1.19
  +++ DefaultSystemContext.java	25 Feb 2004 18:55:40 -0000	1.20
  @@ -33,6 +33,7 @@
   import org.apache.avalon.composition.provider.ModelFactory;
   import org.apache.avalon.composition.provider.SystemContext;
   import org.apache.avalon.composition.provider.SystemException;
  +import org.apache.avalon.composition.provider.SecurityModel;
   import org.apache.avalon.composition.provider.Runtime;
   
   import org.apache.avalon.repository.Artifact;
  @@ -91,7 +92,7 @@
   
       private final long m_timeout;
   
  -    private boolean m_secure;
  +    private final SecurityModel m_security;
   
       //--------------------------------------------------------------
       // mutable state
  @@ -118,6 +119,7 @@
       * @param category the kernel logging category name
       * @param trace flag indicating if internal logging is enabled
       * @param timeout a system wide default deployment timeout
  +    * @param security the security model
       */
       public DefaultSystemContext( 
         InitialContext context,
  @@ -130,11 +132,11 @@
         String category, 
         boolean trace, 
         long timeout, 
  -      boolean secure ) throws SystemException
  +      SecurityModel security ) throws SystemException
       {
           this( 
             context, artifact, null, logging, base, home, temp, 
  -          repository, category, trace, timeout, secure );
  +          repository, category, trace, timeout, security );
       }
   
      /**
  @@ -151,6 +153,7 @@
       * @param category the kernel logging category name
       * @param trace flag indicating if internal logging is enabled
       * @param timeout a system wide default deployment timeout
  +    * @param security the security model
       */
       public DefaultSystemContext( 
         Class clazz, 
  @@ -162,11 +165,11 @@
         String category, 
         boolean trace, 
         long timeout, 
  -      boolean secure ) throws SystemException
  +      SecurityModel security ) throws SystemException
       {
           this( 
             null, null, clazz, logging, base, home, temp, repository, category, 
  -          trace, timeout, secure );
  +          trace, timeout, security );
       }
   
      /**
  @@ -185,6 +188,7 @@
       * @param category the kernel logging category name
       * @param trace flag indicating if internal logging is enabled
       * @param timeout a system wide default deployment timeout
  +    * @param security the security model
       */
       private DefaultSystemContext( 
         InitialContext context, 
  @@ -198,7 +202,7 @@
         String category, 
         boolean trace, 
         long timeout, 
  -      boolean secure ) throws SystemException
  +      SecurityModel security ) throws SystemException
       {
           if( base == null )
           {
  @@ -226,7 +230,7 @@
           m_repository = repository;
           m_logging = logging;
           m_timeout = timeout;
  -        m_secure = secure;
  +        m_security = security;
   
           m_logger = m_logging.getLoggerForCategory( category );
           m_system = SystemContext.class.getClassLoader();
  @@ -386,12 +390,12 @@
       }
   
      /**
  -    * Return the enabled status of the code security policy.
  -    * @return the code security enabled status
  +    * Return the system default grants directive.
  +    * @return the grants directive
       */
  -    public boolean isCodeSecurityEnabled()
  +    public SecurityModel getSecurityModel()
       {
  -        return m_secure;
  +        return m_security;
       }
   
       //------------------------------------------------------------------
  
  
  
  1.7       +3 -1      avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/Scanner.java
  
  Index: Scanner.java
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/Scanner.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- Scanner.java	7 Feb 2004 22:46:42 -0000	1.6
  +++ Scanner.java	25 Feb 2004 18:55:40 -0000	1.7
  @@ -41,6 +41,7 @@
   
   import org.apache.avalon.meta.info.Service;
   import org.apache.avalon.meta.info.ServiceDescriptor;
  +import org.apache.avalon.meta.info.PermissionDescriptor;
   import org.apache.avalon.meta.info.Type;
   import org.apache.avalon.meta.info.builder.TypeBuilder;
   import org.apache.avalon.meta.info.builder.ServiceBuilder;
  @@ -344,6 +345,7 @@
           try
           {
               verifyType( type, clazz );
  +
               if( getLogger().isDebugEnabled() )
               {
                   final String message =
  
  
  
  1.5       +2 -2      avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/StandardModelFactory.java
  
  Index: StandardModelFactory.java
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/StandardModelFactory.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- StandardModelFactory.java	23 Feb 2004 15:03:22 -0000	1.4
  +++ StandardModelFactory.java	25 Feb 2004 18:55:40 -0000	1.5
  @@ -183,7 +183,7 @@
                 createRootContainmentContext( profile );
               ContainmentModel model = createContainmentModel( context );
   
  -            if( m_system.isCodeSecurityEnabled() )
  +            if( m_system.getSecurityModel().isCodeSecurityEnabled() )
               {
                   CodeSecurityPolicy policy = 
                     new CodeSecurityPolicy( model );
  
  
  
  1.1                  avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSecurityModel.java
  
  Index: DefaultSecurityModel.java
  ===================================================================
  /* 
   * Copyright 2004 Apache Software Foundation
   * Licensed  under the  Apache License,  Version 2.0  (the "License");
   * you may not use  this file  except in  compliance with the License.
   * You may obtain a copy of the License at 
   * 
   *   http://www.apache.org/licenses/LICENSE-2.0
   * 
   * Unless required by applicable law or agreed to in writing, software
   * distributed  under the  License is distributed on an "AS IS" BASIS,
   * WITHOUT  WARRANTIES OR CONDITIONS  OF ANY KIND, either  express  or
   * implied.
   * 
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  
  package org.apache.avalon.composition.model.impl;
  
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.ByteArrayInputStream;
  import java.security.Permission;
  import java.security.cert.Certificate;
  import java.security.cert.CertificateException;
  import java.security.cert.CertificateFactory;
  import java.lang.reflect.Constructor;
  import java.lang.reflect.InvocationTargetException;
  import java.security.Permission;
  import java.util.ArrayList;
  import java.util.Collection;
  import java.net.URL;
  
  import org.apache.avalon.composition.provider.SecurityModel;
  
  import org.apache.avalon.framework.configuration.Configuration;
  import org.apache.avalon.framework.configuration.ConfigurationException;
  
  
  /**
   * <p>Implementation of the default security model.</p>
   *
   * @author <a href="mailto:dev@avalon.apache.org">Avalon Development Team</a>
   * @version $Revision: 1.1 $ $Date: 2004/02/25 18:55:40 $
   */
  public class DefaultSecurityModel implements SecurityModel
  {
      //-------------------------------------------------------------------
      // static
      //-------------------------------------------------------------------
  
      private static final Permission[] EMPTY_PERMISSIONS = new Permission[0];
      private static final Certificate[] EMPTY_CERTIFICATES = new Certificate[0];
  
      public static SecurityModel createSecurityModel( Configuration config )
        throws Exception
      {
          Configuration certs = config.getChild( "certificates" );
          Certificate[] certificates = createCertificates( certs );
          Configuration grant = config.getChild( "grant" );
          Permission[] permissions = createPermissions( grant );
          return new DefaultSecurityModel( certificates, permissions );
      }
  
      //-------------------------------------------------------------------
      // immutable state
      //-------------------------------------------------------------------
  
      private final Certificate[] m_certificates;
      private final Permission[] m_permissions;
      private final boolean m_enabled;
   
      //-------------------------------------------------------------------
      // constructor
      //-------------------------------------------------------------------
  
     /**
      * Creation of a new security model.
      */
      public DefaultSecurityModel()
      {
          this( null, null, false );
      }
  
     /**
      * Creation of a new security model.
      * 
      * @param certificates the set of trusted certificates
      * @param permissions the default permissions
      */
      public DefaultSecurityModel( 
        Certificate[] certificates, Permission[] permissions )
      {
          this( certificates, permissions, true );
      }
  
     /**
      * Creation of a new security model.
      * 
      * @param certificates the set of trusted certificates
      * @param permissions the default permissions
      * @param flag if TRUE code security is enabled
      */
      public DefaultSecurityModel( 
        Certificate[] certificates, Permission[] permissions, boolean flag )
      {
          m_enabled = flag;
          if( null == permissions )
          {
              m_permissions = EMPTY_PERMISSIONS;
          }
          else
          {
              m_permissions = permissions;
          }
  
          if( null == certificates )
          {
              m_certificates = EMPTY_CERTIFICATES;
          }
          else
          {
              m_certificates = certificates;
          }
      }
  
      //-------------------------------------------------------------------
      // SecurityModel
      //-------------------------------------------------------------------
  
     /**
      * Return the enabled status of the code security policy.
      * @return the code security enabled status
      */
      public boolean isCodeSecurityEnabled()
      {
          return m_enabled;
      }
  
     /**
      * Return the set of default permissions.
      * 
      * @return the permissions
      */
      public Permission[] getDefaultPermissions()
      {
          return m_permissions;
      }
  
     /**
      * Return the set of trusted certificates.
      * 
      * @return the trusted certificates
      */
      public Certificate[] getTrustedCertificates()
      {
          return m_certificates;
      }
  
      //-------------------------------------------------------------------
      // internals
      //-------------------------------------------------------------------
  
      private static Certificate[] createCertificates( Configuration config ) 
        throws Exception
      {
          ArrayList list = new ArrayList();
          Configuration[] children = config.getChildren();
          for( int i=0; i<children.length; i++ )
          {
              Configuration child = children[i];
              String name = child.getName();
              if( name.equals( "pkcs7" ) )
              {
                  Certificate[] certs = 
                    DefaultSecurityModel.createPKCS7( child );
                  for( int j=0; j<certs.length; j++ )
                  {
                      list.add( certs[j] );
                  }
              }
              else if( name.equals( "x509" ) )
              {
                  Certificate[] certs = 
                    DefaultSecurityModel.createX509( child );
                  for( int j=0; j<certs.length; j++ )
                  {
                      list.add( certs[j] );
                  }
              }
              else
              {
                  final String error =
                    "Unrecognized certificate type [" + name + "].";
                  throw new ConfigurationException( error );
              }
          }
          return (Certificate[]) list.toArray( new Certificate[0] );
      }
  
     /**
      * Static utility method to construct a PKCS7 certificate set from a 
      * supplied configuration.
      *
      * @param config a configuration describing the PKCS7 certificate
      */
      private static Certificate[] createPKCS7( Configuration config ) throws Exception
      {
          String href = config.getAttribute( "href" );
          InputStream in = null;
          try
          {
              URL url = new URL( href );
              in = url.openStream();
  
              CertificateFactory cf = CertificateFactory.getInstance("X.509");
              Collection certs = cf.generateCertificates(in);
              Certificate[] certificates = new Certificate[ certs.size() ];
              return (Certificate[]) certs.toArray( certificates );
          } 
          finally
          {
              if( in != null ) in.close();
          }
      }
  
     /**
      * Static utility method to construct a X509 certificate set for a 
      * supplied configuration.
      *
      * @param config a configuration describing the PKCS7 certificate
      */
      private static Certificate[] createX509( Configuration config ) 
        throws ConfigurationException, CertificateException, IOException
      {
          String href = config.getAttribute( "href", "" );
          String data = config.getValue();
  
          InputStream in = null;
          try
          {
              if( href == null || "".equals( href ) )
              {
                  in = new ByteArrayInputStream( data.getBytes("UTF-8") );
              }
              else
              {
                  URL url = new URL( href );
                  in = url.openStream();
              }
              CertificateFactory cf = CertificateFactory.getInstance( "X.509" );
              Collection certs = cf.generateCertificates( in );
              Certificate[] certificates = new Certificate[ certs.size() ];
              return (Certificate[]) certs.toArray( certificates );
          } 
          finally
          {
              if( in != null ) in.close();
          }
      }
  
      private static Permission[] createPermissions( Configuration config ) throws Exception
      {
          Configuration[] children = config.getChildren( "permission" );
          Permission[] permissions = new Permission[ children.length ];
          for( int i=0; i<children.length; i++ )
          {
              permissions[i] = createPermission( children[i] );
          }
          return permissions;
      }
  
      private static Permission createPermission( Configuration config ) throws Exception
      {
          String classname = config.getAttribute( "class" );
          String name = config.getAttribute( "name", null );
          String actions = getActions( config );
          return createPermission( classname, name, actions );
      }
  
      private static String getActions( Configuration config ) throws ConfigurationException
      {
          Configuration[] actions = config.getChildren( "action" );
          if( actions.length == 0 ) return null;
          String result = "";
          for( int i=0 ; i < actions.length ; i ++ )
          {
              if( i > 0 )
              {
                  result = result + "," + actions[i].getValue();
              }
              else
              {
                  result = result + actions[i].getValue();
              }
          }
          return result;
      }
  
      /**
       * Utility method to create a Permission instance.
       *
       * @param classname Permission class
       * @param name The name associated with the permission.
       * @param action The action associated with the permission. Note that some
       *        Permissions doesn't support actions.
       * @throws InstantiationException if the class could not be instantiated.
       * @throws IllegalAccessException, if the class does not have a 
       *         public constructor
       * @throws ClassNotFoundException, if the class could not be reached by the
       *         classloader.
       * @throws ClassCastException, if the class is not a subclass of 
       *         java.security.Permission
       * @throws InvocationTargetException, if the constructor in the Permission
       *         class throws an exception.
       */
      private static Permission createPermission( String classname, String name, String action
)
          throws InstantiationException, IllegalAccessException, ClassNotFoundException,
            ClassCastException, InvocationTargetException
      {
          if( classname == null )
          {
              throw new NullPointerException( "classname" );
          }
  
          ClassLoader trustedClassloader = DefaultSecurityModel.class.getClassLoader();
          
          Class clazz = trustedClassloader.loadClass( classname );
          Constructor[] constructors = clazz.getConstructors();
          if( name == null )
          {
              return (Permission) clazz.newInstance();   
          }
          else if( action == null )
          {
              Constructor cons = getConstructor( constructors, 1 );
              Object[] arg = new Object[] { name };
              return (Permission) cons.newInstance( arg );
          }
          else
          {
              Constructor cons = getConstructor( constructors, 2 );
              Object[] args = new Object[] { name, action };
              return (Permission) cons.newInstance( args );
          }
      }
  
      private static Constructor getConstructor( Constructor[] constructors, int noOfParameters
)
      {
          for ( int i=0 ; i < constructors.length ; i++ )
          {
              Class[] params = constructors[i].getParameterTypes();
              if( params.length == noOfParameters )
                  return constructors[i];
          }
          return null;
      }
  
  }
  
  
  
  1.3       +11 -2     avalon/merlin/composition/impl/src/test/org/apache/avalon/composition/model/test/SystemContextBuilder.java
  
  Index: SystemContextBuilder.java
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/composition/impl/src/test/org/apache/avalon/composition/model/test/SystemContextBuilder.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- SystemContextBuilder.java	19 Feb 2004 08:58:04 -0000	1.2
  +++ SystemContextBuilder.java	25 Feb 2004 18:55:40 -0000	1.3
  @@ -23,8 +23,10 @@
   
   import org.apache.avalon.composition.model.ContainmentModel;
   import org.apache.avalon.composition.model.impl.DefaultSystemContext;
  +import org.apache.avalon.composition.model.impl.DefaultSecurityModel;
   import org.apache.avalon.composition.provider.ModelFactory;
   import org.apache.avalon.composition.provider.SystemContext;
  +import org.apache.avalon.composition.provider.SecurityModel;
   
   import org.apache.avalon.logging.provider.LoggingManager;
   import org.apache.avalon.logging.data.CategoryDirective;
  @@ -86,10 +88,17 @@
   
           final File home = new File( base, "home" );
           final File temp = new File( base, "temp" );
  +
  +        //
  +        // FIX ME - build the security model from a configuration
  +        //
  +
  +        SecurityModel security = 
  +          new DefaultSecurityModel( null, null, secure );
    
           return new DefaultSystemContext( 
             context, null, logging, base, home, temp, repository, "system", 
  -          false, timeout, secure );
  +          false, timeout, security );
       }
   
       private static Repository createTestRepository( InitialContext context, File cache
) throws Exception
  
  
  
  1.32      +31 -3     avalon/merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl/DefaultFactory.java
  
  Index: DefaultFactory.java
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl/DefaultFactory.java,v
  retrieving revision 1.31
  retrieving revision 1.32
  diff -u -r1.31 -r1.32
  --- DefaultFactory.java	19 Feb 2004 08:58:05 -0000	1.31
  +++ DefaultFactory.java	25 Feb 2004 18:55:40 -0000	1.32
  @@ -20,18 +20,25 @@
   
   import java.io.File;
   import java.io.InputStream;
  +import java.io.IOException;
   import java.net.URL;
   import java.util.Map;
   import java.util.ArrayList;
   import java.util.Iterator;
   import java.util.Locale;
  +import java.security.cert.CertificateException;
   
   import org.apache.avalon.logging.data.CategoriesDirective;
   import org.apache.avalon.logging.provider.LoggingManager;
   import org.apache.avalon.logging.provider.LoggingCriteria;
   
  +import org.apache.avalon.composition.data.CertsDirective;
   import org.apache.avalon.composition.data.ContainmentProfile;
  +import org.apache.avalon.composition.data.GrantDirective;
  +import org.apache.avalon.composition.data.PermissionDirective;
  +import org.apache.avalon.composition.data.PKCS7Directive;
   import org.apache.avalon.composition.data.TargetDirective;
  +import org.apache.avalon.composition.data.X509Directive;
   import org.apache.avalon.composition.data.builder.XMLTargetsCreator;
   import org.apache.avalon.composition.data.builder.XMLComponentProfileCreator;
   import org.apache.avalon.composition.data.builder.XMLContainmentProfileCreator;
  @@ -41,12 +48,14 @@
   import org.apache.avalon.composition.model.ClassLoaderModel;
   import org.apache.avalon.composition.model.DeploymentModel;
   import org.apache.avalon.composition.model.ModelRepository;
  +import org.apache.avalon.composition.model.impl.DefaultSecurityModel;
   import org.apache.avalon.composition.model.impl.DefaultSystemContext;
   import org.apache.avalon.composition.model.impl.DefaultContainmentContext;
   import org.apache.avalon.composition.model.impl.DefaultContainmentModel;
   import org.apache.avalon.composition.model.impl.DefaultClassLoaderModel;
   import org.apache.avalon.composition.model.impl.DefaultClassLoaderContext;
   import org.apache.avalon.composition.model.impl.DefaultModelRepository;
  +import org.apache.avalon.composition.provider.SecurityModel;
   import org.apache.avalon.composition.provider.SystemContext;
   import org.apache.avalon.composition.provider.ClassLoaderContext;
   import org.apache.avalon.composition.util.StringHelper;
  @@ -256,8 +265,7 @@
           // install any blocks declared within the kernel context
           //
   
  -        getLogger().info( "block installation" );
  -        getLogger().debug( "install phase" );
  +        getLogger().info( "install phase" );
           URL[] urls = criteria.getDeploymentURLs();
           for( int i=0; i<urls.length; i++ )
           {
  @@ -403,6 +411,13 @@
             "repository established: " + repository );
   
           //
  +        // build the security grants directive
  +        //
  +
  +        Configuration securityConfig = config.getChild( "security" );
  +        SecurityModel security = createSecurityModel( criteria, securityConfig );
  +
  +        //
           // create the system context
           //
   
  @@ -421,13 +436,26 @@
               name,
               criteria.isDebugEnabled(),
               criteria.getDeploymentTimeout(),
  -            criteria.isCodeSecurityEnabled() );
  +            security );
   
           system.put( "urn:composition:dir", criteria.getWorkingDirectory() );
           system.put( "urn:composition:anchor", criteria.getAnchorDirectory() );
           system.makeReadOnly();
   
           return system;
  +    }
  +
  +    private SecurityModel createSecurityModel( 
  +      KernelCriteria criteria, Configuration config ) throws Exception
  +    {
  +        if( !criteria.isCodeSecurityEnabled() )
  +        {
  +            return new DefaultSecurityModel();
  +        }
  +        else
  +        {
  +            return DefaultSecurityModel.createSecurityModel( config );
  +        }
       }
   
       private ContainmentModel createApplicationModel( 
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@avalon.apache.org
For additional commands, e-mail: cvs-help@avalon.apache.org


Mime
View raw message