harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject [classlib][security] UnresolvedPrincipal/Policy file principal_name question
Date Thu, 28 Feb 2008 19:17:22 GMT
I have a need for a application level Principal implementation that 
treats user names as case-insensitive, e.g.

   DatabasePrincipal("fred") and DatabasePrincipal("FRED")

are equal and both would return FRED for getName().

However it seems default Policy implementations (for RI & Harmony) that 
read the policy file don't allow this. So while this grant does work

   grant principal DatabasePrincipal "FRED"

this does not

   grant principal  DatabasePrincipal "fred"

even though by the rules of the DatabasePrincipal they are equal.

For Harmony I see it is due to UnresolvedPrincipal for two reasons:

  1) (possibly) UnresolvedPrincipal is never re-resolved into 
DatabasePrincipal like UnresolvedPermission is defined to act.
  (on IBM's 1.5 vm I see instances of DatabasePrincipal being created 
that correspond to entries in the policy file, so I'm assuming 
re-resolving is taking place)

  2) UnresolvedPrincipal.implies() works just uses the class name 
(DatabasePrincipal) and getName() thus ignoring any semantics the 
application's Principal class is using for name.

Is this the defined behaviour by the Java specifications, that the 
principal_name in the policy_file must match exactly the name returned 
by Principal.getName()? I can't see any justification for it from the 
javadoc for the various classes.

Again to note Harmony matches the RI here, though it seems to get to the 
same result by a different path. It seems as though on the RI and IBM's 
vms that a map is set up from principal_name to Principal (but I'm 
guessing here).

Thanks,
Dan.

Mime
View raw message