harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: [classlib][security] UnresolvedPrincipal/Policy file principal_name question
Date Sun, 02 Mar 2008 09:53:11 GMT
Daniel John Debrunner wrote:
> I have a need for a application level Principal implementation that 
> treats user names as case-insensitive, e.g.
> 
>   DatabasePrincipal("fred") and DatabasePrincipal("FRED")
> 
> are equal and both would return FRED for getName().
> 
> However it seems default Policy implementations (for RI & Harmony) that 
> read the policy file don't allow this. So while this grant does work
> 
>   grant principal DatabasePrincipal "FRED"
> 
> this does not
> 
>   grant principal  DatabasePrincipal "fred"
> 
> even though by the rules of the DatabasePrincipal they are equal.
> 
> For Harmony I see it is due to UnresolvedPrincipal for two reasons:
> 
>  1) (possibly) UnresolvedPrincipal is never re-resolved into 
> DatabasePrincipal like UnresolvedPermission is defined to act.
>  (on IBM's 1.5 vm I see instances of DatabasePrincipal being created 
> that correspond to entries in the policy file, so I'm assuming 
> re-resolving is taking place)
> 
>  2) UnresolvedPrincipal.implies() works just uses the class name 
> (DatabasePrincipal) and getName() thus ignoring any semantics the 
> application's Principal class is using for name.
> 
> Is this the defined behaviour by the Java specifications, that the 
> principal_name in the policy_file must match exactly the name returned 
> by Principal.getName()? I can't see any justification for it from the 
> javadoc for the various classes.
> 
> Again to note Harmony matches the RI here, though it seems to get to the 
> same result by a different path. It seems as though on the RI and IBM's 
> vms that a map is set up from principal_name to Principal (but I'm 
> guessing here).

Dan,

I'm not quite sure what you are asking here.  You say the behavior of 
Harmony and other Java implementations is the same, so are you just 
asking for a specification justification for it?

It may be that the spec is not explicit in this case.  There are lots of 
places where the desired behavior is only determined by 'common sense' 
or running a program on the RI to observe the behavior.

Are you asking for a change?

Regards,
Tim

Mime
View raw message