river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nic...@apache.org
Subject svn commit: r724994 [7/10] - in /incubator/river/jtsk/skunk/niclas1/examples: ./ browser/ browser/src/ browser/src/main/ browser/src/main/java/ browser/src/main/java/com/ browser/src/main/java/com/sun/ browser/src/main/java/com/sun/jini/ browser/src/ma...
Date Wed, 10 Dec 2008 05:23:13 GMT
Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-reggie.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-reggie.policy?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-reggie.policy
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-reggie.policy
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for SSL-enabled reggie */
+
+/* Keystore containing trusted certificates to use for authentication */
+keystore "..${/}prebuiltkeys${/}truststore";
+
+/* Grant all permissions to local JAR files */
+grant codeBase "file:..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codebase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant permissions to all */
+grant {
+    permission com.sun.jini.reggie.RegistrarPermission "getProxyVerifier";
+};
+
+/* Grant permissions to server */
+grant principal "server" {
+    permission com.sun.jini.reggie.RegistrarPermission "register";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelServiceLease";
+    permission com.sun.jini.reggie.RegistrarPermission "renewServiceLease";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelLeases";
+    permission com.sun.jini.reggie.RegistrarPermission "renewLeases";
+};
+grant principal "client" { 
+    permission com.sun.jini.reggie.RegistrarPermission "lookup";
+    permission com.sun.jini.reggie.RegistrarPermission "notify";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelEventLease";
+    permission com.sun.jini.reggie.RegistrarPermission "renewEventLease";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelLeases";
+    permission com.sun.jini.reggie.RegistrarPermission "renewLeases";
+};

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.config?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.config
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.config
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for an SSL server */
+
+import com.sun.jini.example.hello.ServerPermission;
+import com.sun.jini.config.KeyStores;
+
+import java.util.Collections;
+
+import java.security.Permission;
+import javax.security.auth.login.LoginContext;
+
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+import net.jini.discovery.LookupDiscovery;
+import net.jini.security.*;
+import net.jini.jeri.*;
+import net.jini.jeri.ssl.*;
+
+com.sun.jini.example.hello.Server {
+
+    /* JAAS login */
+    loginContext = new LoginContext("com.sun.jini.example.hello.Server");
+
+    /* Public Key Certificates */
+    private static users = 
+        KeyStores.getKeyStore("file:prebuiltkeys/truststore", null);
+
+    private static reggie = 
+	KeyStores.getX500Principal("reggie", users);
+    private static server = 
+	KeyStores.getX500Principal("server", users);
+
+    private static reggieUser = Collections.singleton(
+	KeyStores.getX500Principal("reggie", users));
+    private static serverUser = Collections.singleton(
+	KeyStores.getX500Principal("server", users));
+
+    /* Exporter for the server proxy */
+    exporter =
+	/* Use secure exporter */
+	new BasicJeriExporter(
+	    /* Use SSL transport */
+	    SslServerEndpoint.getInstance(0),
+	    /* Support ProxyTrust */
+	    new ProxyTrustILFactory(
+		/* Require integrity for all methods */
+		new BasicMethodConstraints(
+		    new InvocationConstraints(Integrity.YES, null)),
+		/* Require ServerPermission */
+		ServerPermission.class));
+
+    private groups = new String[] { "ssl.hello.example.jini.sun.com" };
+    discoveryManager = new LookupDiscovery(groups, this);
+
+}//end com.sun.jini.example.hello.Server
+
+/* Configuration block for the lookup discovery utility */
+net.jini.discovery.LookupDiscovery {
+
+    private serviceLookupConstraints = 
+	new BasicMethodConstraints( 
+	    new InvocationConstraints( 
+		new InvocationConstraint[]{ 
+		    Integrity.YES,
+                    ClientAuthentication.YES,
+                    ServerAuthentication.YES,
+                    new ServerMinPrincipal(
+			com.sun.jini.example.hello.Server.reggieUser)
+                    },
+                null));
+
+    static registrarPreparer = new BasicProxyPreparer(
+	true,
+        serviceLookupConstraints,
+        new Permission[] { 
+	    new AuthenticationPermission(
+		com.sun.jini.example.hello.Server.serverUser,
+		com.sun.jini.example.hello.Server.reggieUser,
+		"connect") 
+	    });
+
+}//end net.jini.discovery.LookupDiscovery
+
+/* Configuration block for the join manager */
+net.jini.lookup.JoinManager {
+
+    static registrarPreparer    = 
+	net.jini.discovery.LookupDiscovery.registrarPreparer;
+    static registrationPreparer = 
+	net.jini.discovery.LookupDiscovery.registrarPreparer;
+    static serviceLeasePreparer = 
+	net.jini.discovery.LookupDiscovery.registrarPreparer;
+
+}//end net.jini.lookup.JoinManager
+

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.login
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.login?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.login
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.login
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* JAAS login configuration file for server */
+
+com.sun.jini.example.hello.Server {
+    com.sun.security.auth.module.KeyStoreLoginModule required
+	keyStoreAlias="server"
+	keyStoreURL="file:prebuiltkeys/server.keystore"
+	keyStorePasswordURL="file:prebuiltkeys/server.password";
+};

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.policy?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.policy
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/ssl-server.policy
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for SSL server */
+
+/* Keystore containing trusted certificates to use for authentication */
+keystore "..${/}prebuiltkeys${/}truststore";
+
+/* Grant all permissions to local JAR files */
+grant codeBase "file:..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant permissions to client principal */
+grant principal "client" {
+    /* Call sayHello method */
+    permission com.sun.jini.example.hello.ServerPermission "sayHello";
+};
+
+/* Grant permissions to all principals */
+grant {
+    /* Call getProxyVerifier method */
+    permission com.sun.jini.example.hello.ServerPermission "getProxyVerifier";
+};

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-jeri-server.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-jeri-server.config?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-jeri-server.config
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-jeri-server.config
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for starting activatable Jini ERI server */
+
+com.sun.jini.example.hello.Server {
+
+    /* Configuration options for the server */
+    private config = "config${/}activatable-jeri-server.config";
+    configOptions = new String[] { config };
+
+    /* Command line options for the activation group */
+    javaOptions = new String[] { "-classpath", "lib${/}server-act.jar" };
+
+    /* System properties for the activation group */
+    javaProperties = new String[] {
+	"java.security.manager", "",
+	"java.security.policy", "config${/}activatable-server.policy",
+	"java.rmi.server.codebase", "http://${serverHost}:8080/server-dl.jar http://${serverHost}:8080/jsk-dl.jar",
+	"java.security.properties", 
+		"config${/}dynamic-policy.security-properties"
+    };
+
+}//end com.sun.jini.example.hello.Server 

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-krb-server.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-krb-server.config?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-krb-server.config
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-krb-server.config
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for starting activatable Kerberos server */
+
+import com.sun.jini.config.ConfigUtil;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import java.security.Permission;
+import java.util.Collections;
+import javax.security.auth.login.LoginContext;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+import net.jini.security.AuthenticationPermission;
+import net.jini.security.BasicProxyPreparer;
+import net.jini.url.httpmd.HttpmdUtil;
+
+com.sun.jini.example.hello.Server {
+
+    /* JAAS login */
+    loginContext = new LoginContext("com.sun.jini.example.hello.Server");
+
+    /* The configuration options for the server */
+    private config = "config${/}activatable-krb-server.config";
+    configOptions = new String[] { config };
+
+    /* Command line options for the activation group */
+    javaOptions = new String[] {
+        "-classpath", 
+	"lib${/}server-act.jar${path.separator}lib${/}mdprefld.jar"
+    };
+
+    private hostName = ConfigUtil.getHostName();
+    private serverURL = ConfigUtil.concat(
+	new String[] { "httpmd://", hostName, ":8080/server-dl.jar;sha=0"});
+    private serverCodebase = HttpmdUtil.computeDigestCodebase("lib", serverURL);
+    private jskURL = ConfigUtil.concat(
+	new String[] { "httpmd://", hostName, ":8080/jsk-dl.jar;sha=0"});
+    private jskCodebase = HttpmdUtil.computeDigestCodebase("..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib-dl",
jskURL);
+
+    /* System properties for the activation group */
+    javaProperties = new String[] {
+        "java.security.manager", "",
+        "java.security.policy", "config${/}activatable-krb-server.policy",
+        "java.security.properties",
+        "config${/}dynamic-policy.security-properties",
+        "java.security.auth.login.config", "config${/}krb-phoenix.login",
+        "java.protocol.handler.pkgs", "net.jini.url",
+        "java.rmi.server.codebase",
+            ConfigUtil.concat( new String[] { serverCodebase," ",jskCodebase } ),
+        "clientPrincipal", "${clientPrincipal}",
+        "serverPrincipal", "${serverPrincipal}",
+        "phoenixPrincipal", "${phoenixPrincipal}",
+        "reggiePrincipal", "${reggiePrincipal}",
+        "java.security.krb5.realm", "${java.security.krb5.realm}",
+        "java.security.krb5.kdc", "${java.security.krb5.kdc}"
+    };
+
+    /* Principals */
+    private static phoenix = new KerberosPrincipal("${phoenixPrincipal}");
+    private static server  = new KerberosPrincipal("${serverPrincipal}");
+
+    /* Constraints for talking to Phoenix */
+    private static activationSystemConstraints = 
+        new BasicMethodConstraints(
+            new InvocationConstraints(
+                new InvocationConstraint[] {
+                    Integrity.YES,
+                    ClientAuthentication.YES,
+                    ServerAuthentication.YES,
+                    new ServerMinPrincipal(phoenix) },
+                null));
+
+    /* Proxy preparer for the activation system */
+    activationSystemPreparer =
+        new BasicProxyPreparer(
+            true,
+            activationSystemConstraints,
+            new Permission[] {
+                /* Authenticate as server when connection to phoenix */
+                new AuthenticationPermission(Collections.singleton(server),
+                                             Collections.singleton(phoenix),
+                                             "connect") });    
+
+    /* Proxy preparer for the activation ID */
+    activationIdPreparer =
+        new BasicProxyPreparer(
+            false,    /* No need to verify the proxy */
+            activationSystemConstraints,
+            null);
+
+}//end com.sun.jini.example.hello.Server 

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-krb-server.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-krb-server.policy?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-krb-server.policy
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-krb-server.policy
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for starting activatable Kerberos server */
+
+/* Grant all permissions local JAR files */
+grant codeBase "file:..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-server.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-server.policy?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-server.policy
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-server.policy
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for starting non-secure, activatable server */
+
+/* Grant the local JAR files all permissions */
+grant codeBase "file:..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" 
+{
+    permission java.security.AllPermission;
+};

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-ssl-server.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-ssl-server.config?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-ssl-server.config
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-ssl-server.config
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for starting activatable SSL server */
+
+import java.security.Permission;
+import java.util.Collections;
+import javax.security.auth.login.LoginContext;
+import com.sun.jini.config.KeyStores;
+import com.sun.jini.config.ConfigUtil;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.core.constraint.*;
+import net.jini.security.*;
+import net.jini.security.AuthenticationPermission;
+import net.jini.url.httpmd.HttpmdUtil;
+
+com.sun.jini.example.hello.Server {
+
+    /* JAAS login */
+    loginContext = new LoginContext("com.sun.jini.example.hello.Server");
+
+    private static users = 
+	KeyStores.getKeyStore("file:prebuiltkeys/truststore", null);
+
+    private static phoenixUser = Collections.singleton(
+	KeyStores.getX500Principal("phoenix", users));
+
+    private static serverUser = Collections.singleton(
+	KeyStores.getX500Principal("server", users));
+
+    /* Configuration options for the server */
+    private config = "config${/}activatable-ssl-server.config";
+    configOptions = new String[] { config };
+
+    /* Command line options for the activation group */
+    javaOptions = new String[] {
+	"-classpath", 
+	"lib${/}server-act.jar${path.separator}lib${/}mdprefld.jar"
+    };
+
+    private hostName = ConfigUtil.getHostName();
+    private serverURL = ConfigUtil.concat(
+	new String[] { "httpmd://", hostName, ":8080/server-dl.jar;sha=0"});
+    private serverCodebase = HttpmdUtil.computeDigestCodebase("lib", serverURL);
+    private jskURL = ConfigUtil.concat(
+	new String[] { "httpmd://", hostName, ":8080/jsk-dl.jar;sha=0"});
+    private jskCodebase = HttpmdUtil.computeDigestCodebase("..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib-dl",
jskURL);
+
+    /* System properties for the activation group */
+    javaProperties = new String[] {
+	"java.security.manager", "",
+	"java.security.policy", "config${/}activatable-ssl-server.policy",
+	"java.security.properties", 
+           "config${/}dynamic-policy.security-properties",
+	"java.security.auth.login.config", "config${/}ssl-phoenix.login",
+	"javax.net.ssl.trustStore", "prebuiltkeys${/}truststore",
+	"java.protocol.handler.pkgs", "net.jini.url",
+	"java.rmi.server.codebase",
+            ConfigUtil.concat( new String[] { serverCodebase," ",jskCodebase } )
+	};
+
+    /* Constraints for talking to Phoenix */
+    private static activationProxyConstraints = 
+	new BasicMethodConstraints(
+	    new InvocationConstraints(
+		new InvocationConstraint[] {
+		    Integrity.YES,
+		    ClientAuthentication.YES,
+		    ServerAuthentication.YES,
+		    new ServerMinPrincipal(phoenixUser) },
+		null));
+
+    /* Proxy preparer for the activation system */
+    activationSystemPreparer =
+	new BasicProxyPreparer(
+            true, 
+	    activationProxyConstraints, 
+            new Permission[] {
+                /* Authenticate as server when connection to phoenix */
+                new AuthenticationPermission(
+		    serverUser,
+		    phoenixUser,
+                    "connect") 
+		});
+    
+    /* Proxy preparer for the activation ID */
+    activationIdPreparer =
+        new BasicProxyPreparer(
+            false,    /* No need to verify the proxy */
+            activationProxyConstraints,
+            null);
+
+}//end com.sun.jini.example.hello.Server

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-ssl-server.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-ssl-server.policy?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-ssl-server.policy
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-activatable-ssl-server.policy
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for starting activatable SSL server */
+
+/* Grant all permissions to local JAR files */
+grant codeBase "file:..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-krb-reggie.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-krb-reggie.config?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-krb-reggie.config
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-krb-reggie.config
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration file for starting Reggie with Kerberos */
+
+import com.sun.jini.config.ConfigUtil;
+import com.sun.jini.start.NonActivatableServiceDescriptor;
+import com.sun.jini.start.ServiceDescriptor;
+import net.jini.url.httpmd.HttpmdUtil;
+
+com.sun.jini.start {
+
+    private ourHost = ConfigUtil.getHostName();
+    private serverURL  = ConfigUtil.concat(
+	new String[] { "httpmd://", ourHost, ":8080/reggie-dl.jar;sha=0"});
+    private serverCodebase = HttpmdUtil.computeDigestCodebase("..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib-dl",
serverURL);
+
+    private jskURL = ConfigUtil.concat(
+	new String[] { "httpmd://", ourHost, ":8080/jsk-dl.jar;sha=0"});
+    private jskCodebase = HttpmdUtil.computeDigestCodebase("..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib-dl",
jskURL);
+
+    private static codebase = ConfigUtil.concat(
+	new String[] { serverCodebase," ",jskCodebase } );
+
+    private static policy =    "config${/}krb-reggie.policy";
+    private static classpath = 
+	"lib${/}mdprefld.jar${path.separator}..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}reggie.jar";
+    private static config =    "config${/}krb-reggie.config";
+
+    static serviceDescriptors = new ServiceDescriptor[] {
+	new NonActivatableServiceDescriptor(
+	    codebase, policy, classpath,
+	    "com.sun.jini.reggie.TransientRegistrarImpl",
+	    new String[] { config }
+	)
+    };
+
+}//end com.sun.jini.start

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-reggie.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-reggie.config?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-reggie.config
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-reggie.config
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration file for starting non-secure Reggie */
+
+import com.sun.jini.config.ConfigUtil;
+import com.sun.jini.start.NonActivatableServiceDescriptor;
+import com.sun.jini.start.ServiceDescriptor;
+
+com.sun.jini.start {
+
+    private static codebase =
+	ConfigUtil.concat(
+	    new Object[] { 
+		"http://", ConfigUtil.getHostName(), ":8080/reggie-dl.jar",
+		" ",
+                "http://", ConfigUtil.getHostName(), ":8080/jsk-dl.jar" } );
+    private static policy = "config${/}reggie.policy";
+    private static classpath = "..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}reggie.jar";
+    private static config = "config${/}jrmp-reggie.config";
+
+    static serviceDescriptors = new ServiceDescriptor[] {
+	new NonActivatableServiceDescriptor(
+	    codebase, policy, classpath,
+	    "com.sun.jini.reggie.TransientRegistrarImpl",
+	    new String[] { config })
+    };
+
+}//end com.sun.jini.start 

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-ssl-reggie.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-ssl-reggie.config?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-ssl-reggie.config
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start-ssl-reggie.config
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration file for starting Reggie with SSL */
+
+import com.sun.jini.config.ConfigUtil;
+import com.sun.jini.start.NonActivatableServiceDescriptor;
+import com.sun.jini.start.ServiceDescriptor;
+import net.jini.url.httpmd.HttpmdUtil;
+
+com.sun.jini.start {
+
+    private ourHost= ConfigUtil.getHostName();
+    private serverURL = ConfigUtil.concat(
+	new String[] { "httpmd://", ourHost, ":8080/reggie-dl.jar;sha=0"});
+    private serverCodebase = HttpmdUtil.computeDigestCodebase("..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib-dl",
serverURL);
+    private jskURL = ConfigUtil.concat(
+	new String[] { "httpmd://", ourHost, ":8080/jsk-dl.jar;sha=0"});
+    private jskCodebase = HttpmdUtil.computeDigestCodebase("..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib-dl",
jskURL);
+
+    private static codebase = ConfigUtil.concat( 
+	new String[] { serverCodebase," ",jskCodebase } );
+
+    private static policy =    "config${/}ssl-reggie.policy";
+    private static classpath = 
+	"lib${/}mdprefld.jar${path.separator}..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}reggie.jar";
+    private static config =    "config${/}ssl-reggie.config";
+
+    static serviceDescriptors = new ServiceDescriptor[] {
+	new NonActivatableServiceDescriptor(
+	    codebase, policy, classpath,
+	    "com.sun.jini.reggie.TransientRegistrarImpl",
+	    new String[] { config }
+	)
+    };
+
+}//end com.sun.jini.start

Added: incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start.policy?rev=724994&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start.policy
(added)
+++ incubator/river/jtsk/skunk/niclas1/examples/hello/src/main/java/com/sun/jini/example/hello/config/start.policy
Tue Dec  9 21:23:07 2008
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Policy file for the service starter */
+
+/* Grant the local JAR files all permissions */
+grant codeBase "file:..${/}..${/}..${/}..${/}..${/}..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};



Mime
View raw message