river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jcost...@apache.org
Subject svn commit: r819236 [2/6] - in /incubator/river/jtsk/trunk: ./ examples/ examples/hello/ examples/hello/config/ examples/hello/config/META-INF/ examples/hello/prebuiltkeys/ examples/hello/scripts/ examples/hello/src/ examples/hello/src/com/ examples/he...
Date Sun, 27 Sep 2009 00:15:08 GMT
Added: incubator/river/jtsk/trunk/examples/hello/config/jrmp-server.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/jrmp-server.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/jrmp-server.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/jrmp-server.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for JRMP server */
+
+import net.jini.discovery.LookupDiscovery;
+import net.jini.jrmp.JrmpExporter;
+
+com.sun.jini.example.hello.Server {
+
+    /* Exporter for the server proxy */
+    exporter = new JrmpExporter();
+
+    private groups = new String[] { "nonsecure.hello.example.jini.sun.com" };
+    discoveryManager = new LookupDiscovery(groups, this);
+
+}//end com.sun.jini.example.hello.Server

Propchange: incubator/river/jtsk/trunk/examples/hello/config/jrmp-server.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-client.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-client.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-client.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-client.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for Kerberos client */
+
+import com.sun.security.auth.callback.DialogCallbackHandler;
+import java.security.Permission;
+import java.util.Collections;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginContext;
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.Confidentiality;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+import net.jini.jeri.BasicJeriExporter;
+import net.jini.jeri.ProxyTrustILFactory;
+import net.jini.jeri.kerberos.KerberosServerEndpoint;
+import net.jini.discovery.LookupDiscovery;
+import net.jini.lookup.ServiceDiscoveryManager;
+import net.jini.security.AccessPermission;
+import net.jini.security.AuthenticationPermission;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.security.BasicProxyPreparer;
+
+com.sun.jini.example.hello.Client {
+
+    /* JAAS login */
+    loginContext = new LoginContext("com.sun.jini.example.hello.Client",
+	/* Use this for command line version */
+	/* new TextCallbackHandler() */
+
+	/* Use a dialog box */
+	new DialogCallbackHandler()
+	);
+
+    /* Principals */
+    private static clientUser = Collections.singleton(
+	new KerberosPrincipal("${clientPrincipal}"));
+    private static reggieUser = Collections.singleton(
+	new KerberosPrincipal("${reggiePrincipal}"));
+    private static serverUser = Collections.singleton(
+	new KerberosPrincipal("${serverPrincipal}"));
+
+    /* Preparer for server proxy */
+    static preparer =
+        new BasicProxyPreparer(
+	    /* Verify the proxy. */
+	    true,
+	    /*
+	     * Require integrity, client authentication, and server
+             * authenticate with the correct principal for all methods.
+	     */
+	    new BasicMethodConstraints(
+	        new InvocationConstraints(
+		    new InvocationConstraint[] {
+                        Integrity.YES,
+		        ClientAuthentication.YES,
+		        ServerAuthentication.YES,
+		        new ServerMinPrincipal(serverUser),
+		        Confidentiality.YES },
+		    null)),
+	    new Permission[] {
+	        /* Authenticate as client when connecting to server */
+	        new AuthenticationPermission(clientUser,
+					     serverUser,
+					     "connect") });
+
+    private groups = new String[] { "krb.hello.example.jini.sun.com" };
+    serviceDiscovery = new ServiceDiscoveryManager(
+        new LookupDiscovery(groups, this), null, this);
+
+}//end com.sun.jini.example.hello.Client
+
+/* Configuration block for the SDM */
+net.jini.lookup.ServiceDiscoveryManager {
+
+    /* Exporter for the SDM */
+    eventListenerExporter =
+        /* Use secure exporter */
+        new BasicJeriExporter(
+ 	    /* Use Kerberos transport */
+            KerberosServerEndpoint.getInstance(0),
+            /* Support ProxyTrust */
+            new ProxyTrustILFactory(
+                /* Require integrity for all methods */
+                new BasicMethodConstraints(
+                    new InvocationConstraints(Integrity.YES, null)),
+                AccessPermission.class),
+		false,
+		false);
+
+    /* Used by several facilities below */
+    registrarPreparer =
+        new BasicProxyPreparer(
+            /* Verify the proxy. */
+            true,
+            /*
+             * Require integrity, client authentication, and server
+             * authenticate with the correct principal for all methods.
+             */
+            new BasicMethodConstraints(
+                new InvocationConstraints(
+                    new InvocationConstraint[] {
+                        Integrity.YES,
+                        ClientAuthentication.YES,
+                        ServerAuthentication.YES,
+                        new ServerMinPrincipal(
+			    com.sun.jini.example.hello.Client.reggieUser) },
+                    null)),
+            new Permission[] {
+                /* Authenticate as client when connecting to reggie */
+                new AuthenticationPermission(
+		    com.sun.jini.example.hello.Client.clientUser,
+                    com.sun.jini.example.hello.Client.reggieUser,
+                    "connect") });
+
+    eventLeasePreparer    = registrarPreparer;
+
+}//end net.jini.lookup.ServiceDiscoveryManager
+
+/* Configuration block for the lookup discovery utility */
+net.jini.discovery.LookupDiscovery {
+
+    static registrarPreparer = 
+	net.jini.lookup.ServiceDiscoveryManager.registrarPreparer;
+
+}//end net.jini.discovery.LookupDiscovery

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-client.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-client.login
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-client.login?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-client.login (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-client.login Sun Sep 27 00:15:03 2009
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* JAAS login configuration file for Kerberos client */
+
+com.sun.jini.example.hello.Client {
+    com.sun.security.auth.module.Krb5LoginModule required
+    storeKey=true;
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-client.login
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-client.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-client.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-client.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-client.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for Kerberos client */
+
+/* Grant the local JAR files all permissions */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant reggie permission to call our notify() method */
+grant principal 
+    javax.security.auth.kerberos.KerberosPrincipal "${reggiePrincipal}" 
+{
+    /* Allow the SDM listener in reggie to call us back */
+    permission net.jini.security.AccessPermission "notify";
+    /* Allow trust verification */
+    permission net.jini.security.AccessPermission "getProxyVerifier";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-client.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix-group.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix-group.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix-group.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix-group.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for Kerberos Phoenix */
+
+import com.sun.jini.phoenix.InstantiatorPermission;
+
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+
+import net.jini.security.AuthenticationPermission;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.security.BasicProxyPreparer;
+
+import net.jini.jeri.BasicJeriExporter;
+import net.jini.jeri.ProxyTrustILFactory;
+import net.jini.jeri.kerberos.KerberosServerEndpoint;
+
+import java.util.Collections;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginContext;
+
+import java.security.Permission;
+
+com.sun.jini.phoenix {
+
+    /* JAAS Login */
+    loginContext = new LoginContext("com.sun.jini.Phoenix");
+
+    /* Identify principals */
+    private static phoenixUser = Collections.singleton(
+        new KerberosPrincipal("${phoenixPrincipal}"));
+
+    /* Exporters */
+    private activationConstraints = 
+	new BasicMethodConstraints( 
+	    new InvocationConstraints( 
+		new InvocationConstraint[] { Integrity.YES },
+               null));
+
+    private activationInstantiatorEndpoint = 
+	KerberosServerEndpoint.getInstance(0);
+
+    instantiatorExporter =
+	new BasicJeriExporter(
+	    activationInstantiatorEndpoint,
+            new ProxyTrustILFactory(
+		activationConstraints,
+                InstantiatorPermission.class));
+
+    /* Proxy Preparers */
+    private mutualAuthenticationConstraints = 
+	new BasicMethodConstraints( 
+	    new InvocationConstraints( 
+		new InvocationConstraint[] {
+		    Integrity.YES,
+                    ClientAuthentication.YES,
+                    ServerAuthentication.YES,
+                    new ServerMinPrincipal(phoenixUser)
+                    },
+                null));
+
+    systemPreparer = 
+	new BasicProxyPreparer( 
+	    true,
+            mutualAuthenticationConstraints,
+            new Permission[] { 
+		new AuthenticationPermission(
+		    phoenixUser,
+            	    phoenixUser,
+                    "connect") 
+		});
+
+    monitorPreparer = systemPreparer;
+
+}//end com.sun.jini.phoenix

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix-group.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for Kerberos Phoenix */
+
+import com.sun.jini.phoenix.*;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginContext;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.ServerMinPrincipal;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.jeri.kerberos.KerberosServerEndpoint;
+import net.jini.jeri.BasicJeriExporter;
+import net.jini.jeri.ProxyTrustILFactory;
+import net.jini.security.BasicProxyPreparer;
+
+com.sun.jini.phoenix {
+    registryExporter = new RegistrySunExporter();
+    private kerberosPort = 2000; // pick one, cannot be 1098
+    private daemonEndpoint = KerberosServerEndpoint.getInstance(kerberosPort);
+    private integrity = new BasicMethodConstraints(
+        new InvocationConstraints(Integrity.YES, null));
+    systemExporter =
+        new BasicJeriExporter(daemonEndpoint,
+			      new SystemAccessProxyTrustILFactory(integrity),
+			      false, true,
+			      PhoenixConstants.ACTIVATION_SYSTEM_UUID);
+    activatorExporter =
+        new BasicJeriExporter(daemonEndpoint,
+			      new ProxyTrustILFactory(integrity, null),
+			      false, true,
+			      PhoenixConstants.ACTIVATOR_UUID);
+    monitorExporter =
+        new BasicJeriExporter(daemonEndpoint,
+			      new ProxyTrustILFactory(
+					integrity,
+					MonitorPermission.class));
+    private groupEndpoint = KerberosServerEndpoint.getInstance(0);
+
+    private static phoenix = new KerberosPrincipal("${phoenixPrincipal}");
+    private static mutualAuth = 
+        new BasicMethodConstraints(new InvocationConstraints(
+	    new InvocationConstraint[]{
+	        Integrity.YES,
+	        ClientAuthentication.YES,
+	        ServerAuthentication.YES,
+	        new ServerMinPrincipal(phoenix)},
+	    null));
+
+    instantiatorPreparer = new BasicProxyPreparer(true, mutualAuth, null);
+    monitorPreparer = instantiatorPreparer;
+    systemPreparer = instantiatorPreparer;
+    loginContext = new LoginContext("com.sun.jini.Phoenix");
+    persistenceDirectory = "lib${/}phoenix-log";
+    groupConfig = new String[] { "config${/}krb-phoenix-group.config" };
+
+}// end com.sun.jini.phoenix

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.login
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.login?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.login (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.login Sun Sep 27 00:15:03 2009
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* JAAS login configuration file for Phoenix using Kerberos */
+
+com.sun.jini.Phoenix {
+    com.sun.security.auth.module.Krb5LoginModule required 
+	useKeyTab=true 
+	keyTab="config/krb-servers.keytab" 
+	storeKey=true 
+	doNotPrompt=true 
+	principal="${phoenixPrincipal}";
+};
+
+com.sun.jini.example.hello.Server {
+    com.sun.security.auth.module.Krb5LoginModule required 
+	useKeyTab=true 
+	keyTab="config/krb-servers.keytab" 
+	storeKey=true 
+	doNotPrompt=true 
+	principal="${serverPrincipal}";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.login
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for Kerberos Phoenix */
+
+/* Grant local JAR files all permissions  */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant permissions to phoenix principal */
+grant principal 
+    javax.security.auth.kerberos.KerberosPrincipal "${phoenixPrincipal}" 
+{
+    /* Call getProxyVerifier */
+    permission com.sun.jini.phoenix.SystemPermission "getProxyVerifier";
+    permission com.sun.jini.phoenix.MonitorPermission "getProxyVerifier";
+
+    /* Call activeGroup */
+    permission com.sun.jini.phoenix.SystemPermission "activeGroup";
+};
+
+/* Grant permission to server principal */
+grant principal 
+    javax.security.auth.kerberos.KerberosPrincipal "${serverPrincipal}" 
+{
+    /* Call getProxyVerifier */
+    permission com.sun.jini.phoenix.SystemPermission "getProxyVerifier";
+
+    /* Call registerGroup */
+    permission com.sun.jini.phoenix.SystemPermission "registerGroup";    
+
+    /* Call registerObject */
+    permission com.sun.jini.phoenix.SystemPermission "registerObject";
+
+    /* Permit group options */
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.security.manager=";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.security.policy=config${/}activatable-krb-server.policy";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+      "-Djava.security.properties=config${/}dynamic-policy.security-properties";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.security.auth.login.config=config${/}krb-phoenix.login";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.protocol.handler.pkgs=net.jini.url";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+	"-Djava.rmi.server.codebase=*";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-DclientPrincipal=${clientPrincipal}";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-DserverPrincipal=${serverPrincipal}";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-DphoenixPrincipal=${phoenixPrincipal}";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-DreggiePrincipal=${reggiePrincipal}";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.security.krb5.realm=${java.security.krb5.realm}";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.security.krb5.kdc=${java.security.krb5.kdc}";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission "-classpath";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "lib${/}server-act.jar${path.separator}lib${/}mdprefld.jar";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-phoenix.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,138 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for Reggie using Kerberos */
+
+import com.sun.jini.reggie.RegistrarPermission;
+import java.util.Collections;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+import net.jini.jeri.BasicJeriExporter;
+import net.jini.jeri.ProxyTrustILFactory;
+import net.jini.jeri.kerberos.KerberosServerEndpoint;
+import net.jini.security.AuthenticationPermission;
+import net.jini.security.BasicProxyPreparer;
+
+import java.security.Permission;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+com.sun.jini.reggie {
+
+    /* Reggie settings */
+    initialMemberGroups   = new String[] { "krb.hello.example.jini.sun.com" };
+
+    /* JAAS login */
+    loginContext = new LoginContext("com.sun.jini.Reggie");
+
+    /* User information */
+    private static clientUser = Collections.singleton(
+	new KerberosPrincipal("${clientPrincipal}"));
+    private static reggieUser = Collections.singleton(
+	new KerberosPrincipal("${reggiePrincipal}"));
+
+    /* Exporters */
+    private serviceEndpoint = KerberosServerEndpoint.getInstance(0);
+    private serviceConstraints = 
+	new BasicMethodConstraints(
+	    new InvocationConstraints(
+		new InvocationConstraint[]{ Integrity.YES }, null
+		)
+	    );
+
+    private serviceILFactory =
+	new ProxyTrustILFactory(serviceConstraints,
+                                RegistrarPermission.class);
+
+    serverExporter = new BasicJeriExporter(serviceEndpoint, serviceILFactory);
+
+    /* Proxy Preparers */
+    private listenerPrincipals = 
+	new InvocationConstraint[] {
+	    new ServerMinPrincipal(clientUser)
+            };
+
+    private serviceListenerConstraints = 
+	new BasicMethodConstraints(
+	    new InvocationConstraints( 
+		new InvocationConstraint[] {
+		    Integrity.YES,
+                    ClientAuthentication.YES,
+                    ServerAuthentication.YES,
+                    new ServerMinPrincipal(com.sun.jini.reggie.clientUser)
+                    },
+                null));
+
+    listenerPreparer = 
+	new BasicProxyPreparer(
+	    true,
+            serviceListenerConstraints,
+            new Permission[] { 
+		new AuthenticationPermission(
+    		    reggieUser,
+                    clientUser,
+                    "connect") 
+		});
+
+}//end com.sun.jini.reggie
+
+/* Items used by multiple blocks below */
+shared.entries {
+
+    private serviceLookupConstraints = 
+	new BasicMethodConstraints( 
+	    new InvocationConstraints( 
+		new InvocationConstraint[] { 
+		    Integrity.YES,
+		    ClientAuthentication.YES,
+		    ServerAuthentication.YES,
+		    new ServerMinPrincipal(com.sun.jini.reggie.reggieUser) 
+		    }, 
+		null));
+
+}//end shared.entries
+
+/* Configuration block for the lookup discovery utility */
+net.jini.discovery.LookupDiscovery {
+
+    registrarPreparer = 
+	new BasicProxyPreparer( 
+	    true,
+	    shared.entries.serviceLookupConstraints,
+            new Permission[] {
+                new AuthenticationPermission(
+                com.sun.jini.reggie.reggieUser,
+                com.sun.jini.reggie.reggieUser,
+                "connect")
+            });
+
+}//end net.jini.discovery.LookupDiscovery
+
+/* Configuration block for the join manager */
+net.jini.lookup.JoinManager {
+
+    registrarPreparer    = net.jini.discovery.LookupDiscovery.registrarPreparer;
+    registrationPreparer = net.jini.discovery.LookupDiscovery.registrarPreparer;
+    serviceLeasePreparer = net.jini.discovery.LookupDiscovery.registrarPreparer;
+
+}//end net.jini.lookup.JoinManager

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.login
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.login?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.login (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.login Sun Sep 27 00:15:03 2009
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* JAAS login configuration file for Reggie using Kerberos */
+
+com.sun.jini.Reggie {
+    com.sun.security.auth.module.Krb5LoginModule required 
+	useKeyTab=true 
+	keyTab="config/krb-servers.keytab" 
+	storeKey=true 
+	doNotPrompt=true 
+	principal="${reggiePrincipal}";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.login
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for Kerberos-enabled reggie */
+
+
+/* Grant all permissions to local JAR files */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codebase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant {
+    permission com.sun.jini.reggie.RegistrarPermission "getProxyVerifier";
+};
+
+/* Grant permissions to the server */
+grant principal
+        javax.security.auth.kerberos.KerberosPrincipal "${serverPrincipal}" 
+{
+    permission com.sun.jini.reggie.RegistrarPermission "register";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelServiceLease";
+    permission com.sun.jini.reggie.RegistrarPermission "renewServiceLease";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelLeases";
+    permission com.sun.jini.reggie.RegistrarPermission "renewLeases";
+};
+
+/* Grant permissions to the client */
+grant principal
+        javax.security.auth.kerberos.KerberosPrincipal "${clientPrincipal}" 
+{
+    permission com.sun.jini.reggie.RegistrarPermission "lookup";
+    permission com.sun.jini.reggie.RegistrarPermission "notify";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelEventLease";
+    permission com.sun.jini.reggie.RegistrarPermission "renewEventLease";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelLeases";
+    permission com.sun.jini.reggie.RegistrarPermission "renewLeases";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-reggie.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-server.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-server.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-server.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-server.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for Kerberos server */
+
+import com.sun.jini.example.hello.ServerPermission;
+import java.security.Permission;
+import java.util.Collections;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginContext;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+import net.jini.discovery.LookupDiscovery;
+import net.jini.jeri.BasicJeriExporter;
+import net.jini.jeri.kerberos.KerberosServerEndpoint;
+import net.jini.jeri.ProxyTrustILFactory;
+import net.jini.security.AuthenticationPermission;
+import net.jini.security.BasicProxyPreparer;
+
+com.sun.jini.example.hello.Server {
+
+    /* JAAS login */
+    loginContext = new LoginContext("com.sun.jini.example.hello.Server");
+
+    /* Identify principals */
+    private static serverUser = Collections.singleton(
+	new KerberosPrincipal("${serverPrincipal}"));
+    private static reggieUser = Collections.singleton(
+	new KerberosPrincipal("${reggiePrincipal}"));
+
+    /* Exporter for the server proxy */
+    exporter =
+        /* Use secure exporter */
+        new BasicJeriExporter(
+    	    /* Use Kerberos transport */
+    	    KerberosServerEndpoint.getInstance(0),
+	    /* Support ProxyTrust */
+	    new ProxyTrustILFactory(
+		/* Require integrity for all methods */
+		new BasicMethodConstraints(
+		    new InvocationConstraints(Integrity.YES, null)),
+		/* Require ServerPermission */
+		ServerPermission.class));
+
+    private groups = new String[] { "krb.hello.example.jini.sun.com" };
+    discoveryManager = new LookupDiscovery(groups, this);
+
+}//end com.sun.jini.example.hello.Server
+
+/* Configuration block for the lookup discovery utility */
+net.jini.discovery.LookupDiscovery {
+
+    private serviceLookupConstraints = 
+	new BasicMethodConstraints( 
+	    new InvocationConstraints( 
+		new InvocationConstraint[]{ 
+		    Integrity.YES,
+                    ClientAuthentication.YES,
+                    ServerAuthentication.YES,
+                    new ServerMinPrincipal(
+			com.sun.jini.example.hello.Server.reggieUser)
+                    },
+                null));
+
+    static registrarPreparer = new BasicProxyPreparer(
+	true,
+        serviceLookupConstraints,
+        new Permission[] { 
+	    new AuthenticationPermission(
+		com.sun.jini.example.hello.Server.serverUser,
+		com.sun.jini.example.hello.Server.reggieUser,
+		"connect") 
+	    });
+
+}//end net.jini.discovery.LookupDiscovery
+
+/* Configuration block for the join manager */
+net.jini.lookup.JoinManager {
+
+    static registrarPreparer    = 
+	net.jini.discovery.LookupDiscovery.registrarPreparer;
+    static registrationPreparer = 
+	net.jini.discovery.LookupDiscovery.registrarPreparer;
+    static serviceLeasePreparer = 
+	net.jini.discovery.LookupDiscovery.registrarPreparer;
+
+}//end net.jini.lookup.JoinManager

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-server.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-server.login
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-server.login?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-server.login (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-server.login Sun Sep 27 00:15:03 2009
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* JAAS login configuration file for server */
+
+com.sun.jini.example.hello.Server {
+    com.sun.security.auth.module.Krb5LoginModule required 
+	useKeyTab=true 
+	keyTab="config/krb-servers.keytab" 
+	storeKey=true 
+	doNotPrompt=true 
+	principal="${serverPrincipal}";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-server.login
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/krb-server.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/krb-server.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/krb-server.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/krb-server.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for Kerberos server */
+
+/* Grant the local JARS all permissions */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant permissions to client principal */
+grant principal 
+	javax.security.auth.kerberos.KerberosPrincipal "${clientPrincipal}" 
+{
+    /* Call sayHello method */
+    permission com.sun.jini.example.hello.ServerPermission "sayHello";
+};
+
+/* Grant permissions to all principals */
+grant {
+    /* Call getProxyVerifier method */
+    permission com.sun.jini.example.hello.ServerPermission "getProxyVerifier";
+};
+

Propchange: incubator/river/jtsk/trunk/examples/hello/config/krb-server.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/logging.properties
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/logging.properties?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/logging.properties (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/logging.properties Sun Sep 27 00:15:03 2009
@@ -0,0 +1,131 @@
+#/*
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+# 
+#      http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#*/
+
+# This file is used to configure the Java logging facility
+# Many of the Jini Technology classes support logging.
+
+handlers= java.util.logging.ConsoleHandler
+.level= INFO
+java.util.logging.ConsoleHandler.level = ALL
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+# Below, turn the individual loggers 'on/off' by setting
+# their levels to a lower value. For example, if a logger's
+# level is set to INFO, then only those log records that
+# are at the levels INFO, WARNING, or SEVERE will be written.
+# Whereas, if that logger's level is set to FINE, then all
+# log records that are at the levels FINE, 550 (HANDLED), 
+# 600 (FAILED), CONFIG, INFO, WARNING, or SEVERE will be
+# written. The levels that can be set are as follows:
+# 
+#  SEVERE (highest value) 
+#  WARNING 
+#  INFO 
+#  CONFIG 
+#  600    (FAILED custom-defined level)
+#  550    (HANDLED custom-defined level)
+#  FINE 
+#  FINER 
+#  FINEST (lowest value) 
+
+# For debugging Configuration
+# net.jini.config.level = INFO
+
+# For debugging activation
+net.jini.activation.ActivatableInvocationHandler.level = INFO
+
+# For debugging JRMP
+# net.jini.jrmp.JrmpExporter.level = INFO
+
+# For debugging Jini ERI
+# net.jini.jeri.level = INFO
+# net.jini.jeri.BasicInvocationDispatcher.level = INFO
+# net.jini.jeri.BasicInvocationHandler.level = INFO
+# net.jini.jeri.BasicJeriExporter.level = INFO
+# net.jini.jeri.BasicObjectEndpoint.level = INFO
+
+# For debugging Jini ERI connection 
+# net.jini.jeri.connection.level = INFO
+# net.jini.jeri.connection.ConnectionManager.level = INFO
+# net.jini.jeri.connection.ServerConnectionManager.level = INFO
+# net.jini.jeri.connection.mux.level = INFO
+
+# For TcpEndpoint and TcpServerEndpoint
+# net.jini.jeri.tcp.level = INFO
+# net.jini.jeri.tcp.client.level = INFO
+# net.jini.jeri.tcp.server.level = INFO
+
+# For debugging SSL 
+# net.jini.jeri.ssl.level = INFO
+# net.jini.jeri.ssl.client.level = INFO
+# net.jini.jeri.ssl.server.level = INFO
+# net.jini.jeri.ssl.init.level = INFO
+
+# For debugging kerberos 
+# net.jini.jeri.kerberos.level = INFO
+# net.jini.jeri.kerberos.client.level = INFO
+# net.jini.jeri.kerberos.server.level = INFO
+
+# For debugging preferred classes
+# net.jini.loader.pref.PreferredClassLoader.level = INFO
+# net.jini.loader.pref.PreferredClassLoader.preferred.level = INFO
+# net.jini.loader.pref.PreferredClassLoader.exception.level = INFO
+# net.jini.loader.pref.PreferredClassProvider.level = INFO
+
+# For debugging security: trust, integrity, policy and permission granting,
+#               proxy trust verification
+# net.jini.security.level = INFO
+# net.jini.security.trust.level = INFO
+# net.jini.security.integrity.level = INFO
+# net.jini.security.policy.level = INFO
+
+# For debugging HTTPMD
+# net.jini.url.httpmd.level = INFO
+
+# For debugging discovery
+# com.sun.jini.discovery.level = INFO
+# com.sun.jini.discovery.DiscoveryV1.level = INFO
+# com.sun.jini.discovery.DiscoveryV2.level = INFO
+# com.sun.jini.discovery.x500.level = INFO
+
+# For debugging the helper utilities
+# net.jini.discovery.LookupDiscovery.level = INFO
+# net.jini.discovery.LookupLocatorDiscovery.level = INFO
+# net.jini.lookup.JoinManager.level = INFO
+# net.jini.lookup.ServiceDiscoveryManager.level = INFO
+# net.jini.lease.LeaseRenewalManager.level = INFO
+
+# For debugging thread pool utilities
+# com.sun.jini.thread.RetryTask.level = INFO
+# com.sun.jini.thread.WakeupManager.level = INFO
+# com.sun.jini.thread.ThreadPool.level = INFO
+
+# For debugging service starter framework
+# com.sun.jini.start.level = INFO
+# com.sun.jini.start.ClassLoaderUtil.level = INFO
+# com.sun.jini.start.proxy.level = INFO
+# com.sun.jini.start.resources.service.level = INFO
+# com.sun.jini.start.service.starter.level = INFO
+# com.sun.jini.start.sharedGroup.level = INFO
+# com.sun.jini.start.wrapper.level = INFO
+
+# For debugging Reggie
+# com.sun.jini.reggie.level = INFO
+
+
+

Propchange: incubator/river/jtsk/trunk/examples/hello/config/logging.properties
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/phoenix.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/phoenix.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/phoenix.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/phoenix.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for non-secure Phoenix */
+
+/* Grant the local JAR files all permissions */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant permissions to all */
+grant {
+
+    /* Permit group options */
+    permission com.sun.jini.phoenix.ExecOptionPermission
+      "-Djava.security.manager=";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+      "-Djava.security.policy=config${/}activatable-server.policy";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+      "-Djava.rmi.server.codebase=http://${serverHost}:8080/server-dl.jar http://${serverHost}:8080/jsk-dl.jar";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+      "-Dconfig=config${/}activatable-jeri-server.config";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+      "-DserverHost=${serverHost}";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission 
+      "-classpath";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission 
+      "lib${/}server-act.jar";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission 
+    "-Djava.security.properties=config${/}dynamic-policy.security-properties";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+      "-Djava.ext.dirs=../../lib-ext/";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/phoenix.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/reggie.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/reggie.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/reggie.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/reggie.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for non-secure Reggie */
+
+/* Grant all permissions to our classes */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/reggie.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/server.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/server.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/server.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/server.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for non-secure server */
+
+/* Grant all permissions to our classes */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codebase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/server.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-client.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-client.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-client.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-client.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for SSL client */
+
+import com.sun.jini.config.KeyStores;
+import com.sun.security.auth.callback.DialogCallbackHandler;
+import java.security.Permission;
+import java.util.Collections;
+import javax.security.auth.login.LoginContext;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.discovery.LookupDiscovery;
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+import net.jini.jeri.*;
+import net.jini.jeri.ssl.*;
+import net.jini.lookup.ServiceDiscoveryManager;
+import net.jini.security.AccessPermission;
+import net.jini.security.AuthenticationPermission;
+import net.jini.security.BasicProxyPreparer;
+
+com.sun.jini.example.hello.Client {
+
+    /* JAAS login */
+    loginContext =
+	new LoginContext("com.sun.jini.example.hello.Client",
+			 /* Use this for command line version */
+			 /* new TextCallbackHandler(); */
+
+			 /* Use a dialog box */
+			 new DialogCallbackHandler());
+
+    /* Keystore for getting principals */
+    private static users= 
+	KeyStores.getKeyStore("file:prebuiltkeys/truststore", null);
+
+    private static clientUser = Collections.singleton(
+	KeyStores.getX500Principal("client", users));
+    private static reggieUser = Collections.singleton(
+	KeyStores.getX500Principal("reggie", users));
+    private static serverUser = Collections.singleton(
+	KeyStores.getX500Principal("server", users));
+
+    /* Preparer for server proxy */
+    static preparer =
+	new BasicProxyPreparer(
+	    /* Verify the proxy. */
+	    true,
+	    /*
+	     * Require integrity, client authentication, and server
+	     * authenticate with the correct principal for all methods.
+	     */
+	    new BasicMethodConstraints(
+		new InvocationConstraints(
+		    new InvocationConstraint[] {
+			Integrity.YES,
+			ClientAuthentication.YES,
+			ServerAuthentication.YES,
+			new ServerMinPrincipal(serverUser) },
+		    null)),
+	    new Permission[] {
+		/* Authenticate as client when connecting to server */
+		new AuthenticationPermission(clientUser,
+					     serverUser,
+					     "connect") });
+
+    private groups = new String[] { "ssl.hello.example.jini.sun.com" };
+    serviceDiscovery = new ServiceDiscoveryManager(
+        new LookupDiscovery(groups, this), null, this);
+
+}//end com.sun.jini.example.hello.Client
+
+/* Configuration block for the SDM */
+net.jini.lookup.ServiceDiscoveryManager {
+
+    /* Exporter for the SDM */
+    eventListenerExporter =
+        /* Use secure exporter */
+        new BasicJeriExporter(
+            /* Use SSL transport */
+            SslServerEndpoint.getInstance(0),
+            /* Support ProxyTrust */
+            new ProxyTrustILFactory(
+                /* Require integrity for all methods */
+                new BasicMethodConstraints(
+                    new InvocationConstraints(Integrity.YES, null)),
+                AccessPermission.class),
+		false,
+		false);
+
+    /* Used by serveral facilities below */
+    registrarPreparer = 
+        new BasicProxyPreparer(
+            /* Verify the proxy. */
+            true,
+            /*
+             * Require integrity, client authentication, and server
+             * authenticate with the correct principal for all methods.
+             */
+            new BasicMethodConstraints(
+                new InvocationConstraints(
+                    new InvocationConstraint[] {
+                        Integrity.YES,
+                        ClientAuthentication.YES,
+                        ServerAuthentication.YES,
+                        new ServerMinPrincipal(
+			    com.sun.jini.example.hello.Client.reggieUser) },
+                    null)),
+            new Permission[] {
+                /* Authenticate as client when connecting to reggie */
+                new AuthenticationPermission(
+			com.sun.jini.example.hello.Client.clientUser,
+			com.sun.jini.example.hello.Client.reggieUser,
+                    "connect") });
+
+    eventLeasePreparer    = registrarPreparer;
+
+}//end net.jini.lookup.ServiceDiscoveryManager
+
+/* Configuration block for the lookup discovery utility */
+net.jini.discovery.LookupDiscovery {
+
+    static registrarPreparer = 
+	net.jini.lookup.ServiceDiscoveryManager.registrarPreparer;
+
+}//end net.jini.discovery.LookupDiscovery

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-client.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-client.login
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-client.login?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-client.login (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-client.login Sun Sep 27 00:15:03 2009
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* JAAS login configuration file for SSL client */
+
+com.sun.jini.example.hello.Client {
+    com.sun.security.auth.module.KeyStoreLoginModule required
+	keyStoreAlias="client"
+	keyStoreURL="file:prebuiltkeys/client.keystore";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-client.login
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-client.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-client.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-client.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-client.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for SSL client */
+
+/* Keystore containing trusted certificates to use for authentication */
+keystore "..${/}prebuiltkeys${/}truststore";
+
+/* Grant the local JAR files all permissions */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant permissions to the reggie principal */
+grant principal "reggie" {
+    /* Allow the SDM listener in reggie to call us back */
+    permission net.jini.security.AccessPermission "notify";
+    /* Allow trust verification */
+    permission net.jini.security.AccessPermission "getProxyVerifier";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-client.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix-group.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix-group.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix-group.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix-group.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for SSL Phoenix groups */
+
+import com.sun.jini.config.KeyStores;
+import com.sun.jini.phoenix.InstantiatorPermission;
+
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+
+import net.jini.security.AuthenticationPermission;
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.security.BasicProxyPreparer;
+
+import net.jini.jeri.BasicJeriExporter;
+import net.jini.jeri.ProxyTrustILFactory;
+
+import net.jini.jeri.ssl.SslServerEndpoint;
+
+import javax.security.auth.login.LoginContext;
+
+import java.security.Permission;
+import java.util.Collections;
+
+com.sun.jini.phoenix {
+
+    /* JAAS Login */
+    loginContext = new LoginContext("com.sun.jini.Phoenix");
+
+    /* Public Key Certificates */
+    private static users = 
+	KeyStores.getKeyStore("file:prebuiltkeys/truststore", null);
+
+    private static phoenixUser = 
+	Collections.singleton(KeyStores.getX500Principal("phoenix", users));
+
+    /* Exporters */
+    private activationConstraints = 
+	new BasicMethodConstraints( 
+	    new InvocationConstraints( 
+		new InvocationConstraint[] { Integrity.YES },
+               null));
+
+    private activationInstantiatorEndpoint = SslServerEndpoint.getInstance(0);
+
+    instantiatorExporter =
+	new BasicJeriExporter(
+	    activationInstantiatorEndpoint,
+            new ProxyTrustILFactory(
+		activationConstraints,
+                InstantiatorPermission.class));
+
+    /* Proxy Preparers */
+    private mutualAuthenticationConstraints = 
+	new BasicMethodConstraints( 
+	    new InvocationConstraints( 
+		new InvocationConstraint[] {
+		    Integrity.YES,
+                    ClientAuthentication.YES,
+                    ServerAuthentication.YES,
+                    new ServerMinPrincipal(phoenixUser)
+                    },
+                null));
+
+    systemPreparer = 
+	new BasicProxyPreparer( 
+	    true,
+            mutualAuthenticationConstraints,
+            new Permission[] { 
+		new AuthenticationPermission(
+		    phoenixUser,
+            	    phoenixUser,
+                    "connect") 
+		});
+
+    monitorPreparer = systemPreparer;
+
+}//end com.sun.jini.phoenix

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix-group.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for SSL Phoenix */
+
+import com.sun.jini.config.KeyStores;
+import com.sun.jini.phoenix.*;
+import net.jini.constraint.*;
+import net.jini.core.constraint.*;
+import net.jini.jeri.*;
+import net.jini.jeri.ssl.SslServerEndpoint;
+import net.jini.security.*;
+import javax.security.auth.login.LoginContext;
+
+com.sun.jini.phoenix {
+
+    registryExporter = new RegistrySunExporter();
+    private sslPort = 2000; // pick one, cannot be 1098
+    private daemonEndpoint = SslServerEndpoint.getInstance(sslPort);
+    private integrity = new BasicMethodConstraints(
+        new InvocationConstraints(Integrity.YES, null));
+    systemExporter =
+        new BasicJeriExporter(daemonEndpoint,
+                              new SystemAccessProxyTrustILFactory(integrity),
+                              false, true,
+                              PhoenixConstants.ACTIVATION_SYSTEM_UUID);
+    activatorExporter =
+        new BasicJeriExporter(daemonEndpoint,
+                              new ProxyTrustILFactory(integrity, null),
+                              false, true,
+                              PhoenixConstants.ACTIVATOR_UUID);
+    monitorExporter =
+        new BasicJeriExporter(daemonEndpoint,
+                              new ProxyTrustILFactory(
+                                        integrity,
+                                        MonitorPermission.class));
+    private groupEndpoint = SslServerEndpoint.getInstance(0);
+
+    private static keystore = 
+	KeyStores.getKeyStore("file:prebuiltkeys/truststore", null);
+
+    private mutualAuth =
+        new BasicMethodConstraints(new InvocationConstraints(
+            new InvocationConstraint[]{
+                Integrity.YES,
+                ClientAuthentication.YES,
+                ServerAuthentication.YES,
+                new ServerMinPrincipal(
+                    KeyStores.getX500Principal("phoenix", keystore))},
+            null));
+    instantiatorPreparer = new BasicProxyPreparer(true, mutualAuth, null);
+    monitorPreparer = instantiatorPreparer;
+    systemPreparer = instantiatorPreparer;
+    loginContext = new LoginContext("com.sun.jini.Phoenix");
+    persistenceDirectory = "lib${/}phoenix-log";
+    groupConfig = new String[] { "config${/}ssl-phoenix-group.config" };
+
+}//end com.sun.jini.phoenix

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.login
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.login?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.login (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.login Sun Sep 27 00:15:03 2009
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* JAAS login configuration file for Phoenix */
+
+com.sun.jini.Phoenix {
+    com.sun.security.auth.module.KeyStoreLoginModule required
+	keyStoreAlias="phoenix"
+	keyStoreURL="file:prebuiltkeys/phoenix.keystore"
+	keyStorePasswordURL="file:prebuiltkeys/phoenix.password";
+};
+
+com.sun.jini.example.hello.Server {
+    com.sun.security.auth.module.KeyStoreLoginModule required
+	keyStoreAlias="server"
+	keyStoreURL="file:prebuiltkeys/server.keystore"
+	keyStorePasswordURL="file:prebuiltkeys/server.password";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.login
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for SSL Phoenix */
+
+/* Keystore containing trusted certificates to use for authentication */
+keystore "..${/}prebuiltkeys${/}truststore";
+
+/* Grant the local JAR files all permissions */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant permission to the "server" principal */
+grant principal "server" {
+    permission com.sun.jini.phoenix.SystemPermission "getProxyVerifier";
+    permission com.sun.jini.phoenix.SystemPermission "registerGroup";
+    permission com.sun.jini.phoenix.SystemPermission "registerObject";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.security.manager=";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.security.policy=config${/}activatable-ssl-server.policy";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+      "-Djava.security.properties=config${/}dynamic-policy.security-properties";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.security.auth.login.config=config${/}ssl-phoenix.login";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djavax.net.ssl.trustStore=prebuiltkeys${/}truststore";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-Djava.protocol.handler.pkgs=net.jini.url";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+	"-Djava.rmi.server.codebase=*";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "-classpath";
+
+    permission com.sun.jini.phoenix.ExecOptionPermission
+        "lib${/}server-act.jar${path.separator}lib${/}mdprefld.jar";
+};
+
+/* Grant the principal "phoenix" the permissions to start a group */
+grant principal "phoenix" {
+    permission com.sun.jini.phoenix.SystemPermission "getProxyVerifier";
+    permission com.sun.jini.phoenix.MonitorPermission "getProxyVerifier";
+    permission com.sun.jini.phoenix.SystemPermission "activeGroup";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-phoenix.policy
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.config
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.config?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.config (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.config Sun Sep 27 00:15:03 2009
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Configuration source file for Reggie using SSL */
+
+import com.sun.jini.config.KeyStores;
+import com.sun.jini.reggie.RegistrarPermission;
+
+import java.security.Permission;
+import java.util.Collections;
+import javax.security.auth.login.LoginContext;
+
+import net.jini.constraint.BasicMethodConstraints;
+import net.jini.core.constraint.ClientAuthentication;
+import net.jini.core.constraint.Integrity;
+import net.jini.core.constraint.InvocationConstraint;
+import net.jini.core.constraint.InvocationConstraints;
+import net.jini.core.constraint.ServerAuthentication;
+import net.jini.core.constraint.ServerMinPrincipal;
+import net.jini.jeri.BasicJeriExporter;
+import net.jini.jeri.ProxyTrustILFactory;
+import net.jini.jeri.ssl.SslServerEndpoint;
+import net.jini.security.AuthenticationPermission;
+import net.jini.security.BasicProxyPreparer;
+
+com.sun.jini.reggie {
+
+    /* Reggie settings */
+    initialMemberGroups   = new String[] { "ssl.hello.example.jini.sun.com" };
+
+    /* JAAS login */
+    loginContext = new LoginContext("com.sun.jini.Reggie");
+
+    /* User information */
+
+    private static users = 
+	KeyStores.getKeyStore("file:prebuiltkeys/truststore", null);
+
+    private static clientUser = Collections.singleton(
+	KeyStores.getX500Principal("client", users));
+    private static reggieUser = Collections.singleton(
+	KeyStores.getX500Principal("reggie", users));
+
+    /* Exporters */
+    private serviceEndpoint = SslServerEndpoint.getInstance(0);
+    private serviceConstraints = 
+	new BasicMethodConstraints(
+	    new InvocationConstraints(
+		new InvocationConstraint[]{ Integrity.YES }, null
+		)
+	    );
+
+    private serviceILFactory =
+	new ProxyTrustILFactory(serviceConstraints,
+                                RegistrarPermission.class);
+
+    serverExporter = new BasicJeriExporter(serviceEndpoint, serviceILFactory);
+
+    /* Proxy Preparers */
+    private listenerPrincipals = 
+	new InvocationConstraint[] {
+	    new ServerMinPrincipal(clientUser)
+            };
+
+    private serviceListenerConstraints = 
+	new BasicMethodConstraints(
+	    new InvocationConstraints( 
+		new InvocationConstraint[] {
+		    Integrity.YES,
+                    ClientAuthentication.YES,
+                    ServerAuthentication.YES,
+                    new ServerMinPrincipal(com.sun.jini.reggie.clientUser)
+                    },
+                null));
+
+    listenerPreparer = 
+	new BasicProxyPreparer(
+	    true,
+            serviceListenerConstraints,
+            new Permission[] { 
+		new AuthenticationPermission(
+		    reggieUser,
+                    clientUser,
+                    "connect") 
+		});
+}//end com.sun.jini.reggie
+
+/* Items used in multiple blocks below */
+shared.entries {
+
+    private serviceLookupConstraints = 
+	new BasicMethodConstraints( 
+	    new InvocationConstraints( 
+		new InvocationConstraint[] { 
+		    Integrity.YES,
+		    ClientAuthentication.YES,
+		    ServerAuthentication.YES,
+		    new ServerMinPrincipal(
+			com.sun.jini.reggie.reggieUser) 
+		    }, 
+		null));
+
+}//end shared.entries
+
+/* Configuration block for the lookup discovery utility */
+net.jini.discovery.LookupDiscovery {
+
+    registrarPreparer = 
+	new BasicProxyPreparer( 
+	    true,
+	    shared.entries.serviceLookupConstraints,
+	    new Permission[] { 
+		new AuthenticationPermission(
+		com.sun.jini.reggie.reggieUser,
+		com.sun.jini.reggie.reggieUser,
+		"connect") 
+	    });
+
+}//end net.jini.discovery.LookupDiscovery
+
+/* Configuration block for the join manager */
+net.jini.lookup.JoinManager {
+
+    registrarPreparer    = net.jini.discovery.LookupDiscovery.registrarPreparer;
+    registrationPreparer = net.jini.discovery.LookupDiscovery.registrarPreparer;
+    serviceLeasePreparer = net.jini.discovery.LookupDiscovery.registrarPreparer;
+
+}//end net.jini.lookup.JoinManager

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.config
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.login
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.login?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.login (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.login Sun Sep 27 00:15:03 2009
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* JAAS login configuration file for Reggie */
+
+com.sun.jini.Reggie {
+    com.sun.security.auth.module.KeyStoreLoginModule required
+	keyStoreAlias="reggie"
+	keyStoreURL="file:prebuiltkeys/reggie.keystore"
+	keyStorePasswordURL="file:prebuiltkeys/reggie.password";
+};
+

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.login
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.policy
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.policy?rev=819236&view=auto
==============================================================================
--- incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.policy (added)
+++ incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.policy Sun Sep 27 00:15:03 2009
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Security policy for SSL-enabled reggie */
+
+/* Keystore containing trusted certificates to use for authentication */
+keystore "..${/}prebuiltkeys${/}truststore";
+
+/* Grant all permissions to local JAR files */
+grant codeBase "file:..${/}..${/}lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+grant codebase "file:lib${/}*" {
+    permission java.security.AllPermission;
+};
+
+/* Grant permissions to all */
+grant {
+    permission com.sun.jini.reggie.RegistrarPermission "getProxyVerifier";
+};
+
+/* Grant permissions to server */
+grant principal "server" {
+    permission com.sun.jini.reggie.RegistrarPermission "register";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelServiceLease";
+    permission com.sun.jini.reggie.RegistrarPermission "renewServiceLease";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelLeases";
+    permission com.sun.jini.reggie.RegistrarPermission "renewLeases";
+};
+grant principal "client" { 
+    permission com.sun.jini.reggie.RegistrarPermission "lookup";
+    permission com.sun.jini.reggie.RegistrarPermission "notify";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelEventLease";
+    permission com.sun.jini.reggie.RegistrarPermission "renewEventLease";
+    permission com.sun.jini.reggie.RegistrarPermission "cancelLeases";
+    permission com.sun.jini.reggie.RegistrarPermission "renewLeases";
+};

Propchange: incubator/river/jtsk/trunk/examples/hello/config/ssl-reggie.policy
------------------------------------------------------------------------------
    svn:executable = *



Mime
View raw message