river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter_firmst...@apache.org
Subject svn commit: r948391 - in /incubator/river/jtsk/trunk: src/com/sun/jini/tool/ src/net/jini/security/policy/ src/org/apache/river/api/security/ src/org/apache/river/imp/security/policy/cdc/ src/org/apache/river/imp/security/policy/concurrent/ test/src/ne...
Date Wed, 26 May 2010 10:47:42 GMT
Author: peter_firmstone
Date: Wed May 26 10:47:42 2010
New Revision: 948391

URL: http://svn.apache.org/viewvc?rev=948391&view=rev
Log:
River-340 Additional Grants

Removed:
    incubator/river/jtsk/trunk/test/src/net/jini/security/policy/DynamicPolicyProviderTest.java
    incubator/river/jtsk/trunk/test/src/org/apache/river/imp/security/policy/se/DynamicConcurrentPolicyProviderTest.java
Modified:
    incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java
    incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java
    incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java
    incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
    incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java

Modified: incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/src/com/sun/jini/tool/DebugDynamicPolicyProvider.java Wed May
26 10:47:42 2010
@@ -43,15 +43,15 @@ import net.jini.security.policy.PolicyIn
 /**
  * Defines a {@link DynamicPolicy} that logs information about missing
  * permissions, and optionally grants all permissions, which is <b>FOR
- * DEBUGGING ONLY</b>. Do not use this security policy provider to grant
+ * DEBUGGING ONLY</b>. Do not use this security policy provider to grantCodeSource
  * all permissions in a production environment. <p>
  *
  * This class is intended to simplify the process of deciding what security
- * permissions to grant to run an application.  While it is generally
- * acceptable to grant all permissions to local, trusted code, downloaded
+ * permissions to grantCodeSource to run an application.  While it is generally
+ * acceptable to grantCodeSource all permissions to local, trusted code, downloaded
  * code should typically be granted the least permission possible. <p>
  *
- * The usual approach to choosing which permissions to grant is to start by
+ * The usual approach to choosing which permissions to grantCodeSource is to start by
  * running the application with a security policy file that grants all
  * permissions to local, trusted code.  When the application fails with an
  * exception message that identifies a missing permission, add that
@@ -170,7 +170,7 @@ public class DebugDynamicPolicyProvider 
     private static final Logger logger =
 	Logger.getLogger("net.jini.security.policy");
 
-    /* If true, always grant permission */
+    /* If true, always grantCodeSource permission */
     private static boolean grantAll =
 	((Boolean) AccessController.doPrivileged(
 	    new PrivilegedAction() {

Modified: incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java (original)
+++ incubator/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java Wed
May 26 10:47:42 2010
@@ -5,6 +5,7 @@
 
 package net.jini.security.policy;
 
+import java.security.cert.Certificate;
 import org.apache.river.imp.security.policy.cdc.DynamicPolicyProviderImpl;
 import java.security.AccessControlException;
 import java.security.AccessController;
@@ -67,7 +68,7 @@ public class DynamicPolicyProvider exten
     private static final Logger logger = 
             Logger.getLogger("net.jini.security.policy");
 // Debugging can be done with an SPI implementation    
-//    /* If true, always grant permission */
+//    /* If true, always grantCodeSource permission */
 //    @SuppressWarnings("unchecked")
 //    private static volatile boolean grantAll =
 //	((Boolean) AccessController.doPrivileged(
@@ -318,8 +319,24 @@ public class DynamicPolicyProvider exten
         instance.revoke(cs, principals, permissions);
     }
 
-    public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws
UnsupportedOperationException {
-        instance.grant(cs, principals, permissions);
+    public void grantCodeSource(CodeSource cs, Principal[] principals, Permission[] permissions)
throws UnsupportedOperationException {
+        instance.grantCodeSource(cs, principals, permissions);
+    }
+
+    public void grantProtectionDomain(Class cl, Permission[] permissions) throws UnsupportedOperationException
{
+        instance.grantProtectionDomain(cl, permissions);
+    }
+
+    public void revokeProtectionDomain(Class cl, Permission[] permissions) throws UnsupportedOperationException
{
+        instance.revokeProtectionDomain(cl, permissions);
+    }
+
+    public void grant(Certificate[] certs, Principal[] principals, Permission[] permissions)
throws UnsupportedOperationException {
+        instance.grant(certs, principals, permissions);
+    }
+
+    public void revoke(Certificate[] certs, Principal[] principals, Permission[] permissions)
throws UnsupportedOperationException {
+        instance.revoke(certs, principals, permissions);
     }
    
 }

Modified: incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java (original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/api/security/RevokeablePolicy.java Wed
May 26 10:47:42 2010
@@ -8,6 +8,8 @@ package org.apache.river.api.security;
 import java.security.CodeSource;
 import java.security.Permission;
 import java.security.Principal;
+import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
 import net.jini.security.policy.DynamicPolicy;
 
 /**
@@ -49,7 +51,19 @@ public interface RevokeablePolicy extend
      * @param permissions
      * @throws java.lang.UnsupportedOperationException
      */
-    public void grant(CodeSource cs, Principal[] principals, Permission[] permissions)
+    public void grantCodeSource(CodeSource cs, Principal[] principals, Permission[] permissions)
+            throws UnsupportedOperationException;
+    
+    public void grantProtectionDomain(Class cl, Permission[] permissions)
+            throws UnsupportedOperationException;
+    
+    public void revokeProtectionDomain(Class cl, Permission[] permissions)
+            throws UnsupportedOperationException;
+    
+    public void grant(Certificate[] certs, Principal[] principals, Permission[] permissions)
+            throws UnsupportedOperationException;
+    
+    public void revoke(Certificate[] certs, Principal[] principals, Permission[] permissions)
             throws UnsupportedOperationException;
     /**
      * 

Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
(original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/cdc/DynamicPolicyProviderImpl.java
Wed May 26 10:47:42 2010
@@ -18,6 +18,7 @@
 
 package org.apache.river.imp.security.policy.cdc;
 
+import java.security.cert.Certificate;
 import net.jini.security.policy.*;
 import com.sun.jini.collection.WeakIdentityMap;
 import java.lang.ref.ReferenceQueue;
@@ -49,7 +50,7 @@ import org.apache.river.imp.security.pol
 
 /**
  * Security policy provider that supports dynamic granting of permissions at
- * run-time.  This provider is designed as a wrapper to layer dynamic grant
+ * run-time.  This provider is designed as a wrapper to layer dynamic grantCodeSource
  * functionality on top of an underlying policy provider.  If the underlying
  * provider does not implement the {@link DynamicPolicy} interface, then its
  * permission mappings are assumed to change only when its {@link
@@ -170,7 +171,7 @@ public class DynamicPolicyProviderImpl e
 	return true;
     }
 
-    // documentation inherited from DynamicPolicy.grant
+    // documentation inherited from DynamicPolicy.grantCodeSource
     public void grant(Class cl, 
 		      Principal[] principals, 
 		      Permission[] permissions) 
@@ -577,7 +578,23 @@ public class DynamicPolicyProviderImpl e
         throw new UnsupportedOperationException("Not supported yet.");
     }
 
-    public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws
UnsupportedOperationException {
+    public void grantCodeSource(CodeSource cs, Principal[] principals, Permission[] permissions)
throws UnsupportedOperationException {
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
+
+    public void grantProtectionDomain(Class cl, Permission[] permissions) throws UnsupportedOperationException
{
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
+
+    public void revokeProtectionDomain(Class cl, Permission[] permissions) throws UnsupportedOperationException
{
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
+
+    public void grant(Certificate[] certs, Principal[] principals, Permission[] permissions)
throws UnsupportedOperationException {
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
+
+    public void revoke(Certificate[] certs, Principal[] principals, Permission[] permissions)
throws UnsupportedOperationException {
         throw new UnsupportedOperationException("Not supported yet.");
     }
 }

Modified: incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java?rev=948391&r1=948390&r2=948391&view=diff
==============================================================================
--- incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
(original)
+++ incubator/river/jtsk/trunk/src/org/apache/river/imp/security/policy/concurrent/DynamicConcurrentPolicyProvider.java
Wed May 26 10:47:42 2010
@@ -13,6 +13,7 @@ import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
 import java.security.Provider;
+import java.security.cert.Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -78,12 +79,12 @@ import org.apache.river.imp.util.Concurr
  * <p>
  * It is thus reccommeded that Static policy files only be used for files
  * where the level of trust is relatively static.  This is the only implementation
- * where a dyanamic grant can be removed.  In the case of Proxy trust, a proxy
+ * where a dyanamic grantCodeSource can be removed.  In the case of Proxy trust, a proxy
  * is no longer trusted when it has lost contact with it's Principal (server)
  * because the server cannot be asked if it trusts it's proxy and the proxy
  * cannot be given a thread of control to find it's server because it has
  * already attained too many Permissions.  In this new implementation it should
- * be possible to revoke AllPermission and grant Permissions dynamically as 
+ * be possible to revoke AllPermission and grantCodeSource Permissions dynamically as 
  * trust is gained.</p>
  * <p>
  * This may cause some undesireable side effects in existing programs.
@@ -236,7 +237,7 @@ public class DynamicConcurrentPolicyProv
                 // and remove all grants that may be granted by other means.
                 // such as ProtectionDomain or Principals alone.
                 // When we have Certificates we might want to check that
-                // too because otherwise we might remove a grant that doesn't
+                // too because otherwise we might remove a grantCodeSource that doesn't
                 // imply or apply.
                 if ( ge.impliesPrincipals(loader == null ? null : principals)
                     && ge.impliesClassLoader(loader)) {
@@ -370,7 +371,7 @@ public class DynamicConcurrentPolicyProv
     }
     
     /**
-     * Calling refresh doesn't remove any dynamic grant's, it only clears
+     * Calling refresh doesn't remove any dynamic grantCodeSource's, it only clears
      * the cache and refreshes the underlying Policy, it also removes any
      * grants for ProtectionDomains that no longer exist.
      */
@@ -397,7 +398,7 @@ public class DynamicConcurrentPolicyProv
         return true;
     }
 
-    public void grant(Class cl, Principal[] principals, Permission[] permissions) {
+    private void grant(Class cl, int context, Principal[] principals, Permission[] permissions)
{
         if (initialized == false) throw new RuntimeException("Object not initialized");
         if (permissions == null || permissions.length == 0) {return;}
         if (principals == null){ principals = new Principal[0];}
@@ -428,7 +429,7 @@ public class DynamicConcurrentPolicyProv
         if ( cl != null){
             domain = getDomain(cl);
         }
-        PolicyEntry pe = new PolicyEntry(domain, 0, pal, perm);
+        PolicyEntry pe = new PolicyEntry(domain, context, pal, perm);
         if (loggable){
             logger.log(Level.FINEST, "Granting: " + pe.toString());
         }
@@ -460,7 +461,7 @@ public class DynamicConcurrentPolicyProv
                 // and remove all grants that may be granted by other means.
                 // such as ProtectionDomain or Principals alone.
                 // When we have Certificates we might want to check that
-                // too because otherwise we might remove a grant that doesn't
+                // too because otherwise we might remove a grantCodeSource that doesn't
                 // imply or apply.
                 if ( ge.impliesPrincipals(loader == null ? null : principals)
                     && ge.impliesClassLoader(loader)) {
@@ -511,12 +512,102 @@ public class DynamicConcurrentPolicyProv
             return pd;
     }
 
-    public void revoke(CodeSource cs, Principal[] principals, Permission[] permissions) throws
UnsupportedOperationException {
+    public void revoke(CodeSource cs, Principal[] principals, 
+            Permission[] permissions) throws UnsupportedOperationException {
         throw new UnsupportedOperationException("Not supported yet.");
     }
 
-    public void grant(CodeSource cs, Principal[] principals, Permission[] permissions) throws
UnsupportedOperationException {
+    public void grantCodeSource(CodeSource cs, Principal[] principals, 
+            Permission[] permissions) throws UnsupportedOperationException {
+        if (initialized == false) throw new RuntimeException("Object not initialized");
+        if (permissions == null || permissions.length == 0) {return;}
+        if (principals == null){ principals = new Principal[0];}
+        if (principals.length > 0) {
+	    principals = principals.clone();
+	    checkNullElements(principals);
+	} 
+        permissions = permissions.clone();
+        checkNullElements(permissions);
+        if ( basePolicyIsDynamic ){
+            /* Delegate, otherwise, if base policy is an instance of this class, we
+             * may have multi combinations of permissions that together should
+             * be true but become separated as this implementation will not
+             * return any dynamically granted permissions via getPermissions(
+             * because doing so would mean loosing revoke ability.
+             */           
+            throw new UnsupportedOperationException("Can't delegate CodeSource" +
+                    "grant to underlying policy");
+        }
+	SecurityManager sm = System.getSecurityManager();
+	if (sm != null) {
+	    sm.checkPermission(new GrantPermission(permissions));
+	}
+        Collection<Principal> pal = Arrays.asList(principals);
+        Collection<Permission> perm = Arrays.asList(permissions);
+        PolicyEntry pe = new PolicyEntry(cs, pal, perm);
+        if (loggable){
+            logger.log(Level.FINEST, "Granting: " + pe.toString());
+        }
+        try {
+            wl.lock();
+            dynamicGrants.add(pe);           
+        } finally {wl.unlock();}
+    }
+
+    public void grantProtectionDomain(Class cl, Permission[] permissions) 
+            throws UnsupportedOperationException {
+        grant(cl, PolicyEntry.PROTECTIONDOMAIN, (Principal[]) null, permissions);
+    }
+
+    public void revokeProtectionDomain(Class cl, Permission[] permissions) 
+            throws UnsupportedOperationException {
         throw new UnsupportedOperationException("Not supported yet.");
     }
 
+    public void grant(Certificate[] certs, Principal[] principals, 
+            Permission[] permissions) throws UnsupportedOperationException {
+        if (initialized == false) throw new RuntimeException("Object not initialized");
+        if (permissions == null || permissions.length == 0) {return;}
+        if (principals == null){ principals = new Principal[0];}
+        if (principals.length > 0) {
+	    principals = principals.clone();
+	    checkNullElements(principals);
+	} 
+        permissions = permissions.clone();
+        checkNullElements(permissions);
+        if ( basePolicyIsDynamic ){
+            /* Delegate, otherwise, if base policy is an instance of this class, we
+             * may have multi combinations of permissions that together should
+             * be true but become separated as this implementation will not
+             * return any dynamically granted permissions via getPermissions(
+             * because doing so would mean loosing revoke ability.
+             */           
+            throw new UnsupportedOperationException("Can't delegate Certificate" +
+                    "grants to underlying policy");
+        }
+	SecurityManager sm = System.getSecurityManager();
+	if (sm != null) {
+	    sm.checkPermission(new GrantPermission(permissions));
+	}
+        Collection<Principal> pal = Arrays.asList(principals);
+        Collection<Permission> perm = Arrays.asList(permissions);
+        PolicyEntry pe = new PolicyEntry(certs, pal, perm);
+        if (loggable){
+            logger.log(Level.FINEST, "Granting: " + pe.toString());
+        }
+        try {
+            wl.lock();
+            dynamicGrants.add(pe);           
+        } finally {wl.unlock();}
+    }
+
+    public void revoke(Certificate[] certs, Principal[] principals, 
+            Permission[] permissions) throws UnsupportedOperationException {
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
+
+    public void grant(Class cl, Principal[] principals, Permission[] permissions) {
+        grant(cl, PolicyEntry.CLASSLOADER, principals, permissions);
+    }
+
 }



Mime
View raw message