river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter_firmst...@apache.org
Subject svn commit: r1023456 - in /incubator/river/jtsk/skunk/pepe: src/net/jini/security/policy/ src/org/apache/river/api/io/ src/org/apache/river/api/security/ test/src/org/apache/river/api/security/ test/src/org/apache/river/imp/security/policy/se/ test/src...
Date Sun, 17 Oct 2010 11:04:12 GMT
Author: peter_firmstone
Date: Sun Oct 17 11:04:11 2010
New Revision: 1023456

URL: http://svn.apache.org/viewvc?rev=1023456&view=rev
Log:
River-362 Denial of Service and change package tree org.apache.river.imp to org.apache.river.impl
as per Sim's request.

Added:
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthCodebaseCertificates.java
  (with props)
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
  (with props)
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalOutputStream.java
  (with props)
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/ClassLoadingPermission.java
  (with props)
Modified:
    incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/DelegatePermission.java
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java
    incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java
    incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/api/security/PermissionGrantTest.java
    incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPermissionsTest.java
    incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFileTest.java
    incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/MultiReadPermissionCollectionTest.java
    incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/Permissions_ImplTest.java
    incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java
    incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java
    incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyUtilsTest.java

Modified: incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java
(original)
+++ incubator/river/jtsk/skunk/pepe/src/net/jini/security/policy/DynamicPolicyProvider.java
Sun Oct 17 11:04:11 2010
@@ -6,7 +6,8 @@
 package net.jini.security.policy;
 
 import java.util.List;
-import org.apache.river.imp.security.policy.cdc.DynamicPolicyProviderImpl;
+import org.apache.river.api.security.PermissionGrantBuilder;
+import org.apache.river.impl.security.policy.cdc.DynamicPolicyProviderImpl;
 import java.security.AccessControlException;
 import java.security.AccessController;
 import java.security.CodeSource;
@@ -25,7 +26,7 @@ import org.apache.river.api.security.Per
 import org.apache.river.api.security.RevokePermission;
 import org.apache.river.api.security.RevokeableDynamicPolicy;
 import sun.misc.Service;
-import org.apache.river.imp.security.policy.spi.RevokeableDynamicPolicySpi;
+import org.apache.river.impl.security.policy.spi.RevokeableDynamicPolicySpi;
 
 /**
  * This class replaces the existing DynamicPolicyProvider, the existing 
@@ -321,4 +322,8 @@ public class DynamicPolicyProvider exten
     public List<PermissionGrant> getPermissionGrants() {
         return instance.getPermissionGrants();
     }
+
+    public PermissionGrantBuilder getGrantBuilder() {
+	return instance.getGrantBuilder();
+    }
 }

Added: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthCodebaseCertificates.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthCodebaseCertificates.java?rev=1023456&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthCodebaseCertificates.java
(added)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthCodebaseCertificates.java
Sun Oct 17 11:04:11 2010
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.io;
+
+import java.io.IOException;
+import java.security.cert.Certificate;
+
+/**
+ * Authorised Codebase Certificates are granted ClassLoadingPermission after
+ * the Server has authenticated itself with the client.
+ * 
+ * CodeSource Certificates used for granting a ClassLoadingPermission to
+ * a CodeSource.
+ * 
+ * A Proxy sent by the AuthMarshalOutputStream implements this interface to
+ * provide protection against ClassLoading of an attacker using cuckoo classes,
+ * decieving the client into loading untrusted code prior to proxy verification.
+ * @author Peter Firmstone
+ */
+public interface AuthCodebaseCertificates {
+    Certificate[] getCodeSourceCertificates() throws IOException;
+}

Propchange: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthCodebaseCertificates.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java?rev=1023456&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
(added)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
Sun Oct 17 11:04:11 2010
@@ -0,0 +1,320 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.io;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InvalidObjectException;
+import java.io.ObjectStreamClass;
+import java.lang.reflect.Proxy;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.Policy;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+import net.jini.io.MarshalInputStream;
+import net.jini.loader.ClassLoading;
+import net.jini.loader.DownloadPermission;
+import net.jini.security.ProxyPreparer;
+import org.apache.river.api.security.ClassLoadingPermission;
+import org.apache.river.api.security.PermissionGrant;
+import org.apache.river.api.security.PermissionGrantBuilder;
+import org.apache.river.api.security.RevokeableDynamicPolicy;
+
+/**
+ * AuthMarshalInputStream requires the AuthMarshalOutputStream to send a proxy
+ * in order to authenticate itself, it is best if the size of this proxy is 
+ * kept to a minimum by only implementing AuthCodebaseCertificates,
+ * ProxyPreparer and RemoteMethodControl.  The InvocationHandler should
+ * be kept to a minimum.
+ * 
+ * Once the remote end has authenticated, the Annotation string can be read
+ * and a Class file returned.
+ * 
+ * The AuthMarshalInputStream will dynamically grant DownloadPermission to the
+ * each URL CodeSource if the Server authenticates itself.
+ * 
+ * Note that the DownloadPermission is not granted to the Server Principal
+ * only to the CodeSource that the Server want's the client to download.
+ * 
+ * Authentication is only used to determine if we trust the server to inform
+ * us of a suitable URL for download.  Once DownloadPermission has been granted 
+ * to the CodeSource it's codebase (jar file) can be downloaded.
+ * 
+ * Authentication is only performed once for each codebase String.
+ * 
+ * @author Peter Firmstone
+ */
+public class AuthMarshalInputStream extends MarshalInputStream {
+ 
+    /**
+     * maps keywords for primitive types and void to corresponding
+     * Class objects
+     **/
+    private static final Map<String,Class> specialClasses 
+	    = new HashMap<String,Class>(9);
+    static {
+	specialClasses.put("boolean", boolean.class);
+	specialClasses.put("byte", byte.class);
+	specialClasses.put("char", char.class);
+	specialClasses.put("short", short.class);
+	specialClasses.put("int", int.class);
+	specialClasses.put("long", long.class);
+	specialClasses.put("float", float.class);
+	specialClasses.put("double", double.class);
+	specialClasses.put("void", void.class);
+    }
+    
+    private static final Permission[] dlPerm = {new DownloadPermission()};
+    
+    private static List<String> dynamicGrants = new ArrayList<String>();
+
+    /**
+     * value to pass as the "default loader" argument to loadClass and
+     * loadProxyClass
+     **/
+    private final ClassLoader defaultLoader;
+
+    /** true if this stream verifies codebase integrity */
+    private final boolean verifyCodebaseIntegrity;
+
+    /** loader to pass to Security.verifyCodebaseIntegrity */
+    private final ClassLoader verifierLoader;
+
+    /**
+     * if false, pass null codebase values to loadClass and
+     * loadProxyClass methods; if true, pass codebase values from
+     * stream class annotations
+     **/
+    private boolean usingCodebaseAnnotations;
+    
+    private final ProxyPreparer preparer;
+    
+    private boolean allowUnsigned;
+
+    /**
+     * Creates a new <code>AuthMarshalInputStream</code> that reads
+     * marshalled data from the specified underlying
+     * <code>InputStream</code>.
+     *
+     * <p>This constructor passes <code>in</code> to the superclass
+     * constructor that has an <code>InputStream</code> parameter.
+     *
+     * <p><code>defaultLoader</code> will be passed as the
+     * <code>defaultLoader</code> argument to {@link
+     * ClassLoading#loadClass ClassLoading.loadClass} and {@link
+     * ClassLoading#loadProxyClass ClassLoading.loadProxyClass}
+     * whenever those methods are invoked by {@link #resolveClass
+     * resolveClass} and {@link #resolveProxyClass resolveProxyClass}.
+     *
+     * <p>If <code>verifyCodebaseIntegrity</code> is
+     * <code>true</code>, then the created stream will verify that all
+     * codebase annotation URLs that are used to load classes resolved
+     * by the stream provide content integrity, and whenever {@link
+     * Security#verifyCodebaseIntegrity
+     * Security.verifyCodebaseIntegrity} is invoked to enforce that
+     * verification, <code>verifierLoader</code> will be passed as the
+     * <code>loader</code> argument.  See {@link
+     * ClassLoading#loadClass ClassLoading.loadClass} and {@link
+     * ClassLoading#loadProxyClass ClassLoading.loadProxyClass} for
+     * details of how codebase integrity verification is performed.
+     *
+     * <p><code>context</code> will be used as the return value of the
+     * created stream's {@link #getObjectStreamContext
+     * getObjectStreamContext} method.
+     *
+     * @param in the input stream to read marshalled data from
+     *
+     * @param defaultLoader the class loader value (possibly
+     * <code>null</code>) to pass as the <code>defaultLoader</code>
+     * argument to <code>ClassLoading</code> methods
+     *
+     * @param verifyCodebaseIntegrity if <code>true</code>, this
+     * stream will verify that codebase annotation URLs used to load
+     * classes resolved by this stream provide content integrity
+     *
+     * @param verifierLoader the class loader value (possibly
+     * <code>null</code>) to pass to
+     * <code>Security.verifyCodebaseIntegrity</code>, if
+     * <code>verifyCodebaseIntegrity</code> is <code>true</code>
+     *
+     * @param context the collection of context information objects to
+     * be returned by this stream's {@link #getObjectStreamContext
+     * getObjectStreamContext} method
+     *
+     * @param preparer the proxy preparer used to authenticate the server
+     * prior to downloading any classes.
+     * 
+     * @throws IOException if the superclass's constructor throws an
+     * <code>IOException</code>
+     *
+     * @throws SecurityException if the superclass's constructor
+     * throws a <code>SecurityException</code>
+     *
+     * @throws NullPointerException if <code>in</code> or
+     * <code>context</code> is <code>null</code>
+     **/
+
+    public AuthMarshalInputStream(InputStream in,
+			      ClassLoader defaultLoader,
+			      boolean verifyCodebaseIntegrity,
+			      ClassLoader verifierLoader,
+			      Collection context,
+			      ProxyPreparer preparer )
+	throws IOException
+    {
+	super (in, defaultLoader, verifyCodebaseIntegrity, verifierLoader,
+		context);
+	this.defaultLoader = defaultLoader;
+	this.verifyCodebaseIntegrity = verifyCodebaseIntegrity;
+	this.verifierLoader = verifierLoader;
+	this.preparer = preparer;
+	allowUnsigned = false;
+    }
+    
+    /**
+     * Unsigned jar's are not allowed by default, selecting this will grant
+     * ClassLoadingPermission to unsigned jar files.  Doing so risks exposing
+     * the client to untrusted code during smart proxy unmarshalling.
+     */
+    public void allowUnsignedJars(){
+	allowUnsigned = true;
+    }
+
+    // Inherit documentation from MarshalInputStream
+    @Override
+    public void useCodebaseAnnotations() {
+	usingCodebaseAnnotations = true;
+	super.useCodebaseAnnotations();
+    }
+
+    // Inherit documentation from MarshalInputStream
+    @Override
+    protected Class resolveClass(ObjectStreamClass classDesc)
+	throws IOException, ClassNotFoundException
+    {
+	if (classDesc == null) {
+	    throw new NullPointerException();
+	}
+
+	// must always consume annotation written by MarshalOutputStream
+	String annotation = readAnnotation();
+	String codebase = usingCodebaseAnnotations ? annotation : null;
+	authenticate(codebase);
+	String name = classDesc.getName();
+	try {
+	    return ClassLoading.loadClass(codebase,
+					  name,
+					  defaultLoader,
+					  verifyCodebaseIntegrity,
+					  verifierLoader);
+	} catch (ClassNotFoundException e) {
+	    Class c = specialClasses.get(name);
+	    if (c != null) {
+		return c;
+	    } else {
+		throw e;
+	    }
+	}
+    }
+
+    // Inherit documentation from MarshalInputStream
+    @Override
+    protected Class resolveProxyClass(String[] interfaceNames)
+	throws IOException, ClassNotFoundException
+    {
+	for (int i = 0; i < interfaceNames.length; i++) {
+	    if (interfaceNames[i] == null) {
+		throw new NullPointerException();
+	    }
+	}
+
+	// must always consume annotation written by MarshalOutputStream
+	String annotation = readAnnotation();
+	String codebase = usingCodebaseAnnotations ? annotation : null;
+	authenticate(codebase);
+	return ClassLoading.loadProxyClass(codebase,
+					   interfaceNames,
+					   defaultLoader,
+					   verifyCodebaseIntegrity,
+					   verifierLoader);
+    }
+    
+    private void authenticate(String codebase) 
+	    throws IOException, ClassNotFoundException{
+	// Always read the proxy from the AuthMarshalInputStream
+	Object proxy = readObject();
+	if (codebase == null) return;
+	// We only need to authenticate and grant codebase once.
+	if (dynamicGrants.contains(codebase)) return;
+	try {
+	    //Authenticate
+	    proxy = preparer.prepareProxy(proxy);
+	    Certificate[] certs = null;
+	    if ( proxy instanceof AuthCodebaseCertificates ){
+		certs = ((AuthCodebaseCertificates) proxy).getCodeSourceCertificates();
+	    }
+	    
+	    Policy policy = Policy.getPolicy();
+	    if (policy instanceof RevokeableDynamicPolicy){
+		StringTokenizer st = new StringTokenizer(codebase); // divide by spaces
+		URL[] urls = new URL[st.countTokens()];
+		for (int i = 0; st.hasMoreTokens(); i++) {
+		    urls[i] = new URL(st.nextToken());
+		}
+		// Dynamically Grant DownloadPermission for each URL via a 
+		// CodeSource grant.
+		PermissionGrantBuilder pgb 
+			= ((RevokeableDynamicPolicy) policy).getGrantBuilder();
+		pgb.permissions(dlPerm);
+		int l = urls.length;
+		List<PermissionGrant> grants = new ArrayList<PermissionGrant>(2 * l);
+		for (int i = 0; i < l; i++){
+		    CodeSource cs = new CodeSource(urls[i], (Certificate[]) null);
+		    PermissionGrant pg = pgb.codeSource(cs).build();
+		    grants.add(pg);
+		}
+		// Dynamically Grant ClassLoadingPermission to all CodeSources
+		// with the correct certificates.
+		if (certs != null || allowUnsigned == true){
+		    Permission[] clPerm = {ClassLoadingPermission.getCLP()};
+		    pgb.permissions(clPerm);
+		    for (int i = 0; i < l; i++){
+			CodeSource cs = new CodeSource(urls[i], certs);
+			PermissionGrant pg = pgb.codeSource(cs).build();
+			grants.add(pg);
+		    }
+		}
+		((RevokeableDynamicPolicy) policy).grant(grants);
+	    }
+	    dynamicGrants.add(codebase);
+	} catch (SecurityException e) {
+	    throw new IOException(e);
+	} catch (MalformedURLException e){
+	    throw new IOException(e);
+	}
+    }
+}

Propchange: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalInputStream.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalOutputStream.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalOutputStream.java?rev=1023456&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalOutputStream.java
(added)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalOutputStream.java
Sun Oct 17 11:04:11 2010
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.io;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.lang.reflect.Proxy;
+import java.util.Collection;
+import net.jini.io.MarshalOutputStream;
+
+/**
+ * This code was inspired by Michal Kleczek's suggestions for solving the 
+ * DOS hole during unmarshalling of untrusted code.
+ * 
+ * The authentication proxy is used by the AuthMarshalInputStream to
+ * authenticate and grant DownloadPermission and ClassLoadPermission to
+ * a smart proxy CodeSource.
+ * 
+ * The authentication proxy must implement AuthCodebaseCertificates, ProxyTrust
+ * and RemoteMethodControl.
+ * 
+ * @author Peter Firmstone
+ */
+public class AuthMarshalOutputStream extends MarshalOutputStream {
+    private final Proxy proxy;
+    
+    public AuthMarshalOutputStream(OutputStream out, 
+				    Collection context,
+				    Proxy authenticationProxy)
+	throws IOException
+    {
+	super(out, context);
+	if (authenticationProxy == null) {
+	    throw new NullPointerException("Null Authentication Proxy");
+	}
+	proxy = authenticationProxy;
+    }
+    
+    @Override
+    protected void writeAnnotation(String annotation) throws IOException {
+	writeObject(annotation);
+	writeObject(proxy);
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/io/AuthMarshalOutputStream.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/ClassLoadingPermission.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/ClassLoadingPermission.java?rev=1023456&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/ClassLoadingPermission.java
(added)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/ClassLoadingPermission.java
Sun Oct 17 11:04:11 2010
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.security;
+
+import java.security.Permission;
+
+/**
+ *
+ * @author Peter Firmstone
+ */
+public final class ClassLoadingPermission extends Permission {
+    private static final long serialVersionUID = 1L;
+    private static final ClassLoadingPermission perm 
+	    = new ClassLoadingPermission();
+    
+    public static ClassLoadingPermission getCLP(){
+	return perm;
+    }
+	    
+    private final int hashCode;
+    
+    private ClassLoadingPermission(){
+	super("ClassLoadingPermission");
+	hashCode = super.getName().hashCode();
+    }
+
+    @Override
+    public boolean implies(Permission permission) {
+	if (permission == null) return false;
+	if (permission.getClass() == this.getClass()) return true;
+	return false;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+	if (obj == this) return true;
+	if (obj == null) return false;
+	if (obj instanceof ClassLoadingPermission) return true;
+	return false;
+    }
+
+    @Override
+    public int hashCode() {
+	return hashCode;
+    }
+
+    @Override
+    public String getActions() {
+	return ""; // no actions.
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/ClassLoadingPermission.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/DelegatePermission.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/DelegatePermission.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/DelegatePermission.java
(original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/DelegatePermission.java
Sun Oct 17 11:04:11 2010
@@ -29,7 +29,7 @@ import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.ConcurrentMap;
-import org.apache.river.imp.util.ConcurrentWeakMap;
+import org.apache.river.impl.util.ConcurrentWeakMap;
 
 /**
  * A DelegatePermission represents any another Permission, called the candidate.

Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java
(original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/InternetSecurityManager.java
Sun Oct 17 11:04:11 2010
@@ -37,8 +37,8 @@ import java.util.concurrent.locks.ReadWr
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import org.apache.river.imp.util.ConcurrentCollections;
-import org.apache.river.imp.util.ConcurrentSoftMap;
+import org.apache.river.impl.util.ConcurrentCollections;
+import org.apache.river.impl.util.ConcurrentSoftMap;
 
 /**
  * The InternetSecurityManager provides cached permission check results and

Modified: incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java
(original)
+++ incubator/river/jtsk/skunk/pepe/src/org/apache/river/api/security/RevokeableDynamicPolicy.java
Sun Oct 17 11:04:11 2010
@@ -100,4 +100,6 @@ public interface RevokeableDynamicPolicy
      * @return true if Revoke supported.
      */
     public boolean revokeSupported();
+    
+    public PermissionGrantBuilder getGrantBuilder();
 }

Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/api/security/PermissionGrantTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/api/security/PermissionGrantTest.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/api/security/PermissionGrantTest.java
(original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/api/security/PermissionGrantTest.java
Sun Oct 17 11:04:11 2010
@@ -31,7 +31,7 @@ import java.security.Principal;
 
 import org.apache.river.api.security.PermissionGrant;
 import org.apache.river.api.security.PermissionGrantBuilder;
-import org.apache.river.imp.security.policy.util.PermissionGrantBuilderImp;
+import org.apache.river.impl.security.policy.util.PermissionGrantBuilderImp;
 
 
 /**

Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPermissionsTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPermissionsTest.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPermissionsTest.java
(original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPermissionsTest.java
Sun Oct 17 11:04:11 2010
@@ -18,7 +18,7 @@ import java.util.PropertyPermission;
 import java.util.logging.LoggingPermission;
 import net.jini.security.AccessPermission;
 import net.jini.security.AuthenticationPermission;
-import org.apache.river.imp.security.policy.se.ConcurrentPermissions;
+import org.apache.river.impl.security.policy.se.ConcurrentPermissions;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;

Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFileTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFileTest.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFileTest.java
(original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/ConcurrentPolicyFileTest.java
Sun Oct 17 11:04:11 2010
@@ -35,13 +35,13 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Properties;
-import org.apache.river.imp.security.policy.util.UnresolvedPrincipal;
-import org.apache.river.imp.security.policy.util.DefaultPolicyParser;
+import org.apache.river.impl.security.policy.util.UnresolvedPrincipal;
+import org.apache.river.impl.security.policy.util.DefaultPolicyParser;
 import junit.framework.TestCase;
 import org.apache.river.api.security.PermissionGrant;
 import org.apache.river.api.security.PermissionGrantBuilder;
-import org.apache.river.imp.security.policy.se.ConcurrentPolicyFile;
-import org.apache.river.imp.security.policy.util.PermissionGrantBuilderImp;
+import org.apache.river.impl.security.policy.se.ConcurrentPolicyFile;
+import org.apache.river.impl.security.policy.util.PermissionGrantBuilderImp;
 
 
 /**

Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/MultiReadPermissionCollectionTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/MultiReadPermissionCollectionTest.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/MultiReadPermissionCollectionTest.java
(original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/MultiReadPermissionCollectionTest.java
Sun Oct 17 11:04:11 2010
@@ -12,7 +12,7 @@ import java.util.ArrayList;
 import java.util.Enumeration;
 import net.jini.security.AccessPermission;
 import net.jini.security.AuthenticationPermission;
-import org.apache.river.imp.security.policy.se.MultiReadPermissionCollection;
+import org.apache.river.impl.security.policy.se.MultiReadPermissionCollection;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;

Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/Permissions_ImplTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/Permissions_ImplTest.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/Permissions_ImplTest.java
(original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/se/Permissions_ImplTest.java
Sun Oct 17 11:04:11 2010
@@ -29,7 +29,7 @@ import java.security.SecurityPermission;
 import java.security.UnresolvedPermission;
 
 import junit.framework.TestCase;
-import org.apache.river.imp.security.policy.se.ConcurrentPermissions;
+import org.apache.river.impl.security.policy.se.ConcurrentPermissions;
 
 /**
  * Tests for <code>Permissions</code>

Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java
(original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/DefaultPolicyParserTest.java
Sun Oct 17 11:04:11 2010
@@ -22,7 +22,7 @@
 
 package org.apache.river.imp.security.policy.util;
 
-import org.apache.river.imp.security.policy.util.DefaultPolicyParser;
+import org.apache.river.impl.security.policy.util.DefaultPolicyParser;
 import java.io.File;
 import java.io.FileWriter;
 import java.net.URL;

Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java
(original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyEntryTest.java
Sun Oct 17 11:04:11 2010
@@ -22,7 +22,8 @@
 
 package org.apache.river.imp.security.policy.util;
 
-import org.apache.river.imp.security.policy.util.UnresolvedPrincipal;
+import org.apache.river.impl.security.policy.util.PermissionGrantBuilderImp;
+import org.apache.river.impl.security.policy.util.UnresolvedPrincipal;
 import java.net.URL;
 import java.security.cert.Certificate;
 import java.security.AllPermission;

Modified: incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyUtilsTest.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyUtilsTest.java?rev=1023456&r1=1023455&r2=1023456&view=diff
==============================================================================
--- incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyUtilsTest.java
(original)
+++ incubator/river/jtsk/skunk/pepe/test/src/org/apache/river/imp/security/policy/util/PolicyUtilsTest.java
Sun Oct 17 11:04:11 2010
@@ -22,7 +22,7 @@
 
 package org.apache.river.imp.security.policy.util;
 
-import org.apache.river.imp.security.policy.util.PolicyUtils;
+import org.apache.river.impl.security.policy.util.PolicyUtils;
 import java.io.File;
 import java.net.URL;
 import java.security.AllPermission;



Mime
View raw message