river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter_firmst...@apache.org
Subject svn commit: r1031510 [3/3] - in /incubator/river/jtsk/skunk/river-modules: ./ etc/ jsk-module-platform/ jsk-module-platform/src/ jsk-module-platform/src/main/ jsk-module-platform/src/main/java/ jsk-module-platform/src/main/java/net/ jsk-module-platform...
Date Fri, 05 Nov 2010 11:05:42 GMT
Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/loader/SuppressModuleTrustDelegationPermission.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/loader/SuppressModuleTrustDelegationPermission.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/loader/SuppressModuleTrustDelegationPermission.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/loader/SuppressModuleTrustDelegationPermission.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.loader;
+
+import java.security.BasicPermission;
+
+/**
+ * @author mkleczek
+ */
+public class SuppressModuleTrustDelegationPermission extends BasicPermission {
+
+    public SuppressModuleTrustDelegationPermission() {
+        super("permit");
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/loader/SuppressModuleTrustDelegationPermission.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationProvider.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationProvider.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationProvider.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationProvider.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.resolve;
+
+/**
+ * @author mkleczek
+ */
+public interface AnnotationProvider<T> {
+
+    T getExtendedAnnotation(Class cl);
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationReader.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationReader.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationReader.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationReader.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.resolve;
+
+import java.io.IOException;
+
+/**
+ * @author mkleczek
+ */
+public interface AnnotationReader<T> {
+
+    T readAnnotation() throws IOException, ClassNotFoundException;
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationReader.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationResolver.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationResolver.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationResolver.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationResolver.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.resolve;
+
+import java.io.IOException;
+
+/**
+ * @author mkleczek
+ */
+public interface AnnotationResolver<T> {
+
+    Class readAndResolve(T annotation, String name) throws IOException, ClassNotFoundException;
+    Class readAndResolveProxy(T annotation, String[] interfaceNames) throws IOException, ClassNotFoundException;
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationResolver.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationWriter.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationWriter.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationWriter.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationWriter.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.resolve;
+
+import java.io.IOException;
+
+/**
+ * @author mkleczek
+ */
+public interface AnnotationWriter<T> {
+
+    void writeAnnotation(T annotation) throws IOException;
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/resolve/AnnotationWriter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/CachedResource.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/CachedResource.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/CachedResource.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/CachedResource.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,125 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.url.rmi;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InterruptedIOException;
+import java.io.OutputStream;
+import java.io.Serializable;
+import java.util.concurrent.Executor;
+
+/**
+ * @author mkleczek
+ */
+public class CachedResource implements Resource, Serializable {
+
+    private final Resource source;
+    private final File cacheFile;
+    private final Executor downloadExecutor;
+
+    private final Object dataMonitor = new Object();
+    private volatile boolean finished = false;
+    private volatile Throwable readEx = null;
+
+    public CachedResource(Resource source, File cacheFile, Executor downloadExecutor) {
+        this.source = source;
+        this.cacheFile = cacheFile;
+        this.downloadExecutor = downloadExecutor;
+    }
+
+    @Override
+    public InputStream open() throws IOException {
+        if (!cacheFile.exists()) {
+            final InputStream downloadIs = source.open();
+            final OutputStream cacheOs = new FileOutputStream(cacheFile);
+            downloadExecutor.execute(new Runnable() {
+                @Override
+                public void run() {
+                    download(downloadIs, cacheOs);
+                }
+            });
+        }
+
+        final InputStream cachedInput = new FileInputStream(cacheFile);
+        return new InputStream() {
+
+            @Override
+            public int read() throws IOException {
+                int b = cachedInput.read();
+                while (b < 0 && !finished) {
+                    synchronized (dataMonitor) {
+                        try {
+                            dataMonitor.wait();
+                        } catch (InterruptedException ex) {
+                            throw new InterruptedIOException();
+                        }
+                    }
+                    if (readEx != null) {
+                        if (readEx instanceof RuntimeException) {
+                            throw (RuntimeException) readEx;
+                        }
+                        else if (readEx instanceof Error) {
+                            throw (Error) readEx;
+                        }
+                        else if (readEx instanceof IOException) {
+                            throw (IOException) readEx;
+                        }
+                        else {
+                            throw new AssertionError();
+                        }
+                    }
+                    b = cachedInput.read();
+                }
+                return b;
+            }
+
+            @Override
+            public void close() throws IOException {
+                cachedInput.close();
+                super.close();
+            }
+
+        };
+    }
+
+    private void download(InputStream in, OutputStream out) {
+        final byte[] buf = new byte[8192];
+        int read;
+        try {
+            while ((read = in.read(buf)) >= 0) {
+                out.write(buf, 0, read);
+                synchronized (dataMonitor) {
+                    dataMonitor.notifyAll();
+                }
+            }
+        }
+        catch (Throwable t) {
+            readEx = t;
+        }
+        finished = true;
+        synchronized (dataMonitor) {
+            dataMonitor.notifyAll();
+        }
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/CachedResource.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Handler.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Handler.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Handler.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Handler.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.url.rmi;
+
+import java.io.IOException;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLStreamHandler;
+
+/**
+ * @author mkleczek
+ */
+public class Handler extends URLStreamHandler {
+
+    @Override
+    protected URLConnection openConnection(URL url) throws IOException {
+        final URLConnection connection = null;//new RmiResourceConnection(url);
+        connection.connect();
+        return connection;
+    }
+
+    @Override
+    protected boolean sameFile(URL u1, URL u2) {
+        return super.sameFile(u1, u2);
+    }
+
+
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Handler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdCheckResource.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdCheckResource.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdCheckResource.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdCheckResource.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.url.rmi;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+
+/**
+ * @author mkleczek
+ */
+public class MdCheckResource implements Resource, Serializable {
+
+    private Resource target;
+
+    private final String digestAlg;
+    private final byte[] digest;
+
+    public MdCheckResource(Resource target, String digestAlg, byte[] digest) {
+        this.target = target;
+        this.digestAlg = digestAlg;
+        this.digest = digest;
+    }
+
+    @Override
+    public InputStream open() throws IOException {
+        try {
+            return new MdInputStream(target.open(), MessageDigest.getInstance(digestAlg), digest);
+        } catch (NoSuchAlgorithmException ex) {
+            throw new IOException();
+        }
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdCheckResource.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdInputStream.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdInputStream.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdInputStream.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdInputStream.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.url.rmi;
+
+import com.sun.jini.logging.Levels;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.MessageDigest;
+import java.util.logging.Logger;
+import net.jini.url.httpmd.WrongMessageDigestException;
+
+/**
+ * An input stream that checks the contents of another input stream against a
+ * message digest. The stream throws WrongMessageDigestException if the end of
+ * the other input stream is reached and the contents did not have the expected
+ * message digest. The message digest is not checked unless the end of the
+ * input stream is reached.
+ *
+ * @author Sun Microsystems, Inc.
+ *
+ */
+class MdInputStream extends InputStream {
+
+    /** Logger. */
+    private static final Logger logger =
+	Logger.getLogger("net.jini.url.httpmd");
+
+    /** The size buffer to use when skipping input. */
+    private static final int SKIP_BUFFER_SIZE = 512;
+
+    /** The input stream whose contents should be checked. */
+    private final InputStream in;
+
+    /**
+     * The object to use to compute the message digest of the stream contents.
+     */
+    private final MessageDigest messageDigest;
+
+    /** The expected digest. */
+    private final byte[] expectedDigest;
+
+    /** Set to the buffer to use when skipping input. */
+    private byte[] skipBuffer;
+
+    /**
+     * Set to true when the contents have been checked against the message
+     * digest.
+     */
+    private boolean checked;
+
+    /**
+     * The exception message if the message digest was incorrect, or null if no
+     * exception should be thrown.
+     */
+    private String failed;
+
+    /**
+     * Creates an input stream that checks the contents of another input stream
+     * against a message digest. The stream throws WrongMessageDigestException
+     * if the end of the other input stream is reached and the contents did not
+     * have the expected message digest.
+     *
+     * @param url the HTTPMD URL associated with the input stream being checked
+     * @param in the input stream whose contents should be checked
+     * @param messageDigest the object to use for computing the message digest
+     *	      of the stream contents
+     * @param expectedDigest the expected message digest of the stream contents
+     * @throws NullPointerException if any of the arguments is null
+     */
+    MdInputStream(InputStream in,
+		  MessageDigest messageDigest,
+		  byte[] expectedDigest)
+    {
+	this.in = in;
+	this.messageDigest = messageDigest;
+	this.expectedDigest = (byte[]) expectedDigest.clone();
+    }
+
+    public synchronized int read() throws IOException {
+	checkFailed();
+	int result = in.read();
+	if (result < 0) {
+	    checkDigest();
+	} else {
+	    messageDigest.update((byte) result);
+	}
+	return result;
+    }
+
+    /**
+     * Throws an exception if the message digest was found to be
+     * incorrect. Call this method before performing any I/O operations to
+     * insure that the same exception continues to be thrown after an incorrect
+     * message digest is discovered.
+     */
+    private void checkFailed() throws WrongMessageDigestException {
+	if (failed != null) {
+	    WrongMessageDigestException exception =
+		new WrongMessageDigestException(failed);
+	    logger.log(Levels.FAILED, "Incorrect message digest", exception);
+	    throw exception;
+	}
+    }
+
+    /**
+     * Checks the message digest. Call this method when the end of the other
+     * input stream is reached.
+     */
+    private void checkDigest() throws WrongMessageDigestException {
+	if (!checked) {
+	    byte[] result = messageDigest.digest();
+	    checked = true;
+	    if (!MessageDigest.isEqual(result, expectedDigest)) {
+		failed = "Incorrect message digest";
+		checkFailed();
+	    }
+	}
+    }
+
+    public synchronized int read(byte b[], int off, int len)
+	throws IOException
+    {
+	checkFailed();
+	int n = in.read(b, off, len);
+	if (n < 0) {
+	    checkDigest();
+	} else {
+	    messageDigest.update(b, off, n);
+	}
+	return n;
+    }
+
+    public synchronized long skip(long n) throws IOException {
+	if (skipBuffer == null) {
+	    skipBuffer = new byte[SKIP_BUFFER_SIZE];
+	}
+	long remaining = n;
+	while (remaining > 0) {
+	    int nr = read(
+		skipBuffer, 0, (int) Math.min(SKIP_BUFFER_SIZE, remaining));
+	    if (nr < 0) {
+		break;
+	    }
+	    remaining -= nr;
+	}
+	return n - remaining;
+    }
+
+    public synchronized int available() throws IOException {
+	checkFailed();
+	return in.available();
+    }
+
+    public synchronized void close() throws IOException {
+	checkFailed();
+	in.close();
+    }
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/MdInputStream.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Resource.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Resource.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Resource.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Resource.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.url.rmi;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * @author mkleczek
+ */
+public interface Resource {
+
+    InputStream open() throws IOException;
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/Resource.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/ResourceServer.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/ResourceServer.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/ResourceServer.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/ResourceServer.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.url.rmi;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * @author mkleczek
+ */
+public interface ResourceServer {
+
+    InputStream open(String resourceId) throws IOException;
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/ResourceServer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/RmiResource.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/RmiResource.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/RmiResource.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/RmiResource.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.url.rmi;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+
+/**
+ */
+public final class RmiResource implements Resource, Serializable {
+
+    private final ResourceServer server;
+    private final String id;
+
+    public RmiResource(ResourceServer server, String id) {
+        this.server = server;
+        this.id = id;
+    }
+
+    public InputStream open() throws IOException {
+        return server.open(id);
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/RmiResource.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/UrlResource.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/UrlResource.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/UrlResource.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/UrlResource.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.url.rmi;
+
+import org.apache.river.modules.util.lang.Ensure;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.net.URL;
+
+/**
+ * @author mkleczek
+ */
+public class UrlResource implements Resource, Serializable {
+
+    private final URL url;
+
+    public UrlResource(final URL url) {
+        this.url = Ensure.notNull(url, "url is null");
+    }
+
+    @Override
+    public InputStream open() throws IOException {
+        return url.openStream();
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == null) {
+            return false;
+        }
+        if (getClass() != obj.getClass()) {
+            return false;
+        }
+        final UrlResource other = (UrlResource) obj;
+        if (this.url != other.url && !this.url.equals(other.url)) {
+            return false;
+        }
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int hash = 7;
+        hash = 29 * hash + this.url.hashCode();
+        return hash;
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/url/rmi/UrlResource.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/lang/Ensure.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/lang/Ensure.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/lang/Ensure.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/lang/Ensure.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.lang;
+
+/**
+ * @author mkleczek
+ */
+public class Ensure {
+
+    public static <T> T notNull(final T arg, final String message) {
+        if (arg == null) {
+            throw new IllegalArgumentException(message);
+        }
+        return arg;
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/lang/Ensure.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/local/Actions.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/local/Actions.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/local/Actions.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/local/Actions.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.local;
+
+import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Member;
+import java.security.PrivilegedAction;
+
+/**
+ *
+ * @author mkleczek
+ */
+public class Actions {
+
+    public static final PrivilegedAction<ClassLoader> GET_TCCL = new PrivilegedAction<ClassLoader>() {
+
+        @Override
+        public ClassLoader run() {
+            return Thread.currentThread().getContextClassLoader();
+        }
+    };
+
+    public static PrivilegedAction<ClassLoader> getClassLoader(final Class cls) {
+        return new PrivilegedAction<ClassLoader>() {
+
+            @Override
+            public ClassLoader run() {
+                return cls.getClassLoader();
+            }
+        };
+    }
+
+    public static PrivilegedAction<Void> setAccessible(final AccessibleObject member, final boolean accessible) {
+        return new PrivilegedAction<Void>() {
+
+            @Override
+            public Void run() {
+                member.setAccessible(accessible);
+                return null;
+            }
+        };
+    }
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/local/Actions.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrust.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrust.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrust.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrust.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.io.Serializable;
+import net.jini.core.constraint.MethodConstraints;
+import net.jini.core.constraint.RemoteMethodControl;
+import net.jini.security.proxytrust.ProxyTrust;
+
+/**
+ * @author mkleczek
+ */
+public abstract class AbstractDelegateProxyTrust implements ProxyTrust, RemoteMethodControl, Serializable, Cloneable {
+
+    private ProxyTrust delegate;
+
+    protected AbstractDelegateProxyTrust(final ProxyTrust delegate) {
+        if (!(delegate instanceof RemoteMethodControl)) {
+            throw new IllegalArgumentException();
+        }
+        this.delegate = delegate;
+    }
+
+    protected final ProxyTrust getDelegate() {
+        return delegate;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == null) {
+            return false;
+        }
+        if (getClass() != obj.getClass()) {
+            return false;
+        }
+        final AbstractDelegateProxyTrust other = (AbstractDelegateProxyTrust) obj;
+        if (this.delegate != other.delegate && (this.delegate == null || !this.delegate.equals(other.delegate))) {
+            return false;
+        }
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int hash = 7;
+        hash = 53 * hash + (this.delegate != null ? this.delegate.hashCode() : 0);
+        return hash;
+    }
+
+    @Override
+    protected final AbstractDelegateProxyTrust clone() {
+        try {
+            return (AbstractDelegateProxyTrust) super.clone();
+        }
+        catch (CloneNotSupportedException e) {
+            throw new AssertionError();
+        }
+    }
+
+    @Override
+    public final RemoteMethodControl setConstraints(MethodConstraints mc) {
+            final ProxyTrust constrained = (ProxyTrust)((RemoteMethodControl)delegate).setConstraints(mc);
+            final AbstractDelegateProxyTrust clone = clone();
+            clone.delegate = constrained;
+            return clone;
+    }
+
+    @Override
+    public final MethodConstraints getConstraints() {
+        return ((RemoteMethodControl)delegate).getConstraints();
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrust.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrustVerifier.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrustVerifier.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrustVerifier.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrustVerifier.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.rmi.RemoteException;
+import net.jini.security.TrustVerifier;
+
+/**
+ * @author mkleczek
+ */
+public class AbstractDelegateProxyTrustVerifier implements TrustVerifier {
+
+    private final Class<? extends AbstractDelegateProxyTrust> expectedType;
+
+    public AbstractDelegateProxyTrustVerifier(final Class<? extends AbstractDelegateProxyTrust> expectedType) {
+        this.expectedType = expectedType;
+    }
+
+    @Override
+    public final boolean isTrustedObject(Object o, Context cntxt) throws RemoteException {
+        return o.getClass() == expectedType && cntxt.isTrustedObject(((AbstractDelegateProxyTrust)o).getDelegate());
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDelegateProxyTrustVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDynamicProxyVerifier.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDynamicProxyVerifier.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDynamicProxyVerifier.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDynamicProxyVerifier.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.io.Serializable;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Proxy;
+import java.rmi.RemoteException;
+import net.jini.security.TrustVerifier;
+
+/**
+ * @author mkleczek
+ */
+public abstract class AbstractDynamicProxyVerifier<T extends InvocationHandler> implements TrustVerifier, Serializable {
+
+    private final Class<?> expectedProxyType;
+    private final Class<T> expectedHandlerType;
+
+    protected AbstractDynamicProxyVerifier(Class<T> expectedHandlerType) {
+        this(Object.class, expectedHandlerType);
+    }
+
+    protected AbstractDynamicProxyVerifier(Class<?> expectedProxyType, Class<T> expectedHandlerType) {
+        this.expectedProxyType = expectedProxyType;
+        this.expectedHandlerType = expectedHandlerType;
+    }
+
+    @Override
+    public final boolean isTrustedObject(Object o, Context cntxt) throws RemoteException {
+        return expectedProxyType.isInstance(o) &&
+                Proxy.isProxyClass(o.getClass()) &&
+                isTrusted(Proxy.getInvocationHandler(o), cntxt);
+    }
+
+    private boolean isTrusted(InvocationHandler ih, Context ctx) throws RemoteException {
+        return ih.getClass() == expectedHandlerType && isTrustedInvocationHandler(expectedHandlerType.cast(ih), ctx);
+    }
+
+    protected abstract boolean isTrustedInvocationHandler(T invocationHandler, Context ctx) throws RemoteException;
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/AbstractDynamicProxyVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ArrayProxyTrustIterator.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ArrayProxyTrustIterator.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ArrayProxyTrustIterator.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ArrayProxyTrustIterator.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.rmi.RemoteException;
+import java.util.NoSuchElementException;
+import net.jini.security.proxytrust.ProxyTrustIterator;
+
+/**
+ * @author mkleczek
+ */
+public class ArrayProxyTrustIterator implements ProxyTrustIterator {
+
+    private final Object[] proxyTrusts;
+
+    public ArrayProxyTrustIterator(Object... proxyTrusts) {
+        this.proxyTrusts = proxyTrusts;
+    }
+    private boolean settable = false;
+    private RemoteException ex;
+    private int index = 0;
+
+    @Override
+    public boolean hasNext() {
+        settable = false;
+        return index < proxyTrusts.length;
+    }
+
+    @Override
+    public Object next() {
+        if (!hasNext()) {
+            throw new NoSuchElementException();
+        }
+        settable = true;
+        return proxyTrusts[index++];
+    }
+
+    @Override
+    public void setException(RemoteException re) {
+        if (!settable) {
+            throw new IllegalStateException();
+        }
+        ex = re;
+    }
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ArrayProxyTrustIterator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrust.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrust.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrust.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrust.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.rmi.RemoteException;
+import net.jini.security.TrustVerifier;
+import net.jini.security.proxytrust.ProxyTrust;
+
+/**
+ * @author mkleczek
+ */
+public final class CachingProxyTrust extends AbstractDelegateProxyTrust {
+
+    private transient TrustVerifier verifier;
+
+    public CachingProxyTrust(final ProxyTrust delegate) {
+        super(delegate);
+    }
+
+    @Override
+    public TrustVerifier getProxyVerifier() throws RemoteException {
+        if (verifier == null) {
+            verifier = getDelegate().getProxyVerifier();
+        }
+        return verifier;
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrust.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustCollection.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustCollection.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustCollection.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustCollection.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.Serializable;
+import java.util.concurrent.atomic.AtomicReference;
+import net.jini.security.proxytrust.ProxyTrust;
+import net.jini.security.proxytrust.ProxyTrustIterator;
+
+/**
+ * @author mkleczek
+ */
+public class CachingProxyTrustCollection implements Serializable {
+
+    private final ProxyTrust fallback;
+    private transient AtomicReference<ProxyTrust> cachingRef;
+
+    public CachingProxyTrustCollection(final ProxyTrust fallback) {
+        this.fallback = fallback;
+        this.cachingRef = new AtomicReference<ProxyTrust>();
+    }
+
+    public final ProxyTrustIterator getProxyTrustIterator() {
+        cachingRef.compareAndSet(null, new CachingProxyTrust(fallback));
+        return new ArrayProxyTrustIterator(cachingRef.get(), fallback);
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        return obj != null &&
+               obj instanceof CachingProxyTrustCollection &&
+               fallback.equals(((CachingProxyTrustCollection)obj).fallback);
+    }
+
+    @Override
+    public int hashCode() {
+        return fallback.hashCode();
+    }
+
+    private void readObject(final ObjectInputStream in) throws IOException, ClassNotFoundException {
+        in.defaultReadObject();
+        cachingRef = new AtomicReference<ProxyTrust>();
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustCollection.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustVerifier.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustVerifier.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustVerifier.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustVerifier.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+/**
+ * @author mkleczek
+ */
+public final class CachingProxyTrustVerifier extends AbstractDelegateProxyTrustVerifier {
+
+    public CachingProxyTrustVerifier() {
+        super(CachingProxyTrust.class);
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/CachingProxyTrustVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ContextWrapperVerifier.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ContextWrapperVerifier.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ContextWrapperVerifier.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ContextWrapperVerifier.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.io.Serializable;
+import java.rmi.RemoteException;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import net.jini.security.TrustVerifier;
+
+/**
+ * @author mkleczek
+ */
+public class ContextWrapperVerifier implements TrustVerifier, Serializable {
+
+    private static final ThreadLocal<Set<Object>> visited = new ThreadLocal<Set<Object>>() {
+
+        @Override
+        protected Set<Object> initialValue() {
+            return new HashSet<Object>();
+        }
+
+    };
+    
+    private final TrustVerifier wrapped;
+
+    public ContextWrapperVerifier(final TrustVerifier wrapped) {
+        this.wrapped = wrapped;
+    }
+
+    @Override
+    public boolean isTrustedObject(final Object original, final Context ctx) throws RemoteException {
+        visited.get().add(original);
+        return wrapped.isTrustedObject(original, new Context() {
+
+            @Override
+            public boolean isTrustedObject(Object o) throws RemoteException {
+                try {
+                  return visited.get().add(o) && (ctx.isTrustedObject(o) || wrapped.isTrustedObject(o, this));
+                }
+                finally {
+                    visited.get().remove(o);
+                }
+            }
+
+            @Override
+            public ClassLoader getClassLoader() {
+                return ctx.getClassLoader();
+            }
+
+            @Override
+            public Collection getCallerContext() {
+                return ctx.getCallerContext();
+            }
+        });
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ContextWrapperVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/LazyCompositeVerifier.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/LazyCompositeVerifier.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/LazyCompositeVerifier.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/LazyCompositeVerifier.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.rmi.RemoteException;
+import net.jini.io.MarshalledInstance;
+import net.jini.security.TrustVerifier;
+
+/**
+ * @author mkleczek
+ */
+public final class LazyCompositeVerifier implements TrustVerifier, Serializable {
+
+    private final Class<?> instanceType;
+    private final TrustVerifier instanceVerifier;
+
+    private final MarshalledInstance defaultVerifier;
+
+    public LazyCompositeVerifier(Class<?> instanceType, TrustVerifier instanceVerifier, TrustVerifier defaultVerifier) throws IOException {
+        this.instanceType = instanceType;
+        this.instanceVerifier = instanceVerifier;
+        this.defaultVerifier = new MarshalledInstance(defaultVerifier);
+    }
+
+    @Override
+    public boolean isTrustedObject(Object o, Context cntxt) throws RemoteException {
+        try {
+            return instanceType.isInstance(o) ? instanceVerifier.isTrustedObject(o, cntxt) : ((TrustVerifier)defaultVerifier.get(false)).isTrustedObject(o, cntxt);
+        } catch (IOException ex) {
+            throw new RemoteException("Failed to get defaultVerifier");
+        } catch (ClassNotFoundException ex) {
+            throw new RemoteException("Failed to get defaultVerifier");
+        }
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/LazyCompositeVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxy.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxy.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxy.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxy.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,247 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import org.apache.river.modules.util.lang.Ensure;
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import net.jini.core.constraint.MethodConstraints;
+import net.jini.core.constraint.RemoteMethodControl;
+import net.jini.security.proxytrust.TrustEquivalence;
+import org.apache.river.modules.util.security.local.Actions;
+
+/**
+ * @author mkleczek
+ */
+public class OverrideProxy {
+
+    private static void getInterfaces(final Class<?> cls, final Collection<? super Class<?>> ifaces) {
+
+        if (cls.isInterface()) {
+            ifaces.add(cls);
+        }
+        else {
+            final Class<?> superClass = cls.getSuperclass();
+            if (superClass != null) {
+                getInterfaces(superClass, ifaces);
+            }
+            ifaces.addAll(Arrays.asList(cls.getInterfaces()));
+        }
+    }
+
+    public static Object create(Object original, Object override) {
+        final Handler handler = new Handler(original, override);
+        return Proxy.newProxyInstance(
+                original.getClass().getClassLoader(),
+                handler.allInterfaces,
+                handler);
+    }
+
+    static class Handler implements InvocationHandler, Serializable {
+
+        transient Collection<Class<?>> overridenInterfaces;
+        private transient Class<?>[] allInterfaces;
+
+        final Object override;
+        final Object original;
+        
+        private final MethodConstraints mc;
+
+        Handler(Object original, Object override) {
+            this.original = Ensure.notNull(original, "original is null");
+            this.override = Ensure.notNull(override, "override is null");
+            this.overridenInterfaces = new LinkedHashSet<Class<?>>();
+            final LinkedHashSet<Class<?>> all = new LinkedHashSet<Class<?>>();
+            getInterfaces(original.getClass(), all);
+            getInterfaces(override.getClass(), overridenInterfaces);
+            all.addAll(overridenInterfaces);
+
+            this.allInterfaces = all.toArray(new Class<?>[all.size()]);
+
+            //TODO merge constraints from original and override?
+            this.mc = null;
+        }
+
+        private Handler(Handler other, MethodConstraints mc) {
+            this.allInterfaces = other.allInterfaces;
+            this.overridenInterfaces = other.overridenInterfaces;
+            this.mc = mc;
+            this.override = ((RemoteMethodControl)other.override).setConstraints(mc);
+            this.original = ((RemoteMethodControl)other.original).setConstraints(mc);
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (obj == null) {
+                return false;
+            }
+            if (getClass() != obj.getClass()) {
+                return false;
+            }
+            final Handler other = (Handler) obj;
+            if (this.overridenInterfaces != other.overridenInterfaces && (this.overridenInterfaces == null || !this.overridenInterfaces.equals(other.overridenInterfaces))) {
+                return false;
+            }
+            if (!Arrays.deepEquals(this.allInterfaces, other.allInterfaces)) {
+                return false;
+            }
+            if (this.override != other.override && (this.override == null || !this.override.equals(other.override))) {
+                return false;
+            }
+            if (this.original != other.original && (this.original == null || !this.original.equals(other.original))) {
+                return false;
+            }
+            if (this.mc != other.mc && (this.mc == null || !this.mc.equals(other.mc))) {
+                return false;
+            }
+            return true;
+        }
+
+        @Override
+        public int hashCode() {
+            int hash = 7;
+            hash = 41 * hash + (this.overridenInterfaces != null ? this.overridenInterfaces.hashCode() : 0);
+            hash = 41 * hash + Arrays.deepHashCode(this.allInterfaces);
+            hash = 41 * hash + (this.override != null ? this.override.hashCode() : 0);
+            hash = 41 * hash + (this.original != null ? this.original.hashCode() : 0);
+            hash = 41 * hash + (this.mc != null ? this.mc.hashCode() : 0);
+            return hash;
+        }
+
+        @Override
+        public Object invoke(final Object proxy, final Method method, Object[] args) throws Throwable {
+            if (Proxy.getInvocationHandler(proxy) != this) {
+                throw new IllegalArgumentException("Not this handler proxy");
+            }
+            final Class declClass = method.getDeclaringClass();
+            Object delegate;
+            if (declClass == RemoteMethodControl.class) {
+                delegate = new RemoteMethodControl() {
+
+                    @Override
+                    public RemoteMethodControl setConstraints(MethodConstraints mc) {
+                        return (RemoteMethodControl) Proxy.newProxyInstance(proxy.getClass().getClassLoader(),
+                                allInterfaces, new Handler(Handler.this, mc));
+                    }
+
+                    @Override
+                    public MethodConstraints getConstraints() {
+                        return Handler.this.mc;
+                    }
+                };
+            }
+            else if (declClass == Object.class) {
+                delegate = new Object() {
+
+                    @Override
+                    public boolean equals(Object obj) {
+                        return Proxy.isProxyClass(obj.getClass()) && Handler.this.equals(Proxy.getInvocationHandler(obj));
+                    }
+
+                    @Override
+                    public int hashCode() {
+                        return Handler.this.hashCode();
+                    }
+
+                };
+            }
+            else if (declClass == TrustEquivalence.class) {
+                delegate = new TrustEquivalence() {
+
+                    @Override
+                    public boolean checkTrustEquivalence(Object o) {
+                        return o != null && Proxy.isProxyClass(o.getClass()) &&
+                                checkInvocationHandlerEquivalence(Proxy.getInvocationHandler(o));
+                    }
+
+                    private boolean checkInvocationHandlerEquivalence(InvocationHandler invocationHandler) {
+                        return invocationHandler instanceof Handler &&
+                                checkHandlerEquivalence((Handler) invocationHandler);
+                    }
+
+                    private boolean checkHandlerEquivalence(Handler handler) {
+                        return
+                                Arrays.equals(Handler.this.allInterfaces, handler.allInterfaces) &&
+                                Handler.this.overridenInterfaces.equals(handler.overridenInterfaces) &&
+                                ((TrustEquivalence) Handler.this.original).checkTrustEquivalence(handler.original) &&
+                                ((TrustEquivalence) Handler.this.override).checkTrustEquivalence(handler.override);
+                    }
+                };
+            }
+            else if (overridenInterfaces.contains(declClass)) {
+                delegate = override;
+            }
+            else {
+                delegate = original;
+            }
+
+            AccessController.doPrivileged(Actions.setAccessible(method, true));
+            try {
+                return method.invoke(delegate, args);
+            }
+            finally {
+                AccessController.doPrivileged(Actions.setAccessible(method, false));
+            }
+        }
+
+        private void readObject(final ObjectInputStream in) throws IOException, ClassNotFoundException {
+            in.defaultReadObject();
+            if (original == null || override == null) {
+                throw new InvalidObjectException("original or override is null");
+            }
+            final int size = in.readInt();
+            allInterfaces = new Class<?>[size];
+            overridenInterfaces = new HashSet<Class<?>>();
+            for (int i = 0; i < size; i++) {
+                final Class<?> iface = (Class<?>) in.readObject();
+                if (iface == null) {
+                    throw new InvalidObjectException("iface " + i + " is null");
+                }
+                final boolean overriden = in.readBoolean();
+                allInterfaces[i] = iface;
+                if (overriden) {
+                    overridenInterfaces.add(iface);
+                }
+            }
+        }
+
+        private void writeObject(final ObjectOutputStream out) throws IOException {
+            out.defaultWriteObject();
+            out.writeInt(allInterfaces.length);
+            for (final Class<?> iface : allInterfaces) {
+                out.writeObject(iface);
+                out.writeBoolean(overridenInterfaces.contains(iface));
+            }
+        }
+        
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxyVerifier.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxyVerifier.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxyVerifier.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxyVerifier.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Proxy;
+import java.rmi.RemoteException;
+import net.jini.security.TrustVerifier;
+
+/**
+ * @author mkleczek
+ */
+public abstract class OverrideProxyVerifier implements TrustVerifier {
+
+    private final Class<?> overrideType;
+
+    public OverrideProxyVerifier(Class<?> overrideType) {
+        this.overrideType = overrideType;
+    }
+
+    @Override
+    public boolean isTrustedObject(Object o, Context cntxt) throws RemoteException {
+        return Proxy.isProxyClass(o.getClass()) &&
+                isTrustedInvocationHandler(o, Proxy.getInvocationHandler(o), cntxt);
+    }
+
+    private boolean isTrustedInvocationHandler(final Object o, final InvocationHandler ih, final Context ctx) throws RemoteException {
+        return ih instanceof OverrideProxy.Handler && isTrusted(o, (OverrideProxy.Handler)ih, ctx);
+    }
+
+    private boolean isTrusted(final Object o, final OverrideProxy.Handler h, final Context ctx) throws RemoteException {
+        return overrideType.isInstance(o) ? h.overridenInterfaces.contains(overrideType) && ctx.isTrustedObject(h.override) : ctx.isTrustedObject(h.original);
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/OverrideProxyVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ProxyTrustOverrideVerifier.java
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ProxyTrustOverrideVerifier.java?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ProxyTrustOverrideVerifier.java (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ProxyTrustOverrideVerifier.java Fri Nov  5 11:05:39 2010
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.modules.util.security.proxy;
+
+import net.jini.security.proxytrust.ProxyTrust;
+
+/**
+ * @author mkleczek
+ */
+public class ProxyTrustOverrideVerifier extends OverrideProxyVerifier {
+
+    public ProxyTrustOverrideVerifier() {
+        super(ProxyTrust.class);
+    }
+
+}

Propchange: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/java/org/apache/river/modules/util/security/proxy/ProxyTrustOverrideVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/resources/META-INF/services/java.rmi.server.RMIClassLoaderSpi
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/resources/META-INF/services/java.rmi.server.RMIClassLoaderSpi?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/resources/META-INF/services/java.rmi.server.RMIClassLoaderSpi (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/resources/META-INF/services/java.rmi.server.RMIClassLoaderSpi Fri Nov  5 11:05:39 2010
@@ -0,0 +1 @@
+org.apache.river.modules.loader.RMIClassLoaderSpiImpl

Added: incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/resources/META-INF/services/net.jini.security.TrustVerifier
URL: http://svn.apache.org/viewvc/incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/resources/META-INF/services/net.jini.security.TrustVerifier?rev=1031510&view=auto
==============================================================================
--- incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/resources/META-INF/services/net.jini.security.TrustVerifier (added)
+++ incubator/river/jtsk/skunk/river-modules/secure-marshall-stream/src/main/resources/META-INF/services/net.jini.security.TrustVerifier Fri Nov  5 11:05:39 2010
@@ -0,0 +1,12 @@
+net.jini.constraint.ConstraintTrustVerifier
+org.apache.river.modules.loader.ModuleBasicJeriTrustVerifier
+net.jini.jeri.ssl.SslTrustVerifier
+net.jini.jeri.kerberos.KerberosTrustVerifier
+net.jini.discovery.ConstrainableLookupLocatorTrustVerifier
+com.sun.jini.discovery.DiscoveryConstraintTrustVerifier
+org.apache.river.modules.util.security.proxy.CachingProxyTrustVerifier
+org.apache.river.modules.util.security.proxy.ProxyTrustOverrideVerifier
+org.apache.river.modules.loader.DefaultModuleVerifier
+org.apache.river.modules.loader.DelegatedModuleTrustVerifier
+org.apache.river.modules.jeri.io.ModuleInvocationHandlerTrustVerifier
+net.jini.security.proxytrust.ProxyTrustVerifier



Mime
View raw message