Return-Path: Delivered-To: apmail-incubator-river-commits-archive@minotaur.apache.org Received: (qmail 58184 invoked from network); 24 Dec 2010 20:23:46 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 24 Dec 2010 20:23:46 -0000 Received: (qmail 34996 invoked by uid 500); 24 Dec 2010 20:23:46 -0000 Delivered-To: apmail-incubator-river-commits-archive@incubator.apache.org Received: (qmail 34967 invoked by uid 500); 24 Dec 2010 20:23:46 -0000 Mailing-List: contact river-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: river-dev@incubator.apache.org Delivered-To: mailing list river-commits@incubator.apache.org Received: (qmail 34960 invoked by uid 99); 24 Dec 2010 20:23:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Dec 2010 20:23:46 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Dec 2010 20:23:43 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 8C2F22388A3B; Fri, 24 Dec 2010 20:23:23 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1052582 [3/4] - in /incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust: ./ class-use/ Date: Fri, 24 Dec 2010 20:23:23 -0000 To: river-commits@incubator.apache.org From: sijskes@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101224202323.8C2F22388A3B@eris.apache.org> Added: incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/SingletonProxyTrustIterator.html URL: http://svn.apache.org/viewvc/incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/SingletonProxyTrustIterator.html?rev=1052582&view=auto ============================================================================== --- incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/SingletonProxyTrustIterator.html (added) +++ incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/SingletonProxyTrustIterator.html Fri Dec 24 20:23:22 2010 @@ -0,0 +1,352 @@ + + + + + + +SingletonProxyTrustIterator (Apache River v2.1.2-SNAPSHOT API Documentation) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+ +

+ +net.jini.security.proxytrust +
+Class SingletonProxyTrustIterator

+
+java.lang.Object
+  extended by net.jini.security.proxytrust.SingletonProxyTrustIterator
+
+
+
All Implemented Interfaces:
ProxyTrustIterator
+
+
+
+
public class SingletonProxyTrustIterator
extends Object
implements ProxyTrustIterator
+ + +

+A simple ProxyTrustIterator that produces a single object + as the only element of the iteration. +

+ +

+

+
Since:
+
2.0
+
Author:
+
Sun Microsystems, Inc.
+
+
+ +

+ + + + + + + + + + + +
+Constructor Summary
SingletonProxyTrustIterator(Object obj) + +
+          Creates an instance with the specified object to use as the only + element of the iteration.
+  + + + + + + + + + + + + + + + + + + + +
+Method Summary
+ booleanhasNext() + +
+          Returns true if the iteration has more elements, and + false otherwise.
+ Objectnext() + +
+          Returns the next element in the iteration.
+ voidsetException(RemoteException e) + +
+          Provides the iteration with a RemoteException thrown from + a remote call made while attempting to obtain a + TrustVerifier from the object + returned by the most recent call to next.
+ + + + + + + +
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
+  +

+ + + + + + + + +
+Constructor Detail
+ +

+SingletonProxyTrustIterator

+
+public SingletonProxyTrustIterator(Object obj)
+
+
Creates an instance with the specified object to use as the only + element of the iteration. +

+

+
Parameters:
obj - the object to use as the element of the iteration +
Throws: +
NullPointerException - if the argument is null
+
+ + + + + + + + +
+Method Detail
+ +

+hasNext

+
+public boolean hasNext()
+
+
Description copied from interface: ProxyTrustIterator
+
Returns true if the iteration has more elements, and + false otherwise. +

+

+
Specified by:
hasNext in interface ProxyTrustIterator
+
+
+ +
Returns:
true if the iteration has more elements, and + false otherwise
+
+
+
+ +

+next

+
+public Object next()
+
+
Description copied from interface: ProxyTrustIterator
+
Returns the next element in the iteration. This method can throw + an exception (other than NoSuchElementException) without + terminating the iteration. +

+

+
Specified by:
next in interface ProxyTrustIterator
+
+
+ +
Returns:
the next element in the iteration +
Throws: +
NoSuchElementException
+
+
+
+ +

+setException

+
+public void setException(RemoteException e)
+
+
Description copied from interface: ProxyTrustIterator
+
Provides the iteration with a RemoteException thrown from + a remote call made while attempting to obtain a + TrustVerifier from the object + returned by the most recent call to next. Setting an + exception may influence which (if any) elements are subsequently + produced by the iteration. (A RemoteException thrown + directly by next should not be passed to this method.) +

+

+
Specified by:
setException in interface ProxyTrustIterator
+
+
+
Parameters:
e - RemoteException thrown from a remote call +
Throws: +
NullPointerException - if the argument is null +
IllegalStateException - if next has never been + called, or if this method has already been called since the most + recent call to next, or if hasNext has been + called since the most recent call to next, or if the most + recent call to next threw a RemoteException
+
+
+ +
+ + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+Copyright 2007, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions. + + Added: incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/TrustEquivalence.html URL: http://svn.apache.org/viewvc/incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/TrustEquivalence.html?rev=1052582&view=auto ============================================================================== --- incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/TrustEquivalence.html (added) +++ incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/TrustEquivalence.html Fri Dec 24 20:23:22 2010 @@ -0,0 +1,248 @@ + + + + + + +TrustEquivalence (Apache River v2.1.2-SNAPSHOT API Documentation) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+ +

+ +net.jini.security.proxytrust +
+Interface TrustEquivalence

+
+
All Known Implementing Classes:
ActivatableInvocationHandler, BasicInvocationHandler, BasicObjectEndpoint, HttpEndpoint, HttpsEndpoint, KerberosEndpoint, ProxyTrustInvocationHandler, SslEndpoint, TcpEndpoint
+
+
+
+
public interface TrustEquivalence
+ + +

+Defines an interface for checking that an object (that is not yet known to + be trusted) is equivalent in trust, content, and function to a known + trusted object. This interface can be useful in implementing a + TrustVerifier returned by + ProxyTrust.getProxyVerifier. +

+ An implementation of this interface must always compare components of the + two objects by invoking comparison methods (such as equals + or checkTrustEquivalence) on components of + the known trusted object, and those comparison methods must in turn + compare subcomponents in the same fashion, always invoking comparison + methods on components of this. +

+ For example, in the case of a smart proxy wrapped around an inner proxy, + where the inner proxy results from exporting a remote object, the inner + proxy could be required to be an instance of a class that implements this + interface. The verifier could contain a canonical instance of the inner + proxy, and use its checkTrustEquivalence method to check + that a candidate smart proxy contains the correct inner proxy. +

+ +

+

+
Since:
+
2.0
+
Author:
+
Sun Microsystems, Inc.
+
+
+ +

+ + + + + + + + + + + + +
+Method Summary
+ booleancheckTrustEquivalence(Object obj) + +
+          Returns true if the specified object (that is not yet + known to be trusted) is equivalent in trust, content, and function to + this known trusted object, and returns false otherwise.
+  +

+ + + + + + + + +
+Method Detail
+ +

+checkTrustEquivalence

+
+boolean checkTrustEquivalence(Object obj)
+
+
Returns true if the specified object (that is not yet + known to be trusted) is equivalent in trust, content, and function to + this known trusted object, and returns false otherwise. + This method is permitted to delete content of the specified object + if that content is cached state that might be stale (relative to the + known trusted object's cached state), cannot otherwise be checked, + and will be recreated on demand (from content that has been checked) + during subsequent operations on the object. +

+

+
Parameters:
obj - object to check that is not yet known to be trusted +
Returns:
true if the specified object (that is not yet + known to be trusted) is equivalent in trust, content, and function to + this known trusted object, and returns false otherwise
+
+
+ +
+ + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+Copyright 2007, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions. + + Added: incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/UntrustedObjectSecurityContext.html URL: http://svn.apache.org/viewvc/incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/UntrustedObjectSecurityContext.html?rev=1052582&view=auto ============================================================================== --- incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/UntrustedObjectSecurityContext.html (added) +++ incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/UntrustedObjectSecurityContext.html Fri Dec 24 20:23:22 2010 @@ -0,0 +1,225 @@ + + + + + + +UntrustedObjectSecurityContext (Apache River v2.1.2-SNAPSHOT API Documentation) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+ +

+ +net.jini.security.proxytrust +
+Interface UntrustedObjectSecurityContext

+
+
All Known Implementing Classes:
BasicUntrustedObjectSecurityContext
+
+
+
+
public interface UntrustedObjectSecurityContext
+ + +

+A trust verifier context element that provides a security context + to use to restrict privileges when invoking methods on untrusted objects. +

+ +

+

+
Since:
+
2.1
+
Author:
+
Sun Microsystems, Inc.
+
+
+ +

+ + + + + + + + + + + + +
+Method Summary
+ SecurityContextgetContext() + +
+          Returns a security context to use to restrict privileges when + invoking methods on untrusted objects.
+  +

+ + + + + + + + +
+Method Detail
+ +

+getContext

+
+SecurityContext getContext()
+
+
Returns a security context to use to restrict privileges when + invoking methods on untrusted objects. The returned context may be + based on the current security context in effect when this + method is invoked. +

+

+ +
Returns:
a security context to use to restrict privileges when + invoking methods on untrusted objects
+
+
+ +
+ + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+Copyright 2007, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions. + + Added: incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-frame.html URL: http://svn.apache.org/viewvc/incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-frame.html?rev=1052582&view=auto ============================================================================== --- incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-frame.html (added) +++ incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-frame.html Fri Dec 24 20:23:22 2010 @@ -0,0 +1,59 @@ + + + + + + +net.jini.security.proxytrust (Apache River v2.1.2-SNAPSHOT API Documentation) + + + + + + + + + + + +net.jini.security.proxytrust + + + + +
+Interfaces  + +
+ProxyTrust +
+ProxyTrustIterator +
+ServerProxyTrust +
+TrustEquivalence +
+UntrustedObjectSecurityContext
+ + + + + + +
+Classes  + +
+BasicUntrustedObjectSecurityContext +
+ProxyTrustExporter +
+ProxyTrustInvocationHandler +
+ProxyTrustVerifier +
+SingletonProxyTrustIterator
+ + + + Added: incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-summary.html URL: http://svn.apache.org/viewvc/incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-summary.html?rev=1052582&view=auto ============================================================================== --- incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-summary.html (added) +++ incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-summary.html Fri Dec 24 20:23:22 2010 @@ -0,0 +1,300 @@ + + + + + + +net.jini.security.proxytrust (Apache River v2.1.2-SNAPSHOT API Documentation) + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview   Package  Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV PACKAGE  + NEXT PACKAGE + FRAMES   + NO FRAMES   +  + + + +
+ + + +
+

+Package net.jini.security.proxytrust +

+Defines a trust verifier to support verification of proxies that use +dynamically downloaded code, implementation mechanisms to support the +verification of such proxies, and an exporter for remote objects that have +such proxies. +

+See: +
+          Description +

+ + + + + + + + + + + + + + + + + + + + + + + + + +
+Interface Summary
ProxyTrustDefines a remote interface for obtaining a proxy trust verifier.
ProxyTrustIteratorDefines an iterator that produces objects from which a + TrustVerifier might be obtained.
ServerProxyTrustDefines a local interface to obtain a proxy trust verifier.
TrustEquivalenceDefines an interface for checking that an object (that is not yet known to + be trusted) is equivalent in trust, content, and function to a known + trusted object.
UntrustedObjectSecurityContextA trust verifier context element that provides a security context + to use to restrict privileges when invoking methods on untrusted objects.
+  + +

+ + + + + + + + + + + + + + + + + + + + + + + + + +
+Class Summary
BasicUntrustedObjectSecurityContextA basic trust verifier context element that provides a security + context to use to restrict privileges when invoking methods on untrusted + objects, based on a specified set of permissions.
ProxyTrustExporterContains the information necessary to export a remote object that has a + proxy that will not directly be considered trusted by clients, such that + the proxy can be trusted by clients using ProxyTrustVerifier.
ProxyTrustInvocationHandlerInvocation handler for remote objects, supporting proxy trust verification + by clients using ProxyTrustVerifier.
ProxyTrustVerifierTrust verifier for service proxies that use dynamically downloaded code.
SingletonProxyTrustIteratorA simple ProxyTrustIterator that produces a single object + as the only element of the iteration.
+  + +

+

+Package net.jini.security.proxytrust Description +

+ +

+Defines a trust verifier to support verification of proxies that use +dynamically downloaded code, implementation mechanisms to support the +verification of such proxies, and an exporter for remote objects that have +such proxies. The trust verifier is intended to be specified in a resource to +configure the operation of +Security.verifyObjectTrust. +

+The purpose of this package is to support verification of proxies that use +dynamically downloaded code, in a way that limits the knowledge that must be +pre-configured into the client. Specifically, the idea is to require the +client to only know who the server must authenticate as (which is something +the client presumably needs to know anyway), to avoid requiring the client to +know anything else (such as where the code was downloaded from or who signed +that code), and to avoid making assumptions about the authentication +mechanism (such as requiring the server to have a public/private key pair +that it has to use for signing the proxy code). +

+Rather than having the client directly determine if it trusts the proxy, +the approach taken is to first determine that the client can trust the server +(by requiring the server to authenticate itself), and then determine that the +server trusts the proxy (by asking the server for a verifier and passing the +proxy to that verifier). If the client trusts the server and the server +trusts the proxy, then transitively the client is inferred to trust the +proxy. However, there are questions to answer for both of these steps. +

+First, there is the question of how the client can reliably verify that the +server authenticates itself, when the client does not yet trust the +downloaded proxy. The +ProxyTrustVerifier +requires the proxy to support some bootstrap remote communication mechanism +that the client does trust. Specifically, the proxy must be able to provide a +bootstrap proxy, which must be an instance of both +ProxyTrust and +RemoteMethodControl. This +bootstrap proxy either must be trusted by the client, or it must be a +dynamic proxy which is trusted by the client after removing remote codebase +information from the dynamic proxy class. In the common case of a smart +proxy wrapped around a standard dynamic proxy (for example, a dynamic proxy +for a remote object exported to use Jini extensible remote invocation +(Jini ERI)), the dynamic proxy usually can serve as the bootstrap proxy if +its invocation handler does not depend on any downloaded code, on the +assumption that the client will have configured in a trust verifier for local +dynamic proxies and their invocation handlers (for example, +BasicJeriTrustVerifier). However, there +is no requirement that normal communication with the server use the same +protocol used by the bootstrap proxy; the bootstrap proxy could be used +strictly for trust verification. The +ProxyTrustExporter +is provided for this purpose. +

+Second, there is the question of how to reliably obtain a verifier from the +server. (The proxy is not sent to the server because an untrusted proxy +could use a writeReplace serialization method to replace +itself on the wire with a trusted proxy; the proxy needs to be checked in +the client.) Authentication of the server should be required during the +remote call through the bootstrap proxy to obtain the verifier from the +server, as should object integrity, so that the remote call and the +verifier object received from it can be trusted. To accomplish this, +the client is responsible for specifying +ServerAuthentication.YES, an appropriate +ServerMinPrincipal instance, +and Integrity.YES +as requirements for the +ProxyTrust.getProxyVerifier method in a +MethodConstraints instance +included as an element of the context collection passed to +Security.verifyObjectTrust. Normally such constraints should be +obtained from a Configuration rather +than being explicitly constructed. +

+ +

+

+
Since:
+
2.0
+
Version:
+
3.0
+
+
+ + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview   Package  Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV PACKAGE  + NEXT PACKAGE + FRAMES   + NO FRAMES   +  + + + +
+ + + +
+Copyright 2007, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions. + + Added: incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-tree.html URL: http://svn.apache.org/viewvc/incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-tree.html?rev=1052582&view=auto ============================================================================== --- incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-tree.html (added) +++ incubator/river/site/trunk/content/river/doc/api/net/jini/security/proxytrust/package-tree.html Fri Dec 24 20:23:22 2010 @@ -0,0 +1,161 @@ + + + + + + +net.jini.security.proxytrust Class Hierarchy (Apache River v2.1.2-SNAPSHOT API Documentation) + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package  Class  Use   Tree  Deprecated  Index  Help 
+		 + +
PREV  + NEXT + FRAMES   + NO FRAMES   +  + + + +
+ + + +
+
+

+Hierarchy For Package net.jini.security.proxytrust +

+
+
+
Package Hierarchies:
All Packages
+
+

+Class Hierarchy +

+ +

+Interface Hierarchy +

+ +
+ + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package  Class  Use   Tree  Deprecated  Index  Help 
+		 + +
PREV  + NEXT + FRAMES   + NO FRAMES   +  + + + +
+ + + +
+Copyright 2007, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions. + +