river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter_firmst...@apache.org
Subject svn commit: r1159939 - in /river/jtsk/skunk/peterConcurrentPolicy: qa/harness/policy/ qa/harness/trust/ qa/src/com/sun/jini/test/resources/ qa/src/com/sun/jini/test/spec/jeri/https/ qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/ qa...
Date Sun, 21 Aug 2011 03:59:30 GMT
Author: peter_firmstone
Date: Sun Aug 21 03:59:29 2011
New Revision: 1159939

URL: http://svn.apache.org/viewvc?rev=1159939&view=rev
Log:
Improvements to ConcurrentPermissions, has justified replacing Permissions in ConcurrentPolicyFile
since this is now more reliable with concurrent code.  Still having problems with PolicyParser
parsing standard java policy file, because of this it doesn't grant any permissions to the
jar files in the jre/lib/ext directory, so it's having trouble with encryption providers.
 Otherwise ConcurrentPolicyFile passes all policy based tests.  I expect the problem will
be solved soon and it will then pass all qa tests.  The next step will be to replace RMISecurityManager
with a DelegateSecurityManager and test that.  Then add logging to the security manager to
record failed permission checks.

Removed:
    river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/
Modified:
    river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy
    river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties
    river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/jinitest.policy
    river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/jeri/https/HttpsRobustnessTest.td
    river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java
    river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.td
    river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/util/Util.java
    river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/HttpsEndpoint.java
    river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslEndpointImpl.java
    river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslServerEndpointImpl.java
    river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/loader/pref/PCodeSource.java
    river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java
    river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolutionCollection.java
    river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java
    river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java
    river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java
    river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java

Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy Sun Aug 21
03:59:29 2011
@@ -20,6 +20,12 @@ grant codebase "file:${com.sun.jini.test
     permission java.security.AllPermission "", "";
 };
 
+// required for new PolicyFile provider.
+grant codeBase "file:${{java.ext.dirs}}/*" {
+        permission java.security.AllPermission;
+};
+
+
 grant codebase "file:${com.sun.jini.jsk.home}${/}lib${/}jsk-platform.jar" {
     permission java.security.AllPermission "", "";
 };

Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/harness/trust/dynamic-policy.properties Sun
Aug 21 03:59:29 2011
@@ -6,4 +6,4 @@ policy.provider=net.jini.security.policy
 #net.jini.security.policy.PolicyFileProvider.basePolicyClass=com.sun.jini.qa.harness.MergedPolicyProvider
 net.jini.security.policy.DynamicPolicyProvider.basePolicyClass=com.sun.jini.qa.harness.MergedPolicyProvider
 #net.jini.security.policy.DynamicPolicyProvider.basePolicyClass=net.jini.security.policy.PolicyFileProvider
-#net.jini.security.policy.PolicyFileProvider.basePolicyClass=org.apache.river.security.concurrent.ConcurrentPolicyFile
+net.jini.security.policy.PolicyFileProvider.basePolicyClass=net.jini.security.policy.ConcurrentPolicyFile

Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/jinitest.policy
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/jinitest.policy?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/jinitest.policy
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/resources/jinitest.policy
Sun Aug 21 03:59:29 2011
@@ -46,6 +46,10 @@ grant codebase "file:${com.sun.jini.test
     permission java.security.AllPermission "", "";
 };
 
+// required for new PolicyFile provider.
+grant codeBase "file:${{java.ext.dirs}}/*" {
+        permission java.security.AllPermission;
+};
 
 grant codebase "file:${com.sun.jini.qa.harness.testJar}" {
     permission net.jini.security.GrantPermission

Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/jeri/https/HttpsRobustnessTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/jeri/https/HttpsRobustnessTest.td?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/jeri/https/HttpsRobustnessTest.td
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/jeri/https/HttpsRobustnessTest.td
Sun Aug 21 03:59:29 2011
@@ -3,3 +3,11 @@ testCategories=jeri,jeri_spec
 testConfiguration=<url: HttpsServerEndpointTest.config>
 com.sun.jini.qa.harness.runkitserver=false 
 com.sun.jini.qa.harness.runjiniserver=false
+testjvmargs=\
+-Xdebug,\
+-Xrunjdwp:transport=dt_socket+,address=8000+,server=y+,suspend=y,\
+${testjvmargs}
+#-Djava.security.debug=access:failure,\
+#-Dnet.jini.security.policy.PolicyFileProvider.basePolicyClass=net.jini.security.policy.ConcurrentPolicyFile,\
+#-Djava.security.manager=com.sun.jini.tool.ProfilingSecurityManager,\
+#${testjvmargs}

Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java
Sun Aug 21 03:59:29 2011
@@ -355,12 +355,12 @@ public class GrantNoPrincipalCase02 exte
                     Permission[] p = new Permission[] {
                         pmDynamicGranted[k] };
                     boolean shouldReturn = (k <= i);
-                    checkImplies(pd, p, shouldReturn, false);
-                    checkImplies(pdNew01, p, shouldReturn, false);
-                    checkImplies(pdNew02, p, shouldReturn, false);
+                        checkImplies(pd, p, shouldReturn, false);
+                        checkImplies(pdNew01, p, shouldReturn, false);
+                        checkImplies(pdNew02, p, shouldReturn, false);
+                    }
                 }
             }
-        }
 
         /*
          * Call grant() on DynamicPolicyProvider passing
@@ -382,78 +382,78 @@ public class GrantNoPrincipalCase02 exte
         for (int i = 0; i < protectionDomains.length; i++) {
             ProtectionDomain pd = protectionDomains[i];
 
-            /*
-             * Call implies on DynamicPolicyProvider passing
-             * pmAll permissions. Verify that implies()
-             * returns true for null and non-null
-             * ProtectionDomains.
-             */
-            checkImplies(pd, pmAll, true, false);
-
-            /*
-             * Call implies on DynamicPolicyProvider passing
-             * permissions that granted in the policy file. Verify that
-             * implies() returns false if ProtectionDomain is equal to null,
-             * and verify that implies() returns true for non-null
-             * ProtectionDomains.
-             */
-            checkImplies(pd, pmGranted, true, true);
-
-            /*
-             * Call implies on DynamicPolicyProvider passing
-             * not granted permissions. Verify that implies()
-             * returns false for null and non-null
-             * ProtectionDomains.
-             */
-            checkImplies(pd, pmDynamicNotGranted, false, false);
+                /*
+                 * Call implies on DynamicPolicyProvider passing
+                 * pmAll permissions. Verify that implies()
+                 * returns true for null and non-null
+                 * ProtectionDomains.
+                 */
+                checkImplies(pd, pmAll, true, false);
 
-            if (pd == null) {
-                continue;
-            }
+                /*
+                 * Call implies on DynamicPolicyProvider passing
+                 * permissions that granted in the policy file. Verify that
+                 * implies() returns false if ProtectionDomain is equal to null,
+                 * and verify that implies() returns true for non-null
+                 * ProtectionDomains.
+                 */
+                checkImplies(pd, pmGranted, true, true);
 
-            /*
-             * Get CodeSource for ProtectionDomain.
-             */
-            CodeSource s = pd.getCodeSource();
+                /*
+                 * Call implies on DynamicPolicyProvider passing
+                 * not granted permissions. Verify that implies()
+                 * returns false for null and non-null
+                 * ProtectionDomains.
+                 */
+                checkImplies(pd, pmDynamicNotGranted, false, false);
 
-            /*
-             * Iterate over class loaders.
-             */
-            for (int j = 0; j < classLoaders.length; j++) {
+                if (pd == null) {
+                    continue;
+                }
 
                 /*
-                 * Create new ProtectionDomain passing code source,
-                 * null as PermissionCollection, class loader and
-                 * null as array of Principals.
+                 * Get CodeSource for ProtectionDomain.
                  */
-                ProtectionDomain pdNew01 = new ProtectionDomain(s, null,
-                        classLoaders[j], null);
+                CodeSource s = pd.getCodeSource();
 
                 /*
-                 * Create new ProtectionDomain passing null as code source,
-                 * null as PermissionCollection, class loader
-                 * and null as array of Principals.
+                 * Iterate over class loaders.
                  */
-                ProtectionDomain pdNew02 = new ProtectionDomain(null, null,
-                        classLoaders[j], null);
+                for (int j = 0; j < classLoaders.length; j++) {
+
+                    /*
+                     * Create new ProtectionDomain passing code source,
+                     * null as PermissionCollection, class loader and
+                     * null as array of Principals.
+                     */
+                    ProtectionDomain pdNew01 = new ProtectionDomain(s, null,
+                            classLoaders[j], null);
+
+                    /*
+                     * Create new ProtectionDomain passing null as code source,
+                     * null as PermissionCollection, class loader
+                     * and null as array of Principals.
+                     */
+                    ProtectionDomain pdNew02 = new ProtectionDomain(null, null,
+                            classLoaders[j], null);
+
+                    /*
+                     * Call implies() on DynamicPolicyProvider passing
+                     * newly created ProtectionDomains and pmAll
+                     * permissions and verify that implies() returns true.
+                     */
+                    checkImplies(pdNew01, pmAll, true, false);
+                    checkImplies(pdNew02, pmAll, true, false);
+                }
 
                 /*
-                 * Call implies() on DynamicPolicyProvider passing
-                 * newly created ProtectionDomains and pmAll
-                 * permissions and verify that implies() returns true.
+                 * Verify that granted permissions (aside from those granted
+                 * with a class value of null) are not included in
+                 * PermissionCollections returned from
+                 * Policy.getPermissions(CodeSource).
                  */
-                checkImplies(pdNew01, pmAll, true, false);
-                checkImplies(pdNew02, pmAll, true, false);
+                callGetPermissionsNoGranted(s, pmAsided);
+                callGetPermissions(s, pmAll, true, null);
             }
-
-            /*
-             * Verify that granted permissions (aside from those granted
-             * with a class value of null) are not included in
-             * PermissionCollections returned from
-             * Policy.getPermissions(CodeSource).
-             */
-            callGetPermissionsNoGranted(s, pmAsided);
-            callGetPermissions(s, pmAll, true, null);
         }
     }
-}

Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.td?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.td
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.td
Sun Aug 21 03:59:29 2011
@@ -4,3 +4,7 @@ testPolicyfile=policyProviderGrant01.pol
 com.sun.jini.qa.harness.runkitserver=false 
 com.sun.jini.qa.harness.runjiniserver=false
 com.sun.jini.qa.harness.securityproperties=<url: ../securityprovider.properties>
+#testjvmargs=\
+#-Xdebug,\
+#-Xrunjdwp:transport=dt_socket+,address=8000+,server=y+,suspend=y,\
+#${testjvmargs}

Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/util/Util.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/util/Util.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/util/Util.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/util/Util.java
Sun Aug 21 03:59:29 2011
@@ -94,6 +94,7 @@ public class Util {
      * @return status string.
      */
     public static String fail(String msg, Exception ret, String exp) {
+        ret.printStackTrace(System.err);
         StringBuffer buf = new StringBuffer("\n");
         buf.append(msg).append("\n");
         buf.append("  throws:   ").append(ret.toString()).append("\n");

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/HttpsEndpoint.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/HttpsEndpoint.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/HttpsEndpoint.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/HttpsEndpoint.java Sun Aug
21 03:59:29 2011
@@ -695,7 +695,7 @@ public final class HttpsEndpoint
 	 */
 	OutboundRequestIterator newRequest(final CallContext callContext) {
 	    return new OutboundRequestIterator() {
-		private boolean done;
+		private volatile boolean done = false;
 		public synchronized boolean hasNext() {
 		    return !done;
 		}

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslEndpointImpl.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslEndpointImpl.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslEndpointImpl.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslEndpointImpl.java Sun
Aug 21 03:59:29 2011
@@ -284,6 +284,9 @@ class SslEndpointImpl extends Utilities 
 		 * XXX: Work around BugID 4892841, Subject.getPrincipals(Class)
 		 * not thread-safe against changes to principals.
 		 * -tjb[18.Jul.2003]
+                 * 
+                 * This was fixed in Java 1.5 which is now our minimum
+                 * supported version.
 		 */
 		synchronized (clientSubject.getPrincipals()) {
 		    clientPrincipals =

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslServerEndpointImpl.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslServerEndpointImpl.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslServerEndpointImpl.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/jeri/ssl/SslServerEndpointImpl.java
Sun Aug 21 03:59:29 2011
@@ -526,12 +526,12 @@ class SslServerEndpointImpl extends Util
 	    if (resolvedHost == null) {
 		InetAddress localAddr;
 		try {
-		    localAddr = (InetAddress) AccessController.doPrivileged(
-			new PrivilegedExceptionAction() {
-			    public Object run() throws UnknownHostException {
-				return InetAddress.getLocalHost();
-			    }
-			});
+		    localAddr = AccessController.doPrivileged(
+                      new PrivilegedExceptionAction<InetAddress>() {
+                          public InetAddress run() throws UnknownHostException {
+                              return InetAddress.getLocalHost();
+                          }
+                      });
 		} catch (PrivilegedActionException e) {
 		    UnknownHostException uhe =
 			(UnknownHostException) e.getCause();
@@ -803,8 +803,9 @@ class SslServerEndpointImpl extends Util
 	private final Set connections = new HashSet();
 
 	/** Used to throttle accept failures */
+        private final Object failureLock = new Object();
 	private long acceptFailureTime = 0;
-	private int acceptFailureCount;
+	private int acceptFailureCount = 0;
 
 	/** Creates a listen handle */
 	SslListenHandle(RequestDispatcher requestDispatcher,
@@ -936,23 +937,34 @@ class SslServerEndpointImpl extends Util
 	    final int NFAIL = 10;
 	    final int NMSEC = 5000;
 	    long now = System.currentTimeMillis();
-	    if (acceptFailureTime == 0L ||
-		(now - acceptFailureTime) > NMSEC)
-	    {
-		// failure time is very old, or this is first failure
-		acceptFailureTime = now;
-		acceptFailureCount = 0;
-	    } else {
-		// failure window was started recently
-		acceptFailureCount++;
-		if (acceptFailureCount >= NFAIL) {
-		    try {
-			Thread.sleep(10000);
-		    } catch (InterruptedException ignore) {
-		    }
-		    // no need to reset counter/timer
-		}
-	    }
+            boolean fail = false;
+            synchronized (failureLock){
+                if (acceptFailureTime == 0L ||
+                    (now - acceptFailureTime) > NMSEC)
+                {
+                    // failure time is very old, or this is first failure
+                    acceptFailureTime = now;
+                    acceptFailureCount = 0;
+                } else {
+                    // failure window was started recently
+                    acceptFailureCount++;
+                    if (acceptFailureCount >= NFAIL) {
+                        fail = true;
+                    }
+                }
+            }
+            if (fail) {
+                try {
+                    Thread.sleep(10000);
+                } catch (InterruptedException ignore) {
+                    /* Why are we ignoring the interrupt and not 
+                     * restoring the interrupted status?
+                     */
+                    Thread.currentThread().interrupt();
+                }
+                // no need to reset counter/timer
+            }
+	    
 	    return true;
 	}
 

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/loader/pref/PCodeSource.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/loader/pref/PCodeSource.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/loader/pref/PCodeSource.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/loader/pref/PCodeSource.java Sun Aug
21 03:59:29 2011
@@ -1,7 +1,21 @@
 /*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
+
 package net.jini.loader.pref;
 
 import java.io.IOException;

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java
Sun Aug 21 03:59:29 2011
@@ -22,25 +22,19 @@ import java.io.Serializable;
 import java.security.AllPermission;
 import java.security.Permission;
 import java.security.PermissionCollection;
-import java.security.Permissions;
-import java.security.ProtectionDomain;
 import java.security.UnresolvedPermission;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.ConcurrentModificationException;
 import java.util.Enumeration;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.NoSuchElementException;
 import java.util.Set;
-import java.util.Vector;
 import java.util.concurrent.ConcurrentHashMap;
 
 
 /**
- * ConcurrentPermission's is a replacement for java.security.Permissions, 
- * it doesn't extend Permissions.
+ * ConcurrentPermission's is a replacement for java.security.Permissions.
  * 
  * If there is heavy contention for one Permission class
  * type, concurrency may suffer due to internal synchronization.
@@ -54,6 +48,9 @@ import java.util.concurrent.ConcurrentHa
  * of elements, but makes no guarantees that new elements will be
  * added during an Enumeration.
  * 
+ * For this reason it is not recommended that ConcurrentPermission be
+ * used when the result from #elements() must be correct.
+ * 
  * TODO: Serialization properly
  * @version 0.4 2009/11/10
  * 
@@ -100,6 +97,7 @@ implements Serializable {
         if (super.isReadOnly()) {
             throw new SecurityException("attempt to add a Permission to a readonly Permissions
object");
         } 
+        if (allPermission == true) return; // Why bother adding another permission?
         if (permission instanceof AllPermission) {allPermission = true;}
         if (permission instanceof UnresolvedPermission) {          
             unresolved.add(new PermissionPendingResolution((UnresolvedPermission)permission));
           
@@ -133,13 +131,10 @@ implements Serializable {
         PermissionCollection pc = permsMap.get(permission.getClass()); // To stop unnecessary
object creation
         if (pc != null && pc.implies(permission)) { return true;}
         if (unresolved.awaitingResolution() == 0 ) { return false; }
-        PermissionCollection existed = null;
         if (pc == null){
             pc = new MultiReadPermissionCollection(permission); // once added it cannot be
removed atomically.
-            existed = permsMap.putIfAbsent(permission.getClass(), pc);
-            if (existed != null) {
-                pc = existed;
-                }
+            PermissionCollection existed = permsMap.putIfAbsent(permission.getClass(), pc);
+            if (existed != null) pc = existed;
         }
         unresolved.resolveCollection(permission, pc);
         return pc.implies(permission);
@@ -178,19 +173,6 @@ implements Serializable {
         return new PermissionEnumerator(perms);                 
     }
     
-//    /**
-//     * Attempt to resolve any unresolved permissions whose class is visible
-//     * from within this protection domain.
-//     * @param pd 
-//     */
-//    public void resolve(ProtectionDomain pd){
-//        if (unresolved.awaitingResolution() == 0){return;}
-//        Enumeration<Permission> perms = unresolved.resolvePermissions(pd);
-//        while (perms.hasMoreElements()){
-//            add(perms.nextElement());
-//        }
-//    }
-    
     /*
      * This Enumeration is not intended for concurrent access, underlying
      * PermissionCollection's need to be protected by MultiReadPermissionCollection's
@@ -202,6 +184,18 @@ implements Serializable {
      * @author Peter Firmstone
      */   
     private final static class PermissionEnumerator implements Enumeration<Permission>
{
+        private final static Enumeration<Permission> empty = 
+        new Enumeration<Permission>(){
+
+            public boolean hasMoreElements() {
+                return false;
+            }
+
+            public Permission nextElement() {
+                throw new NoSuchElementException("Empty enumeration");
+            }
+            
+        };
         private final Iterator<PermissionCollection> epc;
         private volatile Enumeration<Permission> currentPermSet;
 
@@ -211,7 +205,9 @@ implements Serializable {
         }
 
         private Enumeration<Permission> getNextPermSet(){
+            Enumeration<Permission> result = null;
             if (epc.hasNext()){
+                Enumeration<Permission> e = null;
                 PermissionCollection pc = epc.next();               
                 /* We only take what we need, as we need it, minimising memory use.
                  * Each underlying PermissionCollection adds its own Enumeration.
@@ -220,36 +216,37 @@ implements Serializable {
                  */
                 if ( pc instanceof PermissionPendingResolutionCollection ){
 		    Set<Permission> permissionSet = new HashSet<Permission>();
-                    Enumeration<Permission> e = pc.elements();
+                    e = pc.elements();
                     while (e.hasMoreElements()) {
                         PermissionPendingResolution p = 
                                 (PermissionPendingResolution) e.nextElement();
                         UnresolvedPermission up = p.asUnresolvedPermission();
                         permissionSet.add(up);
                     }
-		    return Collections.enumeration(permissionSet);
-                } else {
-                    Enumeration<Permission> e = pc.elements();
-                    return e;
+		    e = Collections.enumeration(permissionSet);
+                } else if (pc != null ) {
+                    e = pc.elements();
                 }
-            } else {
-		Vector<Permission> empty = new Vector<Permission>(0);
-		return empty.elements();
-	    }
+                if ( e == null ) e = empty;
+                result = e;
+            }
+            return result; // If null end.
         }
 
-        public boolean hasMoreElements() {        
-            if (currentPermSet.hasMoreElements()){return true;}          
-            currentPermSet = getNextPermSet();
-            return currentPermSet.hasMoreElements();           
+        public boolean hasMoreElements() {
+            boolean result = false;
+            if (currentPermSet != null ) result = currentPermSet.hasMoreElements();
+            while (result == false){
+                Enumeration<Permission> next = getNextPermSet();
+                if (next == null) return false;
+                currentPermSet = next;
+                result = currentPermSet.hasMoreElements();
+            }
+            return result;           
         }
 
-        public Permission nextElement() {
-            if (hasMoreElements()){              
-                return currentPermSet.nextElement();               
-            } else {
-                throw new NoSuchElementException("PermissionEnumerator");
-            }
+        public Permission nextElement() {        
+            return currentPermSet.nextElement();               
         }
     }
 

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolutionCollection.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolutionCollection.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolutionCollection.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolutionCollection.java
Sun Aug 21 03:59:29 2011
@@ -17,18 +17,14 @@
 
 package net.jini.security;
 
-import java.security.AccessController;
 import java.security.Permission;
 import java.security.PermissionCollection;
-import java.security.PrivilegedAction;
-import java.security.ProtectionDomain;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Iterator;
-import java.util.List;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.atomic.AtomicInteger;
@@ -112,40 +108,6 @@ class PermissionPendingResolutionCollect
         }
         return holder;
     }
-    
-    //Should I be performing a privileged action? Or should it run with
-    // the caller thread's privileges?
-//    Enumeration<Permission> resolvePermissions(final ProtectionDomain pd){
-//        @SuppressWarnings("unchecked")
-//        ClassLoader cl = (ClassLoader) AccessController.doPrivileged(
-//                new PrivilegedAction(){
-//                public Object run(){
-//                    ClassLoader cL = pd.getClassLoader();
-//                    if (cL == null){
-//                        cL = Thread.currentThread().getContextClassLoader();
-//                    }
-//                    // This is no good because the ClassLoader is the extension loader.
-//                    // It might stop a null ClassLoader being returned though.
-//                    if (cL == null){
-//                        cL = this.getClass().getClassLoader();
-//                    }
-//                    return cL;
-//                }
-//        });
-//        
-//        
-//        List<Permission> perms = new ArrayList<Permission>();
-//        Enumeration enPending = elements();
-//        while (enPending.hasMoreElements()){
-//            PermissionPendingResolution pendPerm = 
-//                    (PermissionPendingResolution) enPending.nextElement();
-//            Permission resolved =  pendPerm.resolve(cl);
-//            if ( resolved != null ){
-//                perms.add(resolved);
-//            }           
-//        }
-//        return Collections.enumeration(perms);
-//    }
 
     @Override
     public boolean implies(Permission permission) {

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java
Sun Aug 21 03:59:29 2011
@@ -244,7 +244,7 @@ public class ConcurrentPolicyFile extend
         try {
             PermissionCollection perms = impliesCache.get(pd);
             if (perms != null) return perms;
-            perms = new Permissions();
+            perms = new ConcurrentPermissions();
                 Iterator<PermissionGrant> it = grants.iterator();
                 while (it.hasNext()){
                     PermissionGrant ge = it.next();

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java
Sun Aug 21 03:59:29 2011
@@ -61,7 +61,7 @@ public class PolicyFileProvider extends 
 	"net.jini.security.policy.PolicyFileProvider.basePolicyClass";
     private static final String defaultBasePolicyClass =
         // Having our own implementation removes a platform dependency
-        "net.jini.security.policy.ConcurrentPolicyFile";
+       "net.jini.security.policy.ConcurrentPolicyFile";
 //	"sun.security.provider.PolicyFile";
     private static final String policyProperty = "java.security.policy";
     private static final Object propertyLock = new Object();

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java
Sun Aug 21 03:59:29 2011
@@ -422,7 +422,7 @@ public class PolicyUtils {
      */
     public static PermissionCollection 
             toPermissionCollection(Collection<Permission> perms) {
-        PermissionCollection pc = new Permissions();
+        PermissionCollection pc = new ConcurrentPermissions();
         if (perms != null) {
             for (Iterator<Permission> iter = perms.iterator(); iter.hasNext();) {
                 Permission element = iter.next();

Modified: river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java?rev=1159939&r1=1159938&r2=1159939&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java
(original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java
Sun Aug 21 03:59:29 2011
@@ -81,7 +81,8 @@ public class PolicyEntryTest extends Tes
     }
 
     /**
-     * Null or empty set of Principals of PolicyEntry implies any Principals;
+     * Null or empty set of Principals of PolicyEntry implies any Principals
+     * if CodeSource != null;
      * otherwise tested set must contain all Principals of PolicyEntry.
      */
     public void testImpliesPrincipals() {
@@ -99,7 +100,7 @@ public class PolicyEntryTest extends Tes
             new UnresolvedPrincipal("a.b.c", "XXX"),
             new UnresolvedPrincipal("e.f.g", "ZZZ") };
 
-        assertTrue(pe.implies( (CodeSource) null, (Principal[]) null));
+        assertFalse(pe.implies( (CodeSource) null, (Principal[]) null));
         assertTrue(pe.implies( (CodeSource) null, pp1));
 
 //        pe = new PolicyEntry((CodeSource)null, new HashSet<Principal>(),



Mime
View raw message