river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Oliver <fkoli...@gmail.com>
Subject Re: Learnings from a RevokeableDynamicPolicy & A Future Roadmap
Date Wed, 11 Aug 2010 19:36:43 GMT
It looks like permissions can only be managed or revoked by class. If
a domain has been granted more than one SocketPermission (e.g. to
grant permission to use two ports or communicate with two hosts,
etc.), can I revoke one of them?

If I have a delegate for a complex object (say Socket) to which sets
of permissions may apply, how would the delegate handle the sets? If
one SocketPermission were revoked, does the delegate need deep
knowledge of the object it protects to determine if that revoked
permission applies? Can a delegate always obtain the complete set of
permissions which apply to it to reevaluate more fully?

Should Controller maintain static maps of its own instances? If that
map were contained by instances of RevokeableDynamicPolicy, then there
could be multiple policy objects in use at one time.

PrincipalGrant extends PermissionGrant and contains two Collections
which are both used in the hash value and equals method. I would be
inclined to enforce their immutability with
Collections.unmodifiableCollection(). In the equals method, you might
return false if the stored hash values are different before comparing
the collections.

PermissionGrant.getPermissions() is documented as returning an
immutable Collection, but the method returns a mutable array instead?

Fred

On Wed, Aug 11, 2010 at 2:56 AM, Peter Firmstone <jini@zeus.net.au> wrote:
> Fred,
>
> Any thoughts?  The ExecutionContextManager interface and implementation
> (Controller) are shown below, the RevokeableDynamicPolicy and
> PermissionGrant interfaces have implementations available on svn.
>
> The ExecutionContextManager is based around our discussion.
>
> Note that no Security Delegate is provided here, just a tool, which a
> delegate or any other object may use,
> ExecutionContextManager.checkPermission() and another method
> addAction(Runnable r), to accept a Runnable to perform any clean up tasks
> for complete revocation such as closing Socket's etc.  The delegate need not
> implement any interface other than the object it encapsulates.
>
> Cheers,
>
> Peter.

Mime
View raw message