river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Kleczek <michal.klec...@xpro.biz>
Subject Re: Towards Internet Jini Services (trust)
Date Mon, 11 Oct 2010 07:46:18 GMT
Of course we need something more since the client has InstallModulePermission 
it would suppress trust verification alltogether. The simple fix is to have two 
permissions and suppress trust verification only when we only have one of them.
The client has both, so we are going to verify trust.

class InstallModulePermission extends BasicPermission {
}

class SuppressInstallModulePermission extends BasicPermission {
}

public class DelegatedModuleTrustVerifier implements TrustVerifier {

    private static final InstallModulePermission INSTALL_MODULE_PERMISSION =
            new InstallModulePermission();
    private static final SuppressModuleTrustDelegationPermission
      SUPPRESS_MODULE_TRUST_DELEGATION_PERMISSION =
            new SuppressModuleTrustDelegationPermission();

    @Override
    public boolean isTrustedObject(Object o, Context cntxt) {
        if (o instanceof Module) {
            try {
                AccessController.checkPermission(SUPPRESS_MODULE_TRUST_DELEGATION_PERMISSION);
                return false;
            }
            catch (SecurityException suppressEx) {
                try {
                    AccessController.checkPermission(INSTALL_MODULE_PERMISSION);
                    return true;
                }
                catch (SecurityException installEx) {
                    return false;
                }
            }
        }

        return false;
    }

}


Michal

On Monday 11 of October 2010 08:24:19 Michal Kleczek wrote:
> On Monday 11 of October 2010 05:27:31 Peter Firmstone wrote:
> > Michal Kleczek wrote:
> > > Some more thoughts.
> > > 
> > > There is one scenario that is not covered here:
> > > 
> > > I get an service, verify the module that loads its class using a
> > > ModuleAuthority that I trust. This service in turn downloads some other
> > > objects that it verified. There is no way I can delegate trust
> > > verification to the service - I must trust Modules (actually
> > > ModuleAuthorities) of those subsequent objects.
> > > 
> > > 1. I have to have a way to allow or disallow module trust delegation
> > > (looks like a case for dynamic permission grants)
> > 
> > Currently PreferredClassLoader uses DownloadPermission to prevent or
> > allow a CodeSource class loading, because the CodeSource hasn't yet been
> > loaded, we cannot dynamically grant DownloadPermission to a CodeSource,
> > using DynamicPolicy.
> 
> Thanks for the hint.
> I think Module trust delegation can be achieved in a really simple way:
> 
> class InstallModulePermission extends Permission {
> }
> 
> //this TrustVerifier is installed locally on the client
> //so that delegation of Module trust verification can be done
> //by granting a service InstallModulePermission
> 
> public class InstallModulePermissionVerifier implements TrustVerifier {
> 
>   private static final InstallModulePermission PERM =
>     new InstallModulePermission()
> 
>   public boolean isTrustedObject(Object o, Context ctx) {
>     try {
>       if (o instanceof Module) {
>         AccessController.checkPermission(PERM);
>         return true;
>       }
> 
>       return false;
>     }
>     catch (SecurityException e) {
>       return false;
>     }
>   }
> 
> }
> 
> What do you think?
> 
> Michal

Mime
View raw message