Return-Path: Delivered-To: apmail-incubator-river-dev-archive@minotaur.apache.org Received: (qmail 88634 invoked from network); 30 Dec 2010 13:57:23 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 30 Dec 2010 13:57:23 -0000 Received: (qmail 9645 invoked by uid 500); 30 Dec 2010 13:57:23 -0000 Delivered-To: apmail-incubator-river-dev-archive@incubator.apache.org Received: (qmail 9585 invoked by uid 500); 30 Dec 2010 13:57:21 -0000 Mailing-List: contact river-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: river-dev@incubator.apache.org Delivered-To: mailing list river-dev@incubator.apache.org Received: (qmail 9577 invoked by uid 99); 30 Dec 2010 13:57:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Dec 2010 13:57:20 +0000 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of btmurphy.alt@gmail.com designates 209.85.215.175 as permitted sender) Received: from [209.85.215.175] (HELO mail-ey0-f175.google.com) (209.85.215.175) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Dec 2010 13:57:15 +0000 Received: by eya28 with SMTP id 28so5156564eya.6 for ; Thu, 30 Dec 2010 05:56:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=JBTO1kPd75KlbSwDytmEvs/0hM5RhVTfosa+qHvAxL4=; b=LF1h+Mp3uzQsKAnlhB5IY+rJYE/ThAPj7HTlNLiX0NXWhfAvP9cLUc3COJKCw1EZ/A 1fQ+7boY+wdttbm9Gc4RdmR9f+SnmpXmqmsWuV9kiY3SxS+or0VC6BUfWUmvlR6u8RzC ii0Y6239civ+5bNB9oLnqhpR/g4FtqxKAHvxs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=b6NaBhcXo+br7jZDnkQvtlTRwQqoF3NGU4jTlYr/AjfjmQJyNOd4tcoLlJ+rCPkEvP yJ8FJzYC5Tvk9MtXlba++y7VNcjD3iubOdajUYAMekGOVW1588b87sOrlQOZ8T2nf9m8 nYiJI3ZiF25c0MaiovGtsQiQdF6iM4DcUXquo= MIME-Version: 1.0 Received: by 10.213.29.16 with SMTP id o16mr3840229ebc.58.1293717414240; Thu, 30 Dec 2010 05:56:54 -0800 (PST) Received: by 10.213.28.206 with HTTP; Thu, 30 Dec 2010 05:56:54 -0800 (PST) In-Reply-To: <1293604652.196919273@192.168.2.227> References: <4D18BF7D.4010507@acm.org> <1293604652.196919273@192.168.2.227> Date: Thu, 30 Dec 2010 08:56:54 -0500 Message-ID: Subject: Re: light refactoring From: Brian Murphy To: river-dev@incubator.apache.org Content-Type: multipart/alternative; boundary=0015174c43c0ea616f0498a10eb2 --0015174c43c0ea616f0498a10eb2 Content-Type: text/plain; charset=ISO-8859-1 On Wed, Dec 29, 2010 at 1:37 AM, wrote: 3) Several of the "Constrainable" classes have the private method > "getProxyTrustIterator" which is never used. Is this safe to remove? No, this will break outrigger with respect to remote security. The getProxyTrustIterator method is called reflectively by the infrastructure, and is necessary for verifying trust in the proxies (both dynamic and non-dynamic) that a client might receive. Therefore, that method is somewhat fundamental to the extensions that were made to the Java security model to support network security in the face of remote method invocations and downloaded code. From the specification of the net.jini.security.proxytrust.ProxyTrustVerifier.isTrusted method: [snip] * A verifier is obtained from a candidate object as follows. *
    *
  • * If either the candidate object's class has a non-static * member method with signature: * 
    ProxyTrustIterator getProxyTrustIterator();
    * or the candidate object is an instance of a dynamically generated * {@link Proxy} class and the contained invocation handler's class has * such a member method, then the getProxyTrustIterator * method is called (on the candidate object or its invocation handler). * For each object produced by the {@link ProxyTrustIterator#next next} * method of the returned iterator, the following substeps are used, until * either a verifier is obtained or the iteration terminates. If no * verifier can be obtained from any object produced by the iterator, * then there is no verifier for the candidate object. For any given * object produced by the iterator, if a verifier cannot be obtained from * the object but an intermediate operation involved in attempting to * obtain a verifier throws a RemoteException, that * exception is passed to the {@link ProxyTrustIterator#setException * setException} method of the iterator, and the iteration continues. *

    * The getProxyTrustIterator method and the * ProxyTrustIterator methods are all invoked in a * restricted security context. If the specified trust verifier * context contains an {@link UntrustedObjectSecurityContext} instance, * then the security context returned by its * {@link UntrustedObjectSecurityContext#getContext getContext} method * is used. Otherwise, the security context used is equivalent to * the current security context (as returned by * {@link net.jini.security.Security#getContext Security.getContext}) with * an additional protection domain combined into the access control * context that contains an empty {@link java.security.CodeSource} * (null location and certificates), * null permissions, null class loader, and * null principals. [snip] I hope this helps, Brian --0015174c43c0ea616f0498a10eb2--