river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject PCodeSource Good Idea?
Date Thu, 18 Aug 2011 10:05:23 GMT
I've attached PCodeSource, it extends CodeSource and overrides 
toString() and has a getRequiredPerms() method for retrieving the 
Permissions the CodeSource requires to execute.  These can be added to 
any AuthPermission's required and granted dynamically by clients.

PCodeSource will contain the permission's declared in 
META-INF/permissions.perm

I intend to implement findClass(String name) in PreferredClassLoader, 
allowing us to use PCodeSource as a replacement for CodeSource, to be 
included in ProtectionDomain's.

Once this is implemented when you've got debugging enabled, the 
AccessControlContext will print out the ProtectionDomain when an 
AccessControlException is thrown, so in the printout, you'll get the 
CodeSource, the Permission's it requires to execute, any Principals and 
the Permission's the ProtectionDomain has.

I earlier stated that the AccessControlException containing the 
information could be wrapped in a RemoteException, but this is incorrect.

It will enable me to implement a new method in net.jini.security.Security:

public Permission[] getRequired(Class cl);

BasicProxyPreparer has the following method:

    /**
     * Returns the permissions to grant to proxies, or an empty array if no
     * permissions should be granted. The return value need not be newly
     * created, but cannot be <code>null</code>. <p>
     *
     * The default implementation returns the value of {@link
     * #permissions}. <p>
     *
     * Subclasses may wish to override this method, for example, to grant
     * permissions that depend on principal constraints found on the proxy.
     *
     * @param proxy the proxy being prepared
     * @return the permissions to grant to the proxy
     */
    protected Permission[] getPermissions(Object proxy) {
    return permissions;
    }

So I'd need to extend BasicProxyPreparer to return the required 
permissions as well as those specified in the BasicProxyPreparer.

Question, you download a proxy, authenticate and verify it, but it needs 
some additional permissions to run:

Does the client need to know the permission's being requested?

public Permission[] getRequired(Object proxy);

Or should we just let the user's GrantPermission's limit the requested 
permissions?

My experience is, it's usually not advisable to ask a user if a list of 
permissions should be granted.

What do you think?

Regards,

Peter.

P.S. I've cc'd some very capable alumni, I'm hoping they might find time 
to drop in n say hello and occasionally lend some advice.

Mime
View raw message