donaldp 01/04/15 05:12:40
Modified: src/java/org/apache/phoenix/engine
DefaultServerApplication.java
src/java/org/apache/phoenix/engine/facilities/classmanager
SarClassLoader.java
Added: src/java/org/apache/phoenix/engine/facilities
PolicyManager.java
src/java/org/apache/phoenix/engine/facilities/policy
AbstractPolicy.java DefaultPolicy.java
DefaultPolicyManager.java
Removed: src/java/org/apache/phoenix/engine/facilities/security
AbstractPolicy.java DefaultPolicy.java
Log:
Defined and Implemented PolicyManager facility.
Revision Changes Path
1.14 +10 -9
jakarta-avalon-phoenix/src/java/org/apache/phoenix/engine/DefaultServerApplication.java
Index: DefaultServerApplication.java
===================================================================
RCS file:
/home/cvs/jakarta-avalon-phoenix/src/java/org/apache/phoenix/engine/DefaultServerApplication.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- DefaultServerApplication.java 2001/04/15 08:13:31 1.13
+++ DefaultServerApplication.java 2001/04/15 12:12:38 1.14
@@ -25,22 +25,23 @@
import org.apache.avalon.camelot.ContainerException;
import org.apache.avalon.camelot.Entry;
import org.apache.avalon.camelot.Factory;
-import org.apache.phoenix.engine.facilities.ConfigurationRepository;
import org.apache.avalon.configuration.Configurable;
import org.apache.avalon.configuration.Configuration;
import org.apache.avalon.configuration.ConfigurationException;
import org.apache.avalon.util.thread.ThreadManager;
import org.apache.phoenix.engine.blocks.BlockDAG;
import org.apache.phoenix.engine.blocks.BlockEntry;
+import org.apache.phoenix.engine.blocks.BlockVisitor;
import org.apache.phoenix.engine.blocks.RoleEntry;
+import org.apache.phoenix.engine.facilities.ConfigurationRepository;
import org.apache.phoenix.engine.facilities.DefaultConfigurationRepository;
import org.apache.phoenix.engine.facilities.DefaultLogManager;
-import org.apache.phoenix.engine.facilities.security.DefaultPolicy;
import org.apache.phoenix.engine.facilities.DefaultThreadManager;
+import org.apache.phoenix.engine.facilities.PolicyManager;
import org.apache.phoenix.engine.facilities.classmanager.SarClassLoader;
+import org.apache.phoenix.engine.facilities.policy.DefaultPolicyManager;
import org.apache.phoenix.engine.phases.ShutdownPhase;
import org.apache.phoenix.engine.phases.StartupPhase;
-import org.apache.phoenix.engine.blocks.BlockVisitor;
import org.apache.phoenix.metainfo.DependencyDescriptor;
/**
@@ -51,7 +52,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]">Peter Donald</a>
* @author <a href="mailto:[EMAIL PROTECTED]">Federico Barbieri</a>
*/
-public class DefaultServerApplication
+public final class DefaultServerApplication
extends AbstractContainer
implements Application, Configurable, Contextualizable
{
@@ -70,8 +71,8 @@
protected ComponentManager m_componentManager;
protected DefaultLogManager m_logManager;
+ protected PolicyManager m_policyManager;
protected ThreadManager m_threadManager;
- protected DefaultPolicy m_policy;
protected SarClassLoader m_classLoader;
//these are the facilities (internal components) of ServerApplication
@@ -118,7 +119,7 @@
entry.m_visitor = new StartupPhase();
entry.m_traversal = BlockDAG.FORWARD;
m_phases.put( "startup", entry );
-
+
entry = new PhaseEntry();
entry.m_visitor = new ShutdownPhase();
entry.m_traversal = BlockDAG.REVERSE;
@@ -185,7 +186,7 @@
m_classLoader = new SarClassLoader();
m_threadManager = new DefaultThreadManager();
- m_policy = new DefaultPolicy();
+ m_policyManager = new DefaultPolicyManager();
}
/**
@@ -205,7 +206,7 @@
setupComponent( m_threadManager, "<core>.threads", configuration );
configuration = m_configuration.getChild( "policy" );
- setupComponent( (Component)m_policy, "<policy>", configuration );
+ setupComponent( m_policyManager, "<policy>", configuration );
setupComponent( m_classLoader );
@@ -325,7 +326,7 @@
{
final DefaultComponentManager componentManager = new
DefaultComponentManager();
componentManager.put( "org.apache.avalon.camelot.Container", this );
- componentManager.put( "java.security.Policy", m_policy );
+ componentManager.put( "org.apache.phoenix.engine.facilities.PolicyManager",
m_policyManager );
componentManager.put( "java.lang.ClassLoader", m_classLoader );
componentManager.put( "NOT_DONE_YET", m_logManager );
componentManager.put( "org.apache.avalon.util.thread.ThreadManager",
m_threadManager );
1.1
jakarta-avalon-phoenix/src/java/org/apache/phoenix/engine/facilities/PolicyManager.java
Index: PolicyManager.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE file.
*/
package org.apache.phoenix.engine.facilities;
import java.security.Policy;
import org.apache.avalon.atlantis.Facility;
/**
* This facility manages the policy for an application instance.
*
* @author <a href="mailto:[EMAIL PROTECTED]">Peter Donald</a>
*/
public interface PolicyManager
extends Facility
{
/**
* Get policy for the current application.
*
* @return the Policy
*/
Policy getPolicy();
}
1.2 +5 -1
jakarta-avalon-phoenix/src/java/org/apache/phoenix/engine/facilities/classmanager/SarClassLoader.java
Index: SarClassLoader.java
===================================================================
RCS file:
/home/cvs/jakarta-avalon-phoenix/src/java/org/apache/phoenix/engine/facilities/classmanager/SarClassLoader.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SarClassLoader.java 2001/04/12 12:24:05 1.1
+++ SarClassLoader.java 2001/04/15 12:12:39 1.2
@@ -20,6 +20,7 @@
import org.apache.avalon.atlantis.Facility;
import org.apache.avalon.util.io.ExtensionFileFilter;
import org.apache.phoenix.engine.SarContextResources;
+import org.apache.phoenix.engine.facilities.PolicyManager;
/**
* This component creates blocks and blockInfos.
@@ -45,7 +46,10 @@
public void compose( final ComponentManager componentManager )
throws ComponentManagerException
{
- m_policy = (Policy)componentManager.lookup( "java.security.Policy" );
+ final PolicyManager policyManager = (PolicyManager)componentManager.
+ lookup( "org.apache.phoenix.engine.facilities.PolicyManager" );
+
+ m_policy = policyManager.getPolicy();
}
public void init()
1.1
jakarta-avalon-phoenix/src/java/org/apache/phoenix/engine/facilities/policy/AbstractPolicy.java
Index: AbstractPolicy.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE file.
*/
package org.apache.phoenix.engine.facilities.policy;
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.PropertyPermission;
import org.apache.avalon.Component;
import org.apache.avalon.Loggable;
import org.apache.avalon.util.io.FileUtil;
import org.apache.log.Logger;
/**
* Abstract policy extended in avalon.
*
* @author <a href="mailto:[EMAIL PROTECTED]">Peter Donald</a>
*/
public abstract class AbstractPolicy
extends Policy
implements Component, Loggable
{
protected final static boolean DEBUG = true;
protected final ArrayList m_entries = new ArrayList();
protected Logger m_logger;
/**
* Internal Policy Entry holder class.
*/
protected final static class PolicyEntry
{
CodeSource m_codeSource;
Permissions m_permissions;
}
public void setLogger( final Logger logger )
{
m_logger = logger;
}
/**
* Overide so we can have a per-application security policy with
* no side-effects to other applications.
*
* @param codeSource the codeSource to get permissions for
* @return the PermissionCollection
*/
public PermissionCollection getPermissions( CodeSource codeSource )
{
codeSource = normalize( codeSource );
getLogger().debug( "getPermissions(" + codeSource.getLocation() + ");" );
final Permissions permissions = new Permissions();
final int size = m_entries.size();
for( int i = 0; i < size; i++ )
{
final PolicyEntry entry = (PolicyEntry)m_entries.get( i );
if( entry.m_codeSource.implies( codeSource ) )
{
if( DEBUG )
{
getLogger().debug( entry.m_codeSource.getLocation() + " implies
" +
codeSource.getLocation() );
}
copyPermissions( permissions, entry.m_permissions );
}
}
if( DEBUG )
{
getLogger().debug( codeSource.getLocation() + " permissions = " +
permissions );
}
return permissions;
}
/**
* Refresh policy. Ignored in this implementation.
*/
public void refresh()
{
}
/**
* Normalizing CodeSource involves removing relative addressing
* (like .. and .) for file urls.
*
* @param codeSource the codeSource to be normalized
* @return the normalized codeSource
*/
protected CodeSource normalize( final CodeSource codeSource )
{
final URL initialLocation = codeSource.getLocation();
// This is a bit of a hack. I don't know why CodeSource should behave like
this
// Fear not, this only seems to be a problem for home grown classloaders.
// - Paul Hammant, Nov 2000
if( null == initialLocation ) return codeSource;
String location = null;
if( !initialLocation.getProtocol().equalsIgnoreCase( "file" ) )
{
location = initialLocation.getFile();
location = FileUtil.normalize( location );
}
else
{
final File file = new File( initialLocation.getFile() );
location = file.getAbsoluteFile().toString().replace(
File.separatorChar, '/' );
location = FileUtil.normalize( location );
}
URL finalLocation = null;
try
{
finalLocation = new URL( initialLocation.getProtocol(),
initialLocation.getHost(),
initialLocation.getPort(),
location );
}
catch( final MalformedURLException mue )
{
getLogger().warn( "Error building codeBase", mue );
}
return new CodeSource( finalLocation, codeSource.getCertificates() );
}
protected void copyPermissions( final Permissions destination, final Permissions
src )
{
final Enumeration enum = src.elements();
while( enum.hasMoreElements() )
{
destination.add( (Permission)enum.nextElement() );
}
}
/**
* Create a permission set for a codeBase.
* These are read-write permissions and can be written till until the
* time in which they are applied to code.
*
* @param location the location of codes to apply permission set to.
* @param signers a comma seperated string of thos who signed codebase
* @return the new permission set
* @exception MalformedURLException if location string is malformed
*/
protected Permissions createPermissionSetFor( final String location,
final Certificate[] signers )
throws MalformedURLException
{
final PolicyEntry entry = new PolicyEntry();
entry.m_codeSource = new CodeSource( new URL( location ), signers );
entry.m_codeSource = normalize( entry.m_codeSource );
getLogger().debug( "createPermissionSetFor(" +
entry.m_codeSource.getLocation() + ");" );
entry.m_permissions = new Permissions();
m_entries.add( entry );
return entry.m_permissions;
}
protected final Logger getLogger()
{
return m_logger;
}
}
1.1
jakarta-avalon-phoenix/src/java/org/apache/phoenix/engine/facilities/policy/DefaultPolicy.java
Index: DefaultPolicy.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE file.
*/
package org.apache.phoenix.engine.facilities.policy;
import java.io.File;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.UnresolvedPermission;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.PropertyPermission;
import java.util.StringTokenizer;
import org.apache.avalon.Component;
import org.apache.avalon.Context;
import org.apache.avalon.Contextualizable;
import org.apache.avalon.DefaultContext;
import org.apache.avalon.Initializable;
import org.apache.avalon.atlantis.Facility;
import org.apache.avalon.configuration.Configurable;
import org.apache.avalon.configuration.Configuration;
import org.apache.avalon.configuration.ConfigurationException;
import org.apache.avalon.util.PropertyException;
import org.apache.avalon.util.PropertyUtil;
/**
* Policy that extracts information from policy files.
*
* @author <a href="mailto:[EMAIL PROTECTED]">Peter Donald</a>
*/
public class DefaultPolicy
extends AbstractPolicy
implements Contextualizable, Configurable, Initializable
{
protected DefaultContext m_context;
public void contextualize( final Context context )
{
m_context = new DefaultContext( System.getProperties(), context );
m_context.put( "/", File.separator );
}
public void configure( final Configuration configuration )
throws ConfigurationException
{
final Configuration[] keyStoreConfigurations = configuration.getChildren(
"keystore" );
final HashMap keyStores = configureKeyStores( keyStoreConfigurations );
final Configuration[] grants = configuration.getChildren( "grant" );
configureGrants( grants, keyStores );
}
public void init()
throws Exception
{
//these properties straight out ot ${java.home}/lib/security/java.policy
final Permissions permissions = createPermissionSetFor( "file:/-", null );
permissions.add( new PropertyPermission( "os.name", "read" ) );
permissions.add( new PropertyPermission( "os.arch", "read" ) );
permissions.add( new PropertyPermission( "os.version", "read" ) );
permissions.add( new PropertyPermission( "file.separator", "read" ) );
permissions.add( new PropertyPermission( "path.separator", "read" ) );
permissions.add( new PropertyPermission( "line.separator", "read" ) );
permissions.add( new PropertyPermission( "java.version", "read" ) );
permissions.add( new PropertyPermission( "java.vendor", "read" ) );
permissions.add( new PropertyPermission( "java.vendor.url", "read" ) );
permissions.add( new PropertyPermission( "java.class.version", "read" ) );
permissions.add( new PropertyPermission( "java.vm.version", "read" ) );
permissions.add( new PropertyPermission( "java.vm.vendor", "read" ) );
permissions.add( new PropertyPermission( "java.vm.name", "read" ) );
permissions.add( new PropertyPermission( "java.specification.version",
"read" ) );
permissions.add( new PropertyPermission( "java.specification.vendor", "read"
) );
permissions.add( new PropertyPermission( "java.specification.name", "read" )
);
permissions.add( new PropertyPermission( "java.vm.specification.version",
"read" ) );
permissions.add( new PropertyPermission( "java.vm.specification.vendor",
"read" ) );
permissions.add( new PropertyPermission( "java.vm.specification.name",
"read" ) );
}
protected HashMap configureKeyStores( final Configuration[] configurations )
throws ConfigurationException
{
final HashMap keyStores = new HashMap();
for( int i = 0; i < configurations.length; i++ )
{
final Configuration configuration = configurations[ i ];
final String type = configuration.getAttribute( "type" );
final String location = configuration.getAttribute( "location" );
final String name = configuration.getAttribute( "name" );
try
{
final KeyStore keyStore = KeyStore.getInstance( type );
final URL url = new URL( location );
final InputStream ins = url.openStream();
keyStore.load( ins, null );
keyStores.put( name, keyStore );
}
catch( final Exception e )
{
throw new ConfigurationException( "Error configuring keystore " +
name, e );
}
}
return keyStores;
}
protected void configureGrants( final Configuration[] configurations,
final HashMap keyStores )
throws ConfigurationException
{
for( int i = 0; i < configurations.length; i++ )
{
configureGrant( configurations[ i ], keyStores );
}
}
protected void configureGrant( final Configuration configuration, final HashMap
keyStores )
throws ConfigurationException
{
//<grant signed-by="Fred" code-base="file:${sar.home}/blocks/*"
key-store="foo-keystore">
//<permission class="java.io.FilePermission" target="/tmp/*"
action="read,write" />
//</grant>
final String signedBy = configuration.getAttribute( "signed-by", null );
final String keyStoreName = configuration.getAttribute( "key-store", null );
String codeBase = configuration.getAttribute( "code-base", null );
if( null != codeBase )
{
codeBase = expand( codeBase );
}
final Certificate[] signers = getSigners( signedBy, keyStoreName, keyStores
);
Permissions permissions = null;
try { permissions = createPermissionSetFor( codeBase, signers ); }
catch( final MalformedURLException mue )
{
throw new ConfigurationException( "Malformed code-base " + codeBase, mue
);
}
configurePermissions( configuration.getChildren( "permission" ),
permissions,
keyStores );
}
protected void configurePermissions( final Configuration[] configurations,
final Permissions permissions,
final HashMap keyStores )
throws ConfigurationException
{
for( int i = 0; i < configurations.length; i++ )
{
configurePermission( configurations[ i ], permissions, keyStores );
}
}
protected void configurePermission( final Configuration configuration,
final Permissions permissions,
final HashMap keyStores )
throws ConfigurationException
{
final String type = configuration.getAttribute( "class" );
final String actions = configuration.getAttribute( "actions", null );
final String signedBy = configuration.getAttribute( "signed-by", null );
final String keyStoreName = configuration.getAttribute( "key-store", null );
String target = configuration.getAttribute( "target", null );
if( null != target )
{
target = expand( target );
}
final Certificate[] signers = getSigners( signedBy, keyStoreName, keyStores
);
final Permission permission = createPermission( type, target, actions,
signers );
permissions.add( permission );
}
protected String expand( final String value )
throws ConfigurationException
{
try
{
final Object resolvedValue = PropertyUtil.resolveProperty( value,
m_context, false );
return resolvedValue.toString();
}
catch( final PropertyException pe )
{
throw new ConfigurationException( "Error resolving property " + value,
pe );
}
}
protected Permission createPermission( final String type,
final String target,
final String actions,
final Certificate[] signers )
throws ConfigurationException
{
if( null != signers )
{
return createUnresolvedPermission( type, target, actions, signers );
}
try
{
final Class c = Class.forName( type );
Class paramClasses[] = null;
Object params[] = null;
if( null == actions && null == target )
{
paramClasses = new Class[ 0 ];
params = new Object[ 0 ];
}
else if( null == actions )
{
paramClasses = new Class[1];
paramClasses[0] = String.class;
params = new Object[1];
params[0] = target;
}
else
{
paramClasses = new Class[2];
paramClasses[0] = String.class;
paramClasses[1] = String.class;
params = new Object[2];
params[0] = target;
params[1] = actions;
}
final Constructor constructor = c.getConstructor( paramClasses );
final Object o = constructor.newInstance( params );
return (Permission)o;
}
catch( final ClassNotFoundException cnfe )
{
return createUnresolvedPermission( type, target, actions, signers );
}
catch( final Exception e )
{
throw new ConfigurationException( "Failed to create permission " + type +
" due to " + e, e );
}
}
protected Permission createUnresolvedPermission( final String type,
final String target,
final String actions,
final Certificate[] signers )
{
return new UnresolvedPermission( type, target, actions, signers );
}
protected Certificate[] getSigners( final String signedBy,
String keyStoreName,
final HashMap keyStores )
throws ConfigurationException
{
if( null != signedBy && null == keyStoreName )
{
keyStoreName = "default";
}
Certificate[] signers = null;
if( null != signedBy )
{
signers = getCertificates( signedBy, keyStoreName, keyStores );
}
return signers;
}
protected Certificate[] getCertificates( final String signedBy,
final String keyStoreName,
final HashMap keyStores )
throws ConfigurationException
{
final KeyStore keyStore = (KeyStore)keyStores.get( keyStoreName );
if( null == keyStore )
{
throw new ConfigurationException( "Unable to aquire keyStore " +
keyStoreName );
}
final ArrayList certificateSet = new ArrayList();
final StringTokenizer tokenizer = new StringTokenizer( signedBy, "," );
while( tokenizer.hasMoreTokens() )
{
final String alias = ((String)tokenizer.nextToken()).trim();
Certificate certificate = null;
try { certificate = keyStore.getCertificate( alias ); }
catch( final KeyStoreException kse )
{
throw new ConfigurationException( "Error aquiring certificate " +
alias,
kse );
}
if( null == certificate )
{
throw new ConfigurationException( "Unable to locate alias " + alias +
" in keystore named " +
keyStoreName );
}
if( !certificateSet.contains( certificate ) )
{
if( DEBUG ) getLogger().debug( "Certificate " + certificate );
certificateSet.add( certificate );
}
}
return (Certificate[])certificateSet.toArray( new Certificate[ 0 ] );
}
}
1.1
jakarta-avalon-phoenix/src/java/org/apache/phoenix/engine/facilities/policy/DefaultPolicyManager.java
Index: DefaultPolicyManager.java
===================================================================
/*
* Copyright (C) The Apache Software Foundation. All rights reserved.
*
* This software is published under the terms of the Apache Software License
* version 1.1, a copy of which has been included with this distribution in
* the LICENSE file.
*/
package org.apache.phoenix.engine.facilities.policy;
import java.security.Policy;
import org.apache.avalon.Context;
import org.apache.avalon.Contextualizable;
import org.apache.avalon.DefaultContext;
import org.apache.avalon.Initializable;
import org.apache.avalon.Loggable;
import org.apache.avalon.configuration.Configurable;
import org.apache.avalon.configuration.Configuration;
import org.apache.avalon.configuration.ConfigurationException;
import org.apache.log.Logger;
import org.apache.phoenix.engine.facilities.PolicyManager;
/**
* This facility manages the policy for an application instance.
*
* @author <a href="mailto:[EMAIL PROTECTED]">Peter Donald</a>
*/
public class DefaultPolicyManager
implements PolicyManager, Loggable, Contextualizable, Configurable, Initializable
{
private DefaultPolicy m_policy = new DefaultPolicy();
public void setLogger( final Logger logger )
{
m_policy.setLogger( logger );
}
public void contextualize( final Context context )
{
m_policy.contextualize( context );
}
public void configure( final Configuration configuration )
throws ConfigurationException
{
m_policy.configure( configuration );
}
public void init()
throws Exception
{
m_policy.init();
}
/**
* Get policy for the current application.
*
* @return the Policy
*/
public Policy getPolicy()
{
return m_policy;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
