Author: peter_firmstone Date: Sat Jun 25 10:53:29 2011 New Revision: 1139517
URL: http://svn.apache.org/viewvc?rev=1139517&view=rev Log: concurrent policy Added: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/FileInputStream.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/delegates/FileInputStream.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/FileOutputStream.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/delegates/FileOutputStream.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/loader/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/loader/EndpointCodeSource.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/loader/EndpointCodeSource.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/DefaultEntries.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/DefaultEntries.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java (with props) river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamFilter.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamFilter.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java - copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamUnmarshaller.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/StreamServiceRegistrar.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/StreamServiceRegistrar.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ClassLoadingPermission.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/ClassLoadingPermission.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegatePermission.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/DelegatePermission.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java - copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/Exclusion.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java - copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/InternetSecurityManager.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/PermissionGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/PermissionGrantBuilder.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java (with props) river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokePermission.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokePermission.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java - copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokeableDynamicPolicy.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/util/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/util/Facade.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/util/Facade.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/util/ResultStream.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/util/ResultStream.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/DiscoveryV2ReadUncastResponseTask.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/dos/DiscoveryV2ReadUncastResponseTask.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/IsolatedExecutor.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/dos/IsolatedExecutor.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/IsolationException.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/dos/IsolationException.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/dos/ProxyIsolationHandler.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/dos/ProxyIsolationHandler.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ConcurrentPermissions.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/ConcurrentPermissions.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFile.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/ConcurrentPolicyFile.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java - copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicGrants.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicGrants.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollection.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/MultiReadPermissionCollection.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PermissionPendingResolution.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/PermissionPendingResolution.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PermissionPendingResolutionCollection.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/PermissionPendingResolutionCollection.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PolicyPermission.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/PolicyPermission.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/spi/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/spi/RevokeableDynamicPolicySpi.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/spi/RevokeableDynamicPolicySpi.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/CertificateGrant.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/CertificateGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ClassLoaderGrant.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ClassLoaderGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/CodeSourceGrant.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/CodeSourceGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DefaultPolicyParser.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyScanner.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DefaultPolicyScanner.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java - copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DenyImpl.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Messages.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/Messages.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/NullPolicyParser.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/NullPolicyParser.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PermissionGrantBuilderImp.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/PermissionGrantBuilderImp.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyParser.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/PolicyParser.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/PolicyUtils.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PrincipalGrant.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/PrincipalGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java - copied, changed from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ProtectionDomainGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/UnresolvedPrincipal.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/UnresolvedPrincipal.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/Util.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/Util.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/messages.properties - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/messages.properties river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ConcurrentCollections.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/util/ConcurrentCollections.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ConcurrentSoftMap.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/util/ConcurrentSoftMap.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ConcurrentWeakIdentityMap.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/util/ConcurrentWeakIdentityMap.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/util/ConcurrentWeakMap.java - copied unchanged from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/util/ConcurrentWeakMap.java Removed: river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/io/PackageVersionTest.java Added: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java?rev=1139517&view=auto ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java (added) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java Sat Jun 25 10:53:29 2011 @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.river.api.lookup; + +import java.net.URI; +import java.security.CodeSource; +import net.jini.core.entry.Entry; +import net.jini.core.lookup.ServiceID; +import net.jini.core.lookup.ServiceItem; + +/** + * ServiceItemClasspathSub is intended for client side filtering of lookup + * service results prior to clients using a service, the lookup service + * that implements this class, implements #getServiceItem(), so clients + * can obtain a complete ServiceItem when required after filtering. + * + * ServiceItemClasspathSub extends ServiceItem and can be used anywhere a + * ServiceItem is required for querying or inspecting Entry fields that are + * resolvable from the local classpath. If dynamically downloaded code is + * required, Remote or Serializable object references are not resolved, + * instead, such fields are set to null to avoid codebase download. + * + * ServiceItemClasspathSub inherits all fields from ServiceItem. + * + * Some fields in ServiceItemClasspathSub may be null or fields in Entry's may + * be null or even the service reference may be null, these fields would be + * non-null in a ServiceItem that resolves classes from dynamicly downloaded + * code or a remote codebase. + * + * The serviceID field shall be non-null always. + * + * ServiceItem's toString() method will return a different result for + * ServiceItemClasspathSub instances. + * + * When required, a new ServiceItem that is unmarshalled + * using remote codebases and dynamicly downloaded code can be obtained + * by calling #getServiceItem(). + * + * @author Peter Firmstone. + */ +public abstract class ServiceItemClasspathSub extends ServiceItem{ + private static final long SerialVersionUID = 1L; + protected ServiceItemClasspathSub(ServiceID id, Entry[] unmarshalledEntries){ + super(id, (Object) null, unmarshalledEntries); + } + + /* Default constructor for serializable sub class. + */ + protected ServiceItemClasspathSub(){ + super(null, null, null); + } + /** + * Using remote and local code as required getServiceItem returns a + * new ServiceItem. + * + * The returned ServiceItem must not be an instance of this class. + * + * @return ServiceItem, totally unmarshalled, using remote codebase resources + * in addition to any local classpath or resources. + */ + public abstract ServiceItem getServiceItem(); +} Propchange: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceItemClasspathSub.java ------------------------------------------------------------------------------ svn:eol-style = native Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamUnmarshaller.java) URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamUnmarshaller.java&r1=1137903&r2=1139517&rev=1139517&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/lookup/ServiceResultStreamUnmarshaller.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/lookup/ServiceResultStreamUnmarshaller.java Sat Jun 25 10:53:29 2011 @@ -20,18 +20,18 @@ package org.apache.river.api.lookup; import java.io.IOException; import java.security.CodeSource; -import org.apache.river.api.lookup.ServiceClasspathSubItem; +import org.apache.river.api.lookup.ServiceItemClasspathSub; import org.apache.river.api.util.ResultStream; import net.jini.core.lookup.*; /** * Add this to the ResultStream filter chain * {@link StreamServiceRegistrar#lookup(ServiceTemplate, Class[], int)} - * to getServiceItem any ServiceClasspathSubItem's in the stream, prior to + * to getServiceItem any ServiceItemClasspathSub's in the stream, prior to * proxy verification, or applying constraints. * * @author Peter Firmstone. - * @see ServiceClasspathSubItem. + * @see ServiceItemClasspathSub. * @see StreamServiceRegistrar */ public class ServiceResultStreamUnmarshaller implements ResultStream<ServiceItem> { @@ -50,13 +50,13 @@ public class ServiceResultStreamUnmarsha public ServiceItem get() throws IOException { if (input == null) return null; for(Object item = input.get(); item != null; item = input.get()) { - if (item instanceof ServiceClasspathSubItem){ - ServiceClasspathSubItem msi = (ServiceClasspathSubItem) item; + if (item instanceof ServiceItemClasspathSub){ + ServiceItemClasspathSub msi = (ServiceItemClasspathSub) item; return msi.getServiceItem(); } else if (item instanceof ServiceItem) { return (ServiceItem) item; } - /* If item is not an instanceof ServiceItem or ServiceClasspathSubItem + /* If item is not an instanceof ServiceItem or ServiceItemClasspathSub * it is ignored and the next item in the ResultStream is retrieved. */ }//end item loop Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/Exclusion.java) URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/Exclusion.java&r1=1137903&r2=1139517&rev=1139517&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/Exclusion.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/Exclusion.java Sat Jun 25 10:53:29 2011 @@ -19,11 +19,7 @@ package org.apache.river.api.security; -import java.security.CodeSource; -import java.security.Permission; -import java.security.Principal; import java.security.ProtectionDomain; -import java.security.cert.Certificate; /** * A Exclusion implementation must be immutable, it will be accessed by concurrent @@ -59,37 +55,4 @@ public abstract class Exclusion { * @return */ public abstract boolean excludes(ProtectionDomain pd); - /** - * Checks if this Exclusion excludes a ProtectionDomain, the Principal - * array may be empty but not null. The Principal array is provided - * to avoid needing to create a new ProtectionDomain instance containing - * the array of Principals. - * - * @param pd - * @param p - * @return - */ - public abstract boolean excludes(ProtectionDomain pd, Principal[] p); - /** - * Checks if this Exclusion excludes a ClassLoader domain, with an - * array of Principals - * @param cl - * @param p - * @return - */ - public abstract boolean excludes(ClassLoader cl, Principal[] p); - /** - * Checks if the exclusions excludes a CodeSource and array of Principals - * @param cs - * @param p - * @return - */ - public abstract boolean excludes(CodeSource cs, Principal[] p); - /** - * Checks if the exclusion excludes an array of Certificats and Principals. - * @param c - * @param p - * @return - */ - public abstract boolean excludes(Certificate[] c, Principal[] p); } Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/InternetSecurityManager.java) URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/InternetSecurityManager.java&r1=1137903&r2=1139517&rev=1139517&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/InternetSecurityManager.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java Sat Jun 25 10:53:29 2011 @@ -31,14 +31,11 @@ import java.util.Iterator; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; -import java.util.concurrent.ExecutionException; -import java.util.concurrent.locks.Lock; -import java.util.concurrent.locks.ReadWriteLock; -import java.util.concurrent.locks.ReentrantReadWriteLock; import java.util.logging.Level; import java.util.logging.Logger; import org.apache.river.impl.util.ConcurrentCollections; import org.apache.river.impl.util.ConcurrentSoftMap; +import org.apache.river.impl.util.ConcurrentWeakMap; /** * The InternetSecurityManager provides cached permission check results and @@ -102,7 +99,7 @@ public class InternetSecurityManager ext * @throws java.util.concurrent.ExecutionException */ - public void clearFromCache(Set<Permission> perms) throws InterruptedException, ExecutionException{ + public void clearFromCache(Set<Permission> perms) throws SecurityException { g.checkGuard(this); // wl.lock(); // try { Added: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java?rev=1139517&view=auto ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java (added) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java Sat Jun 25 10:53:29 2011 @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.river.api.security; + +import java.io.IOException; +import java.util.List; +import net.jini.security.GrantPermission; +import net.jini.security.policy.UmbrellaGrantPermission; + +/** + * This policy, in addition to any local policy provider, allows a network djinn + * administrator to provide a list of PermissionGrant's, from a single or + * replicated remote location, distributed to all nodes in a djinn that + * administrator is responsible for, every time the administrator updates + * his network policy, he can use a RemoteEvent notification system to update + * all client node policies. + * + * This is implemented at the client, the list of PermissionGrant's provided, + * will replace any existing RemotePolicy permissions. This allows the administrator + * to replace or replicate his network security policy, the client can switch to + * any other network security policy advisory service. + * + * It is essential that the policy service authenticate as an administrator + * subject over a secure endpoint. + * + * RemotePolicy, if it encapsulates an underlying RemotePolicy, does not + * delegate updates to the underlying RemotePolicy, this is in case an + * implementer wants a number of different layers of RemotePolicy, where + * each layer represents a different administrator role or responsiblity. + * The administrator's subject must hold the necessary permissionss in order + * to grant them, including RuntimePermission("getProtectionDomain"). + * + * @author Peter Firmstone + * @see GrantPermission + * @see UmbrellaGrantPermission + */ +public interface RemotePolicy { + /** + * Provides a list of policies, provided by a remote policy advisory + * service, this list replaces any existing list, it is defensively copied. + * + * @param policyPermissions + * @throws java.io.IOException + */ + public void update(List<PermissionGrant> policyPermissions) throws IOException; +} Propchange: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java ------------------------------------------------------------------------------ svn:eol-style = native Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokeableDynamicPolicy.java) URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokeableDynamicPolicy.java&r1=1137903&r2=1139517&rev=1139517&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/api/security/RevokeableDynamicPolicy.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java Sat Jun 25 10:53:29 2011 @@ -19,7 +19,9 @@ package org.apache.river.api.security; import java.security.Permission; +import java.security.Principal; import java.util.List; +import net.jini.security.policy.DynamicPolicy; /** * <p> @@ -46,7 +48,8 @@ import java.util.List; * it protects, a new Permission class must be implemented, for the Delegate's * use, in a checkPermission call, to protect access to the underlying * object's method. If an existing JVM Permission guards the underlying object, - * the delegate needs to be given the standard JVM Permission. + * the delegate needs to be given the standard JVM Permission. DelegatePermission + * has been created for the purpose of encapsulating an existing Permission. * </p><p> * The ability to revoke a Permission fully is intended for smart proxy's to * be given some trust temporarily, so that objects recieved from the smart proxy @@ -69,37 +72,28 @@ import java.util.List; * @see java.security.AccessControlContext * @see java.security.Permission * @see PermissionGrant + * @see DelegatePermission */ -public interface RevokeableDynamicPolicy { +public interface RevokeableDynamicPolicy extends DynamicPolicy { /** - * Grant Permission's as specified in a List of PermissionGrant's - * which can be added by concurrent threads. + * Revoke, removes all DynamicPolicy grants specific to the classLoader of + * the class passed in. This is for removing dynamic grant's from proxy's. * - * @param grants - */ - public void grant(List<PermissionGrant> grants); - /** - * Revoke, only removes any PermissionGrant's that are identical, typically - * a List of Grant's is obtained by getPermssionGrant's which can be - * manipulated and investigated, any that are undesirable should be passed - * to revoke. - * - * Revokes can only be performed synchronuously with other Revokes. + * Caveat: Not all Permission's once granted can be revoked. When a Permission + * is checked, prior to passing a reference to a caller, that reference + * has escaped any further Permission checks, meaning that the Permission + * cannot be revoked for the caller holding a reference. * - * @param grants - * @throws java.lang.Exception if revoke unsuccessful. - */ - public void revoke(List<PermissionGrant> grants) throws Exception; - /** - * Get a List copy of the current PermissionGrant's in force. - * @return + * @param cl + * @return Array of Permission's that have been revoked, the caller should + * check to see if any of these allow references to escape, in which case + * the proxy still has the functionality the Permission is supposed to + * protect against. */ - public List<PermissionGrant> getPermissionGrants(); + public Permission[] revoke(Class cl, Principal[] principals); /** * - * @return true if Revoke supported. + * @return true - If Revoke supported by underlying policy. */ public boolean revokeSupported(); - - public PermissionGrantBuilder getGrantBuilder(); } Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java) URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java&r1=1137903&r2=1139517&rev=1139517&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java Sat Jun 25 10:53:29 2011 @@ -2,6 +2,8 @@ package org.apache.river.impl.security.policy.se; +import java.io.IOException; +import java.util.concurrent.ExecutionException; import org.apache.river.api.security.InternetSecurityManager; import java.security.AccessController; import java.security.AllPermission; @@ -37,6 +39,7 @@ import net.jini.security.policy.Umbrella import org.apache.river.api.security.PermissionGrant; import org.apache.river.impl.security.policy.spi.RevokeableDynamicPolicySpi; import org.apache.river.api.security.PermissionGrantBuilder; +import org.apache.river.api.security.RemotePolicy; import org.apache.river.api.security.RevokePermission; import org.apache.river.api.security.RevokeableDynamicPolicy; import org.apache.river.impl.security.policy.util.PermissionGrantBuilderImp; @@ -131,7 +134,8 @@ import org.apache.river.impl.util.Concur * @see ConcurrentPermissionCollection */ -public class DynamicConcurrentPolicyProvider implements RevokeableDynamicPolicySpi { +public class DynamicConcurrentPolicyProvider implements RemotePolicy, + RevokeableDynamicPolicy { private static final ProtectionDomain sysDomain = AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() { public ProtectionDomain run() { return Object.class.getProtectionDomain(); } @@ -143,13 +147,14 @@ public class DynamicConcurrentPolicyProv * Local methods must first copy the reference before using the array in * loops etc in case the reference is updated. */ - private volatile PermissionGrant[] pGrants; + private volatile PermissionGrant[] remotePolicyGrants; // Write protected by grantLock. /* This lock protects adding and removal of PermissionGrant's*/ private final Object grantLock; - private final Collection<DynamicGrants> dynamicGrants; private volatile Policy basePolicy; // effectively final looks after its own sync private final ConcurrentMap<ProtectionDomain, PermissionCollection> cache; private final ConcurrentMap<PermissionGrant, Permission[]> grantCache; + // DynamicPolicy grant's for Proxy's. + private final Collection<PermissionGrant> dynamicPolicyGrants; private volatile boolean basePolicyIsDynamic; // Don't use cache if true. private volatile boolean revokeable; private volatile boolean initialized = false; @@ -163,11 +168,13 @@ public class DynamicConcurrentPolicyProv public DynamicConcurrentPolicyProvider(){ - pGrants = new PermissionGrant[0]; + dynamicPolicyGrants = ConcurrentCollections.multiReadCollection( + new ArrayList<PermissionGrant>(120)); + + remotePolicyGrants = new PermissionGrant[0]; basePolicy = null; - cache = new ConcurrentWeakIdentityMap<ProtectionDomain, PermissionCollection>(); - grantCache = new ConcurrentWeakIdentityMap<PermissionGrant, Permission[]>(); - dynamicGrants = ConcurrentCollections.multiReadCollection(new ArrayList<DynamicGrants>()); + cache = new ConcurrentWeakIdentityMap<ProtectionDomain, PermissionCollection>(120); + grantCache = new ConcurrentWeakIdentityMap<PermissionGrant, Permission[]>(60); basePolicyIsDynamic = false; revokeable = true; logger = Logger.getLogger("net.jini.security.policy"); @@ -237,16 +244,6 @@ public class DynamicConcurrentPolicyProv return revokeable; } - public Provider getProvider() { - if (initialized == false) throw new RuntimeException("Object not initialized"); - throw new UnsupportedOperationException("Not supported yet."); - } - - public String getType() { - if (initialized == false) throw new RuntimeException("Object not initialized"); - throw new UnsupportedOperationException("Not supported yet."); - } - public PermissionCollection getPermissions(CodeSource codesource) { if (initialized == false) throw new RuntimeException("Object not initialized"); /* It is extremely important that dynamic grant's are not returned, @@ -270,7 +267,7 @@ public class DynamicConcurrentPolicyProv * container. */ PermissionCollection pc = basePolicy.getPermissions(domain); - PermissionGrant [] grantsRefCopy = pGrants; // Interim updates not seen. + PermissionGrant [] grantsRefCopy = remotePolicyGrants; // Interim updates not seen. int l = grantsRefCopy.length; for ( int i = 0; i < l; i++ ){ if ( grantsRefCopy[i].implies(domain) ){ @@ -345,7 +342,7 @@ public class DynamicConcurrentPolicyProv if ( existed != null ){ pc = existed; } - expandUmbrella(pc); // We need to avoid using PolicyFileProvider + expandUmbrella(pc); // We need to avoid using PolicyFileProvider as grants from it are not revokable. if ( pc.implies(permission)) return true; } // Once we get to here pc is definitely not null and we have the @@ -355,8 +352,8 @@ public class DynamicConcurrentPolicyProv // ": Base policy is not dynamic and returned false" ); // } // If the base policy doesn't imply a Permission then we should check for dynamic grants - Collection<Permission> dynamicallyGrantedPermissions = new HashSet<Permission>(pGrants.length); - PermissionGrant[] grantsRefCopy = pGrants; // In case the grants volatile reference is updated. + Collection<Permission> dynamicallyGrantedPermissions = new HashSet<Permission>(120); + PermissionGrant[] grantsRefCopy = remotePolicyGrants; // In case the grants volatile reference is updated. int l = grantsRefCopy.length; for ( int i = 0; i < l; i++){ if (grantsRefCopy[i].implies(domain)) { @@ -365,6 +362,13 @@ public class DynamicConcurrentPolicyProv dynamicallyGrantedPermissions.addAll(Arrays.asList(perms)); } } + Iterator<PermissionGrant> grants = dynamicPolicyGrants.iterator(); + while (grants.hasNext()){ + PermissionGrant g = grants.next(); + if (g.implies(domain)){ + dynamicallyGrantedPermissions.addAll(g.getPermissions()); + } + } // if (loggable) { // logger.log(Level.FINEST, "Grants: " + dynamicallyGrantedPermissions.toString()); // } @@ -399,16 +403,16 @@ public class DynamicConcurrentPolicyProv // Clean up any void grants. synchronized (grantLock) { // This lock doesn't stop reads to grants only other volatile reference updates. - // Manipulating, alterations (writes) to the pGrants array is prohibited. - int l = pGrants.length; + // Manipulating, alterations (writes) to the remotePolicyGrants array is prohibited. + int l = remotePolicyGrants.length; ArrayList<PermissionGrant> grantHolder = new ArrayList<PermissionGrant>(l); for ( int i = 0; i < l; i++ ){ - if ( pGrants[i].isVoid(null)) continue; - grantHolder.add(pGrants[i]); + if ( remotePolicyGrants[i].isVoid(null)) continue; + grantHolder.add(remotePolicyGrants[i]); } PermissionGrant[] remaining = new PermissionGrant[grantHolder.size()]; - pGrants = grantHolder.toArray(remaining); // Volatile reference update. + remotePolicyGrants = grantHolder.toArray(remaining); // Volatile reference update. } ensureDependenciesResolved(); } @@ -439,7 +443,7 @@ public class DynamicConcurrentPolicyProv dp.grant(cl, principals, permissions); return; } - AccessController.checkPermission(new GrantPermission(permissions)); + sm.checkPermission(new GrantPermission(permissions)); PermissionGrantBuilder pgb = new PermissionGrantBuilderImp(); PermissionGrant pe = pgb.clazz(cl).principals(principals) .permissions(permissions) @@ -448,9 +452,7 @@ public class DynamicConcurrentPolicyProv // We built this grant it's safe to trust. grantCache.put(pe, permissions); // Replace any existing too. // This grant is new, in the grantCache and we trust it. - List<PermissionGrant> l = new ArrayList<PermissionGrant>(1); - l.add(pe); - processGrants(l); + dynamicPolicyGrants.add(pe); if (loggable){ logger.log(Level.FINEST, "Granting: " + pe.toString()); } @@ -471,20 +473,52 @@ public class DynamicConcurrentPolicyProv principals = principals.clone(); checkNullElements(principals); } - Collection<Permission> cperms = new HashSet<Permission>(pGrants.length); - PermissionGrant [] grantsRefCopy = pGrants; // Interim updates not seen. - int l = grantsRefCopy.length; - for ( int i = 0; i < l; i++ ){ - if ( grantsRefCopy[i].implies(loader, principals) ){ + Collection<Permission> dPerms = new HashSet<Permission>(); + Iterator<PermissionGrant> grants = dynamicPolicyGrants.iterator(); + while ( grants.hasNext()){ + PermissionGrant g = grants.next(); + if ( g.implies(loader, principals) ){ // Only use the trusted grantCache. - Permission[] perm = grantCache.get(grantsRefCopy[i]); - cperms.addAll(Arrays.asList(perm)); + dPerms.addAll(g.getPermissions()); } - } - - Permission[] perms = cperms.toArray(new Permission[cperms.size()]); + } + Permission[] perms = dPerms.toArray(new Permission[dPerms.size()]); return perms; } + + public Permission[] revoke(Class cl, Principal[] principals) { + if (initialized == false) throw new RuntimeException("Object not initialized"); + g.checkGuard(null); + if (basePolicyIsDynamic && revokeable){ + RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy; + return bp.revoke(cl, principals); + } + ClassLoader loader = null; + if( cl != null ) { + loader = cl.getClassLoader(); + } + // defensive copy array + if (principals != null && principals.length > 0) { + principals = principals.clone(); + checkNullElements(principals); + } + HashSet<Permission> removed = new HashSet<Permission>(); + Iterator<PermissionGrant> grants = dynamicPolicyGrants.iterator(); + while ( grants.hasNext()){ + PermissionGrant g = grants.next(); + if ( g.implies(loader, principals) ){ + // Only use the trusted grantCache. + removed.addAll(g.getPermissions()); + grants.remove(); + } + } + // Unfortunately this is quite expensive, but we don't know which ProtectionDomains a ClassLoader references. + cache.clear(); + if (sm instanceof InternetSecurityManager) { + ((InternetSecurityManager) sm).clearFromCache(removed); + } + return removed.toArray(new Permission[removed.size()]); + } private static void checkNullElements(Object[] array) { int l = array.length; @@ -495,17 +529,13 @@ public class DynamicConcurrentPolicyProv } } - public void grant(List<PermissionGrant> grants) { + public void update(List<PermissionGrant> grants) throws IOException { if (initialized == false) throw new RuntimeException("Object not initialized"); // because PermissionGrant's are given references to ProtectionDomain's // we must check the caller has this permission. - AccessController.checkPermission(new RuntimePermission("getProtectionDomain")); - if ( basePolicyIsDynamic && revokeable){ - RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy; - bp.grant(grants); - return; - } - grantCache.putAll(checkGrants(grants)); + sm.checkPermission(new RuntimePermission("getProtectionDomain")); + // Delegating to the underlying policy is not supported. + grantCache.putAll(checkGrants(grants)); // Fails if SecurityException // If we get to here, the caller has permission. processGrants(grants); } @@ -546,80 +576,39 @@ public class DynamicConcurrentPolicyProv * been provided for this purpose, then prior to calling this method, * the PermissionGrant's must be added to the grantsCache. * - * processGrants places the PermissionGrant's in the pGrants array. It is - * recommended that only this method be used to update the pGrants + * processGrants places the PermissionGrant's in the remotePolicyGrants array. It is + * recommended that only this method be used to update the remotePolicyGrants * reference. * * @param grants */ private void processGrants(Collection<PermissionGrant> grants) { - // This is slightly naughty calling a pGrants method, however if it + // This is slightly naughty calling a remotePolicyGrants method, however if it // changes between now and gaining the lock, only the length of the // HashSet is potentially not optimal, keeping the HashSet creation // outside of the lock reduces the lock held duration. HashSet<PermissionGrant> holder - = new HashSet<PermissionGrant>(grants.size() + pGrants.length); + = new HashSet<PermissionGrant>(grants.size()); holder.addAll(grants); - synchronized (grantLock) { - int l = pGrants.length; - for ( int i = 0; i < l; i++ ){ - if (pGrants[i].isVoid(null)) continue; - holder.add(pGrants[i]); - } + PermissionGrant[] old = null; + synchronized (grantLock) { + old = remotePolicyGrants; PermissionGrant[] updated = new PermissionGrant[holder.size()]; - pGrants = holder.toArray(updated); + remotePolicyGrants = holder.toArray(updated); } - } - - public void revoke(List<PermissionGrant> grants) throws Exception { - if (initialized == false) throw new RuntimeException("Object not initialized"); - g.checkGuard(this); - if (basePolicyIsDynamic && revokeable){ - RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy; - bp.revoke(grants); - return; + cache.clear(); + Collection<PermissionGrant> oldGrants = new HashSet<PermissionGrant>(old.length); + oldGrants.addAll(Arrays.asList(old)); + oldGrants.removeAll(holder); + Set<Permission> removed = new HashSet<Permission>(120); + Iterator<PermissionGrant> rgi = oldGrants.iterator(); + while (rgi.hasNext()){ + PermissionGrant g = rgi.next(); + removed.addAll(g.getPermissions()); } - HashSet<Permission> removed = new HashSet<Permission>(); - HashSet<PermissionGrant> holder = new HashSet<PermissionGrant>(pGrants.length); - synchronized (grantLock){ - int l = pGrants.length; - for (int i = 0; i < l; i++){ - if (pGrants[i].isVoid(null) || grants.contains(pGrants[i])) { - // should we consider removing from grantCache? - // For now we just let GC clean it up. - Permission [] perms = grantCache.get(pGrants[i]); - int len = perms.length; - for ( int c =0; c < len ; c++ ){ - removed.add(perms[c]); - } - continue; - } - holder.add(pGrants[i]); - } - PermissionGrant[] updated = new PermissionGrant[holder.size()]; - pGrants = holder.toArray(updated); - if (sm instanceof InternetSecurityManager) { - ((InternetSecurityManager) sm).clearFromCache(removed); - } - } - } - - public List<PermissionGrant> getPermissionGrants() { - if (initialized == false) throw new RuntimeException("Object not initialized"); - if ( basePolicyIsDynamic && revokeable){ - RevokeableDynamicPolicy bp = (RevokeableDynamicPolicy) basePolicy; - return bp.getPermissionGrants(); + if (sm instanceof InternetSecurityManager) { + ((InternetSecurityManager) sm).clearFromCache(removed); } - ArrayList<PermissionGrant> grants; - PermissionGrant[] grantRefCopy = pGrants; // A local reference copy. - int l = grantRefCopy.length; - grants = new ArrayList<PermissionGrant>(l); - grants.addAll(Arrays.asList(grantRefCopy)); - return grants; + // oldGrants now only has the grants which have been removed. } - - public PermissionGrantBuilder getGrantBuilder() { - return new PermissionGrantBuilderImp(); - } - } Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DenyImpl.java) URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DenyImpl.java&r1=1137903&r2=1139517&rev=1139517&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/DenyImpl.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DenyImpl.java Sat Jun 25 10:53:29 2011 @@ -51,7 +51,7 @@ import org.apache.river.impl.security.po * * @author Peter Firmstone */ -public class DenyImpl implements Exclusion { +public abstract class DenyImpl extends Exclusion { private final List<URL> uri; private final List<CodeSource> code; Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java (from r1137903, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ProtectionDomainGrant.java) URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ProtectionDomainGrant.java&r1=1137903&r2=1139517&rev=1139517&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/river/impl/security/policy/util/ProtectionDomainGrant.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/ProtectionDomainGrant.java Sat Jun 25 10:53:29 2011 @@ -24,9 +24,6 @@ import java.security.CodeSource; import java.security.Permission; import java.security.Principal; import java.security.ProtectionDomain; -import java.security.cert.Certificate; -import java.util.Arrays; -import java.util.List; import org.apache.river.api.security.Exclusion; /**
