Author: peter_firmstone Date: Mon Aug 1 00:00:07 2011 New Revision: 1152664
URL: http://svn.apache.org/viewvc?rev=1152664&view=rev Log: Changes necessary to compile Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java?rev=1152664&r1=1152663&r2=1152664&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java Mon Aug 1 00:00:07 2011 @@ -39,17 +39,17 @@ public class NameServiceImpl implements } - public InetAddress[] lookupAllHostAddr(String host) + public byte[][] lookupAllHostAddr(String host) throws UnknownHostException { if (host.equalsIgnoreCase(testClient)) { - return ( new InetAddress[] - { InetAddress.getByAddress(addr1), - InetAddress.getByAddress(addr2), - InetAddress.getByAddress(localhostAddr) } ); + return ( new byte [][] + { InetAddress.getByAddress(addr1).getAddress(), + InetAddress.getByAddress(addr2).getAddress(), + InetAddress.getByAddress(localhostAddr).getAddress() } ); } else if (host.equalsIgnoreCase(localhost)) { - return ( new InetAddress[] - { InetAddress.getByAddress(localhostAddr) } ); + return ( new byte[][] + { InetAddress.getByAddress(localhostAddr).getAddress() } ); } else { throw new UnknownHostException(host); } Modified: river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java?rev=1152664&r1=1152663&r2=1152664&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/com/sun/jini/outrigger/FastList.java Mon Aug 1 00:00:07 2011 @@ -75,12 +75,12 @@ class FastList<T extends FastList.Node> * checked without synchronization to skip work of the Node is reported * as removed. Transitions only from false to true. */ - private volatile boolean removed; + volatile boolean removed; /** * This node does not need to be shown to scans with index greater than * or equal to this index. */ - private volatile long index; + volatile long index; /** * null until the node is added to a list, then a reference to the list. @@ -88,7 +88,7 @@ class FastList<T extends FastList.Node> * removed from the list to which it was added. Protected by * synchronization on the node. */ - private FastList<?> list; + volatile FastList<?> list; /** * Remove this node from its list. @@ -96,7 +96,7 @@ class FastList<T extends FastList.Node> * @return true if this node has never previously been removed, false if * it has already been removed. */ - private synchronized boolean remove() { + synchronized boolean remove() { if (removed) { return false; } Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java?rev=1152664&r1=1152663&r2=1152664&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java Mon Aug 1 00:00:07 2011 @@ -157,6 +157,7 @@ public class DynamicConcurrentPolicyProv private final Collection<PermissionGrant> dynamicPolicyGrants; private volatile boolean basePolicyIsDynamic; // Don't use cache if true. private volatile boolean revokeable; + private volatile boolean basePolicyIsRemote; private volatile boolean initialized = false; private Logger logger; private volatile boolean loggable; @@ -299,9 +300,9 @@ public class DynamicConcurrentPolicyProv public boolean implies(ProtectionDomain domain, Permission permission) { if (initialized == false) throw new RuntimeException("Object not initialized"); - if (basePolicyIsDynamic){ - // Total delegation revoke and exclude supported only by underlying policy. - return basePolicy.implies(domain, permission); + if (basePolicyIsDynamic || basePolicyIsRemote){ + // Total delegation revoke supported only by underlying policy. + if (basePolicy.implies(domain, permission)) return true; } if (permission == null) throw new NullPointerException("permission not allowed to be null"); // First check our cache if the basePolicy is not dynamic. @@ -530,6 +531,17 @@ public class DynamicConcurrentPolicyProv } public void update(List<PermissionGrant> grants) throws IOException { + /* If the base policy is also remote, each will manage their own + * permissions, so we do not delegate to the underlying policy. + * Any underlying local policy file permissions should be propagated up + * into each policy, which means there will be duplication of some + * policy information. + * It seems logical in the case of multiple remote policies that each + * could be the responsiblity of a different administrator. If these + * separate policy's were to be combined, there may be some cases + * where two permissions combined also implied a third permission, that + * neither administrator intended to grant. + */ if (initialized == false) throw new RuntimeException("Object not initialized"); // because PermissionGrant's are given references to ProtectionDomain's // we must check the caller has this permission.
