Author: peter_firmstone Date: Wed Aug 17 06:18:09 2011 New Revision: 1158535
URL: http://svn.apache.org/viewvc?rev=1158535&view=rev Log: Refactoring to make new policy behaviour identical to com.sun.provider.PolicyFile. Added: river/jtsk/skunk/peterConcurrentPolicy/qa/tmp (with props) river/jtsk/skunk/peterConcurrentPolicy/qa_test_baseline.txt (with props) river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/ConcurrentPermissions.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ConcurrentPermissions.java river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/MultiReadPermissionCollection.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollection.java river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolution.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PermissionPendingResolution.java river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/PermissionPendingResolutionCollection.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PermissionPendingResolutionCollection.java river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/ConcurrentPolicyFile.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFile.java river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/DynamicPolicyProvider.java - copied, changed from r1153103, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java (with props) river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateReflectionSecurityManager.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateSecurityManager.java (with props) river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RemotePolicy.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RevokeableDynamicPolicy.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/ConcurrentPermissionsTest.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPermissionsTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/MultiReadPermissionCollectionTest.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollectionTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/Permissions_ImplTest.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/Permissions_ImplTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/ConcurrentPolicyFileTest.java - copied, changed from r1153103, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFileTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/PermissionCollectionTest.java - copied, changed from r1153098, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/PermissionCollectionTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/CodeSourceGrantTest.java (with props) river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/DelegateCombinerSecurityManagerTest.java (with props) Removed: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ConcurrentPermissions.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFile.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/DynamicConcurrentPolicyProvider.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollection.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PermissionPendingResolution.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PermissionPendingResolutionCollection.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/se/PolicyPermission.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPermissionsTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFileTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollectionTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/PermissionCollectionTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/Permissions_ImplTest.java Modified: river/jtsk/skunk/peterConcurrentPolicy/build.xml river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MasterTest.java river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/resources/qaDefaults.properties river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/id/uuid/ConstructorAccessorTest.td river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/RefreshNoPrincipal.td river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructor.java river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/policyProviderGrant01.policy river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/BasicGrants.td river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/SecurityExceptionConstructor.java river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/securityprovider.properties river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/security/security/security.policy river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/GrantPermission.java river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/Security.java river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/DelegatePermission.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/FileInputStream.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/delegates/FileOutputStream.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CertificateGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ClassLoaderGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/CodeSourceGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PrincipalGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ProtectionDomainGrant.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/GrantPermissionTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PermissionGrantTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PrincipalGrantTest.java river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java Modified: river/jtsk/skunk/peterConcurrentPolicy/build.xml URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/build.xml?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/build.xml (original) +++ river/jtsk/skunk/peterConcurrentPolicy/build.xml Wed Aug 17 06:18:09 2011 @@ -740,7 +740,7 @@ <arg value="com.sun.jini.tool.DebugDynamicPolicyProvider"/> <arg value="com.sun.jini.tool.ProfilingSecurityManager"/> </classdep> - <jar destfile="${lib.dir}/jsk-debug-policy.jar" + <jar destfile="${lib-ext.dir}/jsk-debug-policy.jar" index="false" manifest="${src.manifest.dir}/jsk-debug-policy.mf"> <fileset dir="${build.classes.dir}" includesfile="${jsk-debug-policy.deps}"/> @@ -844,6 +844,7 @@ <arg value="-files"/> <arg line="-in com.sun.jini"/> <arg line="-in net.jini"/> + <arg line="-in org.apache.river"/> <arg path="${build.classes.dir}/net/jini/activation"/> <arg path="${build.classes.dir}/net/jini/config"/> <arg path="${build.classes.dir}/net/jini/constraint"/> @@ -914,8 +915,10 @@ <arg value="-files"/> <arg value="net.jini.security.policy.DynamicPolicyProvider"/> <arg value="net.jini.security.policy.PolicyFileProvider"/> + <arg value="net.jini.security.policy.ConcurrentPolicyFile"/> <arg line="-in com.sun.jini"/> <arg line="-in net.jini"/> + <arg line="-in org.apache.river"/> </classdep> <jar destfile="${lib-ext.dir}/jsk-policy.jar" index="false"> Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/build.xml Wed Aug 17 06:18:09 2011 @@ -263,7 +263,7 @@ <!--Note these arguments only apply to the qa harness, they aren't propagated to client test jvm's to do that you must set the global or client vm args in the file: - src/com/sun/jini/resources/qaDefaults.properties--> + src/com/sun/jini/qa/resources/qaDefaults.properties--> <!-- JDK extension directories (include our lib-ext dirs, for the custom policy providers) --> <!--<jvmarg value="-Xbootclasspath/a:${river-ext.lib-dir}"/>--> <jvmarg value="-Djava.ext.dirs=${ext.dirs}"/> Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/harness/policy/defaulttest.policy Wed Aug 17 06:18:09 2011 @@ -66,6 +66,8 @@ grant { permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.util"; + permission java.io.FilePermission "${com.sun.jini.jsk.home}${/}lib${/}-", "read"; Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MasterTest.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MasterTest.java?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MasterTest.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/harness/MasterTest.java Wed Aug 17 06:18:09 2011 @@ -82,7 +82,7 @@ class MasterTest { origErr = System.err; System.setErr(System.out); logger.log(Level.FINE, "Starting MasterTest"); - if (System.getSecurityManager() == null) { + if (System.getSecurityManager() == null) { System.setSecurityManager(new java.rmi.RMISecurityManager()); // System.setSecurityManager(new ProfilingSecurityManager()); } Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/resources/qaDefaults.properties URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/resources/qaDefaults.properties?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/resources/qaDefaults.properties (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/qa/resources/qaDefaults.properties Wed Aug 17 06:18:09 2011 @@ -215,6 +215,8 @@ com.sun.jini.qa.harness.actdeathdelay=5 # -Djava.security.debug=access:failure,\ # -Djava.security.manager=com.sun.jini.tool.ProfilingSecurityManager,\ # -Dpolicy.provider=net.jini.security.policy.DynamicPolicyProvider,\ +# -Djava.security.manager=java.rmi.RMISecurityManager,\ + # no cosmetic whitespace com.sun.jini.qa.harness.globalvmargs=\ Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java Wed Aug 17 06:18:09 2011 @@ -39,17 +39,25 @@ public class NameServiceImpl implements } - public byte[][] lookupAllHostAddr(String host) +// public byte [][] lookupAllHostAddr(String host) + public InetAddress [] lookupAllHostAddr(String host) throws UnknownHostException { if (host.equalsIgnoreCase(testClient)) { - return ( new byte [][] - { InetAddress.getByAddress(addr1).getAddress(), - InetAddress.getByAddress(addr2).getAddress(), - InetAddress.getByAddress(localhostAddr).getAddress() } ); +// return ( new byte [][] +// { InetAddress.getByAddress(addr1).getAddress(), +// InetAddress.getByAddress(addr2).getAddress(), +// InetAddress.getByAddress(localhostAddr).getAddress() + return (new InetAddress []{ + InetAddress.getByAddress(addr1), + InetAddress.getByAddress(addr2), + InetAddress.getByAddress(localhostAddr) + }); } else if (host.equalsIgnoreCase(localhost)) { - return ( new byte[][] - { InetAddress.getByAddress(localhostAddr).getAddress() } ); + return +// ( new byte[][] { InetAddress.getByAddress(localhostAddr).getAddress() + (new InetAddress [] { InetAddress.getByAddress(localhostAddr) + }); } else { throw new UnknownHostException(host); } Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.java Wed Aug 17 06:18:09 2011 @@ -32,6 +32,10 @@ import java.util.Collections; import com.sun.jini.qa.harness.QATest; import com.sun.jini.qa.harness.QAConfig; import com.sun.jini.qa.harness.TestException; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Set; +import org.apache.river.api.security.policy.RevokeableDynamicPolicy; public class LoaderSplitPolicyProviderTest extends QATest { private String ldrPolicyFile; @@ -146,7 +150,7 @@ public class LoaderSplitPolicyProviderTe throw new TestException("Does not satisfy implies conditions for " + perm + "."); } - + if (!contains(pol.getPermissions(myPd), perm) || contains(pol.getPermissions(fooPd), perm) || contains(pol.getPermissions(barPd), perm) || @@ -212,7 +216,22 @@ public class LoaderSplitPolicyProviderTe } } + /* + * Dynamic policy no longer returns the permission directly, instead + * it encapsulates it in a container Permission that implies nothing, + * it is useful for debugging only since it delegates toString() + * to the encapsulated Permission. + * + * Dynamic policy does this to prevent the Permission becoming merged + * in the ProtectionDomain. + */ static boolean contains(PermissionCollection pc, Permission p) { - return Collections.list(pc.elements()).contains(p); +// return Collections.list(pc.elements()).contains(p); + Set<String> perms = new HashSet<String>(); + Enumeration<Permission> e = pc.elements(); + while (e.hasMoreElements()){ + perms.add(e.nextElement().toString()); + } + return perms.contains(p.toString()); } } Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/id/uuid/ConstructorAccessorTest.td URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/id/uuid/ConstructorAccessorTest.td?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/id/uuid/ConstructorAccessorTest.td (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/id/uuid/ConstructorAccessorTest.td Wed Aug 17 06:18:09 2011 @@ -2,3 +2,4 @@ testClass=ConstructorAccessorTest testCategories=id,id_spec com.sun.jini.qa.harness.runkitserver=false com.sun.jini.qa.harness.runjiniserver=false +#testjvmargs=-Djava.security.manager=com.sun.jini.tool.ProfilingSecurityManager Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/DynamicPolicyProviderTestBase.java Wed Aug 17 06:18:09 2011 @@ -347,13 +347,19 @@ public abstract class DynamicPolicyProvi * * @param pd the ProtectionDomain or null. * @param p permissions granted earlier or null. + * @param dynamicallyGranted This indicates that these permissions + * have been dynamically granted. + * If the policy being tested supports revoking + * permissions, dynamically granted permissions passed in must not be present, as this + * will remove the ability to revoke the permissions as they will become + * merged into the PermissionDomain's cached PermissionCollection. * @param msg string to format log message. * * @throws TestException if failed * */ protected void callGetPermissions(ProtectionDomain pd, Permission[] p, - String msg) throws TestException { + boolean dynamicallyGranted, String msg) throws TestException { // Returned permissions. PermissionCollection pReturned = null; @@ -372,7 +378,18 @@ public abstract class DynamicPolicyProvi throw new TestException(Util.fail(msg, SNULL, "PermissionCollection")); } - + if ( dynamicallyGranted && policy.revokeSupported()){ + for (int i = 0; i < p.length; i++) { + if (pReturned.implies(p[i])) { + String prm = p[i].toString(); + String exp = "PermissionCollection does not contain " + prm; + String ret = "PermissionCollection contains " + prm; + throw new TestException(Util.fail(msg, ret, exp)); + } + } + logger.log(Level.FINE, Util.pass(msg, "permission(s) not present")); + return; + } for (int i = 0; i < p.length; i++) { if (!pReturned.implies(p[i])) { String prm = p[i].toString(); @@ -396,8 +413,8 @@ public abstract class DynamicPolicyProvi * @throws TestException if failed * */ - protected void callGetPermissions(CodeSource cs, Permission[] p, String msg) - throws TestException { + protected void callGetPermissions(CodeSource cs, Permission[] p, + boolean dynamicallyGranted, String msg) throws TestException { // Returned permissions. PermissionCollection pReturned = null; @@ -420,7 +437,18 @@ public abstract class DynamicPolicyProvi throw new TestException(Util.fail(msg, SNULL, "PermissionCollection")); } - + if ( dynamicallyGranted && policy.revokeSupported()){ + for (int i = 0; i < p.length; i++) { + if (pReturned.implies(p[i])) { + String prm = p[i].toString(); + String exp = "PermissionCollection does not contain " + prm; + String ret = "PermissionCollection contains " + prm; + throw new TestException(Util.fail(msg, ret, exp)); + } + } + logger.log(Level.FINE, Util.pass(msg, "permission(s) not present")); + return; + } for (int i = 0; i < p.length; i++) { if (!pReturned.implies(p[i])) { String prm = p[i].toString(); Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantNoPrincipalCase02.java Wed Aug 17 06:18:09 2011 @@ -453,7 +453,7 @@ public class GrantNoPrincipalCase02 exte * Policy.getPermissions(CodeSource). */ callGetPermissionsNoGranted(s, pmAsided); - callGetPermissions(s, pmAll, null); + callGetPermissions(s, pmAll, true, null); } } } Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/GrantPrincipal.td Wed Aug 17 06:18:09 2011 @@ -7,3 +7,6 @@ FILEPOLICY01=<url: policyProviderGrant01 FILEPOLICY02=<url: policyProviderGrant02.policy> FILEPOLICYUMBRELLA=<url: policyProviderUmbrellaGrant.policy> com.sun.jini.qa.harness.securityproperties=<url: ../securityprovider.properties> +#testjvmargs=-Xdebug,\ +#-Xrunjdwp:transport=dt_socket+,address=8000+,server=y+,suspend=y,\ +#${testjvmargs} Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/NullCases.java Wed Aug 17 06:18:09 2011 @@ -202,7 +202,7 @@ public class NullCases extends DynamicPo // also verify that returned array contains Permissions granted // earlier. msg = "policy.getPermissions((ProtectionDomain) null)"; - callGetPermissions((ProtectionDomain) null, pmGranted, msg); + callGetPermissions((ProtectionDomain) null, pmGranted, true, msg); // Call getPermissions() passing null as CodeSource // and verify that NullPointerException is thrown; Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/RefreshNoPrincipal.td URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/RefreshNoPrincipal.td?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/RefreshNoPrincipal.td (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/RefreshNoPrincipal.td Wed Aug 17 06:18:09 2011 @@ -7,3 +7,7 @@ FILEPOLICY01=<url: policyProviderGrant01 FILEPOLICY02=<url: policyProviderGrant02.policy> FILEPOLICYUMBRELLA=<url: policyProviderUmbrellaGrant.policy> com.sun.jini.qa.harness.securityproperties=<url: ../securityprovider.properties> +#testjvmargs=-Xdebug,\ +#-Xrunjdwp:transport=dt_socket+,address=8000+,server=y+,suspend=y,\ +#${testjvmargs} +#testjvmargs=-Djava.security.manager=com.sun.jini.tool.ProfilingSecurityManager,${testjvmargs} \ No newline at end of file Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructor.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructor.java?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructor.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructor.java Wed Aug 17 06:18:09 2011 @@ -21,6 +21,7 @@ import java.util.logging.Level; // com.sun.jini.qa.harness import com.sun.jini.qa.harness.TestException; +import java.security.Security; /** @@ -77,6 +78,11 @@ import com.sun.jini.qa.harness.TestExcep */ public class SecurityExceptionConstructor extends DynamicPolicyProviderTestBase { + + public SecurityExceptionConstructor(){ + Security.setProperty("net.jini.security.policy.PolicyFileProvider.basePolicyClass", + "sun.security.provider.PolicyFile"); + } /** * Run the test according <b>Test Description</b> Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/SecurityExceptionConstructorNoAccessClass.td Wed Aug 17 06:18:09 2011 @@ -3,4 +3,4 @@ testCategories=policyprovider,policyprov testPolicyfile=policyProviderNoAccessClass.policy com.sun.jini.qa.harness.runkitserver=false com.sun.jini.qa.harness.runjiniserver=false -com.sun.jini.qa.harness.securityproperties=<url: ../securityprovider.properties> +com.sun.jini.qa.harness.securityproperties=<url: ../securityprovider.properties> \ No newline at end of file Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/policyProviderGrant01.policy URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/policyProviderGrant01.policy?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/policyProviderGrant01.policy (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/dynamicPolicyProvider/policyProviderGrant01.policy Wed Aug 17 06:18:09 2011 @@ -13,6 +13,10 @@ * 5. allow accessClassInPackage for sun.security.provider */ +grant codebase "file:${com.sun.jini.jsk.home}${/}lib-ext${/}*" { + permission java.security.AllPermission "", ""; +}; + grant { permission java.lang.RuntimePermission "A"; permission java.lang.RuntimePermission "B"; @@ -172,7 +176,7 @@ grant { // grant read or write permission for individual properties // associated with separate tests. - permission java.util.PropertyPermission "*", "read,write"; + permission java.util.PropertyPermission "*", "read,write"; // discovery-specific PropertyPermission needed by the harness permission net.jini.discovery.DiscoveryPermission "*"; Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/BasicGrants.td URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/BasicGrants.td?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/BasicGrants.td (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/BasicGrants.td Wed Aug 17 06:18:09 2011 @@ -7,3 +7,6 @@ FILEPOLICY01=<url: policyProviderGrant01 FILEPOLICY02=<url: policyProviderGrant02.policy> FILEPOLICYUMBRELLA=<url: policyProviderUmbrellaGrant.policy> com.sun.jini.qa.harness.securityproperties=<url: ../securityprovider.properties> +#testjvmargs=-Xdebug,\ +#-Xrunjdwp:transport=dt_socket+,address=8000+,server=y+,suspend=y,\ +#${testjvmargs} \ No newline at end of file Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/SecurityExceptionConstructor.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/SecurityExceptionConstructor.java?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/SecurityExceptionConstructor.java (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/policyFileProvider/SecurityExceptionConstructor.java Wed Aug 17 06:18:09 2011 @@ -21,6 +21,7 @@ import java.util.logging.Level; // com.sun.jini.qa.harness import com.sun.jini.qa.harness.TestException; +import java.security.Security; /** @@ -86,6 +87,11 @@ public class SecurityExceptionConstructo /** String to format test status string */ private static final String CALLName1 = "new PolicyFileProvider(\"Bar\")"; + public SecurityExceptionConstructor(){ + Security.setProperty("net.jini.security.policy.PolicyFileProvider.basePolicyClass", + "sun.security.provider.PolicyFile"); + } + /** * Run the test according <b>Test Description</b> */ Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/securityprovider.properties URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/securityprovider.properties?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/securityprovider.properties (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/policyprovider/securityprovider.properties Wed Aug 17 06:18:09 2011 @@ -1,3 +1,4 @@ # Java security properties file which overrides the harness supplied # file so that the MergedPolicyProvider is not used, which would interfere # with the correct operation of these tests +#net.jini.security.policy.PolicyFileProvider.basePolicyClass=sun.security.provider.PolicyFile \ No newline at end of file Modified: river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/security/security/security.policy URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/security/security/security.policy?rev=1158535&r1=1158534&r2=1158535&view=diff ============================================================================== --- river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/security/security/security.policy (original) +++ river/jtsk/skunk/peterConcurrentPolicy/qa/src/com/sun/jini/test/spec/security/security/security.policy Wed Aug 17 06:18:09 2011 @@ -48,3 +48,7 @@ grant codebase "file:${com.sun.jini.test permission java.security.SecurityPermission "getDomainCombiner"; permission java.lang.RuntimePermission "DoPrivilegedExceptionTEST1"; }; + +grant { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.util"; +} \ No newline at end of file Added: river/jtsk/skunk/peterConcurrentPolicy/qa/tmp URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/qa/tmp?rev=1158535&view=auto ============================================================================== Binary file - no diff available. Propchange: river/jtsk/skunk/peterConcurrentPolicy/qa/tmp ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream
