Author: peter_firmstone Date: Sun Feb 19 04:09:00 2012 New Revision: 1290940
URL: http://svn.apache.org/viewvc?rev=1290940&view=rev Log: Incremental merge Added: river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java (with props) Modified: river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java river/jtsk/merge/src/net/jini/security/GrantPermission.java river/jtsk/merge/src/net/jini/security/Security.java river/jtsk/merge/src/net/jini/security/SecurityContext.java river/jtsk/merge/src/net/jini/security/policy/ (props changed) river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java (contents, props changed) river/jtsk/merge/src/net/jini/url/httpmd/Handler.java Modified: river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST (original) +++ river/jtsk/merge/src/manifest/jsk-dl/META-INF/PREFERRED.LIST Sun Feb 19 04:09:00 2012 @@ -31,3 +31,6 @@ Preferred: false Name: net/jini/- Preferred: false + +Name: org/apache/river/api/- +Preferred: false \ No newline at end of file Modified: river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java (original) +++ river/jtsk/merge/src/net/jini/jeri/BasicInvocationDispatcher.java Sun Feb 19 04:09:00 2012 @@ -44,6 +44,8 @@ import java.security.AccessControlExcept import java.security.AccessController; import java.security.CodeSource; import java.security.Permission; +import java.security.PermissionCollection; +import java.security.Policy; import java.security.Principal; import java.security.PrivilegedAction; import java.security.ProtectionDomain; @@ -910,7 +912,8 @@ public class BasicInvocationDispatcher i } } }); - if (System.getSecurityManager() == null) { + SecurityManager sm = System.getSecurityManager(); + if (sm == null) { return; } ProtectionDomain pd; @@ -934,6 +937,11 @@ public class BasicInvocationDispatcher i } boolean ok = pd.implies(permission); // XXX what about logging + if (logger.isLoggable(Level.FINE)){ + Policy p = Policy.getPolicy(); + logger.log(Level.FINE, "SecurityManager: " + sm + "\nPolicy: " + p + + "\nProtectionDomain: " + pd); + } if (!ok) { throw new AccessControlException("access denied " + permission); } Modified: river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java (original) +++ river/jtsk/merge/src/net/jini/jeri/BasicObjectEndpoint.java Sun Feb 19 04:09:00 2012 @@ -415,7 +415,16 @@ public final class BasicObjectEndpoint case 0x00: // REMIND: close the response input stream? + Exception ex = null; + try { + call.getResponseInputStream().close(); + } catch (IOException e){ + ex = e; + } // REMIND: Do we want to read a server-supplied reason string? + if (ex != null){ + return new NoSuchObjectException("no such object in table, input stream close threw IOException: " + ex); + } return new NoSuchObjectException("no such object in table"); case 0x01: @@ -423,7 +432,17 @@ public final class BasicObjectEndpoint default: // REMIND: close the response input stream? + Exception exc = null; + try { + call.getResponseInputStream().close(); + } catch (IOException e){ + exc = e; + } // REMIND: Do we really want this failure mode here? + if (exc != null){ + return new UnmarshalException("unexpected invocation status: " + + Integer.toHexString(status), exc); + } return new UnmarshalException("unexpected invocation status: " + Integer.toHexString(status)); } Modified: river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java (original) +++ river/jtsk/merge/src/net/jini/jeri/ssl/AuthManager.java Sun Feb 19 04:09:00 2012 @@ -26,10 +26,12 @@ import java.security.NoSuchAlgorithmExce import java.security.Principal; import java.security.PrivateKey; import java.security.cert.CertPath; +import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; +import java.util.Date; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -324,7 +326,7 @@ abstract class AuthManager extends Filte */ static long certificatesValidUntil(CertPath chain) { long result = Long.MAX_VALUE; - List certs = chain.getCertificates(); + List<? extends Certificate> certs = chain.getCertificates(); for (int i = certs.size(); --i >= 0; ) { X509Certificate cert = (X509Certificate) certs.get(i); long until = cert.getNotAfter().getTime(); Modified: river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java (original) +++ river/jtsk/merge/src/net/jini/jeri/ssl/ServerAuthManager.java Sun Feb 19 04:09:00 2012 @@ -166,7 +166,7 @@ class ServerAuthManager extends AuthMana } else { credentialsValidUntil = checkCredentials( cred, clientSubject, "accept"); - sessionCache = new SoftReference(session); + sessionCache = new SoftReference<SSLSession>(session); } } } @@ -347,7 +347,7 @@ class ServerAuthManager extends AuthMana if (val instanceof X500PrivateCredential) { cred = (X500PrivateCredential) val; try { - checkCredentials(cred, null, "listen"); + checkCredentials(cred, null, "listen"); } catch (SecurityException e) { if (logger.isLoggable(Levels.HANDLED)) { logThrow(logger, Levels.HANDLED, Modified: river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java (original) +++ river/jtsk/merge/src/net/jini/jeri/ssl/SslConnection.java Sun Feb 19 04:09:00 2012 @@ -64,7 +64,7 @@ class SslConnection extends Utilities im * the client to negotiate a new session before the server timeout, which * defaults to 24 hours. */ - private static long maxClientSessionDuration = + private final long maxClientSessionDuration = ((Long) Security.doPrivileged( new GetLongAction("com.sun.jini.jeri.ssl.maxClientSessionDuration", (long) (23.5 * 60 * 60 * 1000)))).longValue(); @@ -100,16 +100,16 @@ class SslConnection extends Utilities im private final ClientAuthManager authManager; /** The socket */ - SSLSocket sslSocket; + volatile SSLSocket sslSocket; /** The currently active cipher suite */ - private String activeCipherSuite; + volatile private String activeCipherSuite; /** The current session */ - private SSLSession session; + volatile private SSLSession session; /** True if the connection has been closed. */ - boolean closed; + volatile boolean closed; /* -- Methods -- */ Modified: river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java (original) +++ river/jtsk/merge/src/net/jini/jeri/ssl/SslEndpointImpl.java Sun Feb 19 04:09:00 2012 @@ -284,6 +284,9 @@ class SslEndpointImpl extends Utilities * XXX: Work around BugID 4892841, Subject.getPrincipals(Class) * not thread-safe against changes to principals. * -tjb[18.Jul.2003] + * + * This was fixed in Java 1.5 which is now our minimum + * supported version. */ synchronized (clientSubject.getPrincipals()) { clientPrincipals = Modified: river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java (original) +++ river/jtsk/merge/src/net/jini/jeri/ssl/SslServerEndpointImpl.java Sun Feb 19 04:09:00 2012 @@ -101,10 +101,10 @@ class SslServerEndpointImpl extends Util * to facilitate testing. Use 24 hours to allow the client, which uses * 23.5 hours, to renegotiate a new session before the server timeout. */ - static long maxServerSessionDuration = + private final long maxServerSessionDuration = ((Long) Security.doPrivileged( new GetLongAction("com.sun.jini.jeri.ssl.maxServerSessionDuration", - 24 * 60 * 60 * 1000))).longValue(); + 24L * 60L * 60L * 1000L))).longValue(); /** * Executes a Runnable in a system thread -- used for listener accept @@ -118,10 +118,10 @@ class SslServerEndpointImpl extends Util new BasicServerConnManager(); /** The associated server endpoint. */ - final ServerEndpoint serverEndpoint; + private final ServerEndpoint serverEndpoint; /** The server subject, or null if the server is anonymous. */ - final Subject serverSubject; + private final Subject serverSubject; /** * The principals to use for authentication, or null if the server is @@ -146,21 +146,21 @@ class SslServerEndpointImpl extends Util /** * The permissions needed to authenticate when listening on this endpoint, - * or null if the server is anonymous. + * or null if the server is anonymous. Effectively immutable array. */ - Permission[] listenPermissions; + private final Permission[] listenPermissions; /** The listen endpoint. */ private final ListenEndpoint listenEndpoint; /** The factory for creating JSSE sockets -- set by sslInit */ - private SSLSocketFactory sslSocketFactory; + private SSLSocketFactory sslSocketFactory; // Synchronized on this /** * The authentication manager for the SSLContext for this endpoint -- set * by sslInit. */ - private ServerAuthManager authManager; + private ServerAuthManager authManager; // Synchronized on this /** The server connection manager. */ ServerConnManager serverConnectionManager = defaultServerConnectionManager; @@ -191,9 +191,10 @@ class SslServerEndpointImpl extends Util ? computePrincipals(serverSubject) : checkPrincipals(serverPrincipals); /* Set listenPermissions before calling hasListenPermissions */ + Permission [] listenPermissions; if (this.serverPrincipals == null) { listenPermissions = null; - } else { + } else { listenPermissions = new AuthenticationPermission[this.serverPrincipals.size()]; int i = 0; @@ -213,10 +214,11 @@ class SslServerEndpointImpl extends Util !hasListenPermissions())) { this.serverSubject = null; - this.listenPermissions = null; + listenPermissions = null; } else { - this.serverSubject = serverSubject; + this.serverSubject = serverSubject; } + this.listenPermissions = listenPermissions; this.serverHost = serverHost; if (port < 0 || port > 0xFFFF) { throw new IllegalArgumentException("Invalid port: " + port); @@ -526,12 +528,12 @@ class SslServerEndpointImpl extends Util if (resolvedHost == null) { InetAddress localAddr; try { - localAddr = (InetAddress) AccessController.doPrivileged( - new PrivilegedExceptionAction() { - public Object run() throws UnknownHostException { - return InetAddress.getLocalHost(); - } - }); + localAddr = AccessController.doPrivileged( + new PrivilegedExceptionAction<InetAddress>() { + public InetAddress run() throws UnknownHostException { + return InetAddress.getLocalHost(); + } + }); } catch (PrivilegedActionException e) { UnknownHostException uhe = (UnknownHostException) e.getCause(); @@ -673,15 +675,18 @@ class SslServerEndpointImpl extends Util checkListenPermissions(false); Set principals = serverSubject.getPrincipals(); /* Keep track of progress; remove entry when check is done */ - Map progress = new HashMap(serverPrincipals.size()); - for (Iterator i = serverPrincipals.iterator(); i.hasNext(); ) { - X500Principal p = (X500Principal) i.next(); - if (!principals.contains(p)) { - throw new UnsupportedConstraintException( - "Missing principal: " + p); - } - progress.put(p, X500Principal.class); - } + boolean nullServerPrincipals = serverPrincipals == null; + Map progress = new HashMap(nullServerPrincipals ? 0 : serverPrincipals.size()); + if (!nullServerPrincipals){ + for (Iterator i = serverPrincipals.iterator(); i.hasNext(); ) { + X500Principal p = (X500Principal) i.next(); + if (!principals.contains(p)) { + throw new UnsupportedConstraintException( + "Missing principal: " + p); + } + progress.put(p, X500Principal.class); + } + } X500PrivateCredential[] privateCredentials = (X500PrivateCredential[]) AccessController.doPrivileged( new SubjectCredentials.GetAllPrivateCredentialsAction( @@ -803,8 +808,9 @@ class SslServerEndpointImpl extends Util private final Set connections = new HashSet(); /** Used to throttle accept failures */ + private final Object failureLock = new Object(); private long acceptFailureTime = 0; - private int acceptFailureCount; + private int acceptFailureCount = 0; /** Creates a listen handle */ SslListenHandle(RequestDispatcher requestDispatcher, @@ -936,23 +942,34 @@ class SslServerEndpointImpl extends Util final int NFAIL = 10; final int NMSEC = 5000; long now = System.currentTimeMillis(); - if (acceptFailureTime == 0L || - (now - acceptFailureTime) > NMSEC) - { - // failure time is very old, or this is first failure - acceptFailureTime = now; - acceptFailureCount = 0; - } else { - // failure window was started recently - acceptFailureCount++; - if (acceptFailureCount >= NFAIL) { - try { - Thread.sleep(10000); - } catch (InterruptedException ignore) { - } - // no need to reset counter/timer - } - } + boolean fail = false; + synchronized (failureLock){ + if (acceptFailureTime == 0L || + (now - acceptFailureTime) > NMSEC) + { + // failure time is very old, or this is first failure + acceptFailureTime = now; + acceptFailureCount = 0; + } else { + // failure window was started recently + acceptFailureCount++; + if (acceptFailureCount >= NFAIL) { + fail = true; + } + } + } + if (fail) { + try { + Thread.sleep(10000); + } catch (InterruptedException ignore) { + /* Why are we ignoring the interrupt and not + * restoring the interrupted status? + */ + Thread.currentThread().interrupt(); + } + // no need to reset counter/timer + } + return true; } @@ -1063,31 +1080,31 @@ class SslServerEndpointImpl extends Util * yet. Check that the current session matches to prevent new * handshakes. */ - private SSLSession session; + private final SSLSession session; /** * The client subject -- depends on session being set. This instance * is read-only. */ - private Subject clientSubject; + private final Subject clientSubject; /** The client principal -- depends on session being set. */ - private X500Principal clientPrincipal; + private final X500Principal clientPrincipal; /** The server principal -- depends on session being set. */ - private X500Principal serverPrincipal; + private final X500Principal serverPrincipal; /** * The authentication permission required for this connection, or null * if the server is anonymous -- depends on session being set. */ - private AuthenticationPermission authPermission; + private final AuthenticationPermission authPermission; /** The cipher suite -- depends on session being set. */ - private String cipherSuite; - + private final String cipherSuite; + /** True if the connection has been closed. */ - boolean closed; + volatile boolean closed; /** Creates a server connection */ SslServerConnection(SslListenHandle listenHandle, Socket socket) @@ -1103,7 +1120,34 @@ class SslServerEndpointImpl extends Util /* Need to put in server mode before requesting client auth. */ sslSocket.setUseClientMode(false); sslSocket.setWantClientAuth(true); - + try { + session = sslSocket.getSession(); + sslSocket.setEnableSessionCreation(false); + cipherSuite = session.getCipherSuite(); + if ("NULL".equals(getKeyExchangeAlgorithm(cipherSuite))) { + throw new SecurityException("Handshake failed"); + } + clientSubject = getClientSubject(sslSocket); + clientPrincipal = clientSubject != null + ? ((X500Principal) + clientSubject.getPrincipals().iterator().next()) + : null; + X509Certificate serverCert = + getAuthManager().getServerCertificate(session); + serverPrincipal = serverCert != null + ? serverCert.getSubjectX500Principal() : null; + if (serverPrincipal != null) { + authPermission = new AuthenticationPermission( + Collections.singleton(serverPrincipal), + (clientPrincipal != null + ? Collections.singleton(clientPrincipal) : null), + "accept"); + } else { + authPermission = null; + } + } catch (SecurityException e){ + throw new IOException("Unable to create session", e); + } logger.log(Level.FINE, "created {0}", this); } @@ -1193,43 +1237,21 @@ class SslServerEndpointImpl extends Util * fields if needed. */ private void decacheSession() { - synchronized (this) { - SSLSession socketSession = sslSocket.getSession(); - if (session == socketSession) { - return; - } else if (session != null) { - /* - * We disable session creation as soon as we notice the - * first session, but it is possible that a second - * handshake could have started by then, so check that we - * have the same session. -tjb[31.Jan.2003] - */ - throw new SecurityException( - "New handshake occurred on socket"); - } - session = socketSession; - sslSocket.setEnableSessionCreation(false); - cipherSuite = session.getCipherSuite(); - if ("NULL".equals(getKeyExchangeAlgorithm(cipherSuite))) { - throw new SecurityException("Handshake failed"); - } - clientSubject = getClientSubject(sslSocket); - clientPrincipal = clientSubject != null - ? ((X500Principal) - clientSubject.getPrincipals().iterator().next()) - : null; - X509Certificate serverCert = - getAuthManager().getServerCertificate(session); - serverPrincipal = serverCert != null - ? serverCert.getSubjectX500Principal() : null; - if (serverPrincipal != null) { - authPermission = new AuthenticationPermission( - Collections.singleton(serverPrincipal), - (clientPrincipal != null - ? Collections.singleton(clientPrincipal) : null), - "accept"); - } - } + SSLSession socketSession = sslSocket.getSession(); + if (session == socketSession) { + return; + } else if ( !session.isValid()){ + throw new SecurityException("Session invalid"); + } else { + /* + * We disable session creation as soon as we notice the + * first session, but it is possible that a second + * handshake could have started by then, so check that we + * have the same session. -tjb[31.Jan.2003] + */ + throw new SecurityException( + "New handshake occurred on socket"); + } } /** Modified: river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java (original) +++ river/jtsk/merge/src/net/jini/jeri/tcp/TcpServerEndpoint.java Sun Feb 19 04:09:00 2012 @@ -854,7 +854,7 @@ public final class TcpServerEndpoint imp if (!(t instanceof SecurityException)) { try { - // NYI: shed idle connections + // TODO: NYI: shed idle connections } catch (OutOfMemoryError e) { } catch (Exception e) { } Added: river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java?rev=1290940&view=auto ============================================================================== --- river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java (added) +++ river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java Sun Feb 19 04:09:00 2012 @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package net.jini.loader.pref; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.net.URL; +import java.security.CodeSource; +import java.security.Permission; +import java.security.cert.Certificate; + +/** + * The intent of this class is to allow a jar file to carry with it the + * permissions it requires, the intent is that a smart proxy use this, + * the permissions are dynamically granted to a Principal and ClassLoader + * combination. + * + * This is package private until the implementation is complete, the public + * api should be reviewed before making public. + * + * @author peter + */ +class CodeSourceWithPermissionsRequired extends CodeSource { + private static final long serialVersionUID = 1L; + private Permission[] permissions; + + public CodeSourceWithPermissionsRequired(URL codebase, Certificate[] certs, Permission[] perms){ + super(codebase, certs ); + permissions = perms.clone(); + } + + public String toString(){ + StringBuilder sb = new StringBuilder(120); + sb.append(super.toString()) + .append("\n") + .append("Information only, minimum Permissions required for execution:\n"); + int l = permissions.length; + for (int i = 0; i < l ; i++){ + sb.append(permissions[i].toString()); + } + return sb.toString(); + } + + Permission [] required(){ + return permissions.clone(); + } + + private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException{ + in.defaultReadObject(); + // defensive copy of array reference to prevent stolen reference + permissions = permissions.clone(); + } + + private void writeObject(ObjectOutputStream out) throws IOException{ + out.defaultWriteObject(); + } +} Propchange: river/jtsk/merge/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java (original) +++ river/jtsk/merge/src/net/jini/loader/pref/PreferredClassLoader.java Sun Feb 19 04:09:00 2012 @@ -1011,6 +1011,22 @@ public class PreferredClassLoader extend return getPackage(name); } } + + protected Class<?> findClass(final String name) + throws ClassNotFoundException + { + /* TODO: Override and create our own CodeSource + * implementation that contains permissions.perm + * After we retrieve the manifest, class bytes and + * certificates, create the CodeSource we call + * defineClass(String name, byte[]b, int off, int len, CodeSource cs) + * + * This will be utilised by a class that overrides + * BasicProxyPreparer.getPermissions() + * to retrieve the advisory permissions. + */ + return super.findClass(name); + } /** * {@inheritDoc} @@ -1143,9 +1159,9 @@ public class PreferredClassLoader extend * Create an AccessControlContext that consists of a single * protection domain with only the permissions calculated above. * Comment added 7th May 2010 by Peter Firmstone: - * This calls the pre java 1.4 constructor which causes the + * This did call the pre java 1.4 constructor which causes the * ProtectionDomain to not consult the Policy, this - * has the effect of not allowing Dynamic Permission changes to be + * had the effect of not allowing Dynamic Permission changes to be * effected by the Policy. It doesn't affect the existing * DynamicPolicy implementation as it returns the Permissions * allowing the ProtectionDomain domain combiner to combine Modified: river/jtsk/merge/src/net/jini/security/GrantPermission.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/security/GrantPermission.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/security/GrantPermission.java (original) +++ river/jtsk/merge/src/net/jini/security/GrantPermission.java Sun Feb 19 04:09:00 2012 @@ -555,7 +555,7 @@ public final class GrantPermission exten * of permissions. */ private static String constructName(Permission[] pa) { - StringBuffer sb = new StringBuffer(); + StringBuffer sb = new StringBuffer(60); for (int i = 0; i < pa.length; i++) { Permission p = pa[i]; if (p instanceof UnresolvedPermission) { @@ -762,8 +762,9 @@ public final class GrantPermission exten private static final ObjectStreamField[] serialPersistentFields = { new ObjectStreamField("perms", List.class, true) }; - - private List perms = new ArrayList(); + + // Serial form. + private List<Permission> perms = new ArrayList<Permission>(); private Implier implier = new Implier(); public synchronized void add(Permission p) { @@ -774,11 +775,15 @@ public final class GrantPermission exten throw new SecurityException( "can't add to read-only PermissionCollection"); } - perms.add(p); - implier.add((GrantPermission) p); + // Cannot use TreeSet to ensure correctness, just don't + // add twice, in other words check must be external. + // Stack overflow may occur if permissions added without checking + perms.add(p); + implier.add((GrantPermission) p); + } - public synchronized Enumeration elements() { + public synchronized Enumeration<Permission> elements() { return Collections.enumeration(perms); } Modified: river/jtsk/merge/src/net/jini/security/Security.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/security/Security.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/security/Security.java (original) +++ river/jtsk/merge/src/net/jini/security/Security.java Sun Feb 19 04:09:00 2012 @@ -43,6 +43,7 @@ import java.util.Map; import java.util.Set; import java.util.StringTokenizer; import java.util.WeakHashMap; +import java.util.concurrent.ConcurrentMap; import java.util.logging.Level; import java.util.logging.LogRecord; import java.util.logging.Logger; @@ -461,26 +462,7 @@ public final class Security { } final AccessControlContext acc = AccessController.getContext(); - return new SecurityContext() { - public PrivilegedAction wrap(PrivilegedAction a) { - if (a == null) { - throw new NullPointerException(); - } - return a; - } - - public PrivilegedExceptionAction wrap(PrivilegedExceptionAction a) - { - if (a == null) { - throw new NullPointerException(); - } - return a; - } - - public AccessControlContext getAccessControlContext() { - return acc; - } - }; + return new SecurityContextImpl(acc); } /** @@ -497,15 +479,17 @@ public final class Security { * principals of the <code>Subject</code>, as well as the ability to use * credentials of the <code>Subject</code> for authentication. * + * @param <T> * @param action the action to be executed * @return the object returned by the action's <code>run</code> method * @throws NullPointerException if the action is <code>null</code> */ - public static Object doPrivileged(final PrivilegedAction action) { + public static <T> T doPrivileged(final PrivilegedAction<T> action) { final Class caller = ctxAccess.getCaller(); final AccessControlContext acc = AccessController.getContext(); - return AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { + return AccessController.doPrivileged(new PrivilegedAction<T>() { + + public T run() { return AccessController.doPrivileged( action, createPrivilegedContext(caller, acc)); } @@ -526,19 +510,21 @@ public final class Security { * to principals of the <code>Subject</code>, as well as the ability to use * credentials of the <code>Subject</code> for authentication. * + * @param <T> * @param action the action to be executed * @return the object returned by the action's <code>run</code> method * @throws PrivilegedActionException if the action's <code>run</code> * method throws a checked exception * @throws NullPointerException if the action is <code>null</code> */ - public static Object doPrivileged(final PrivilegedExceptionAction action) + public static <T> T doPrivileged(final PrivilegedExceptionAction<T> action) throws PrivilegedActionException { final Class caller = ctxAccess.getCaller(); final AccessControlContext acc = AccessController.getContext(); - return AccessController.doPrivileged(new PrivilegedExceptionAction() { - public Object run() throws Exception { + return AccessController.doPrivileged(new PrivilegedExceptionAction<T>() { + + public T run() throws Exception { try { return AccessController.doPrivileged( action, createPrivilegedContext(caller, acc)); @@ -765,21 +751,24 @@ public final class Security { * Returns current thread's context class loader. */ private static ClassLoader getContextClassLoader() { - return (ClassLoader) - AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - return Thread.currentThread().getContextClassLoader(); - } - }); + return AccessController.doPrivileged( + new PrivilegedAction<ClassLoader>() { + + public ClassLoader run() { + return Thread.currentThread().getContextClassLoader(); + } + } + ); } /** * Returns currently installed security policy, if any. */ private static Policy getPolicy() { - return (Policy) AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { return Policy.getPolicy(); } - }); + return AccessController.doPrivileged(new PrivilegedAction<Policy>() { + + public Policy run() { return Policy.getPolicy(); } + }); } /** @@ -799,7 +788,7 @@ public final class Security { } catch (SecurityException e) { } - ArrayList list = new ArrayList(permissions.length); + ArrayList<Permission> list = new ArrayList<Permission>(permissions.length); for (int i = 0; i < permissions.length; i++) { try { Permission p = permissions[i]; @@ -808,7 +797,7 @@ public final class Security { } catch (SecurityException e) { } } - return (Permission[]) list.toArray(new Permission[list.size()]); + return list.toArray(new Permission[list.size()]); } /** @@ -816,20 +805,23 @@ public final class Security { */ private static Principal[] getCurrentPrincipals() { final AccessControlContext acc = AccessController.getContext(); - Subject s = (Subject) AccessController.doPrivileged( - new PrivilegedAction() { - public Object run() { return Subject.getSubject(acc); } + Subject s = AccessController.doPrivileged( + new PrivilegedAction<Subject>() { + + public Subject run() { return Subject.getSubject(acc); } }); if (s != null) { - Set ps = s.getPrincipals(); - return (Principal[]) ps.toArray(new Principal[ps.size()]); + Set<Principal> ps = s.getPrincipals(); + return ps.toArray(new Principal[ps.size()]); } else { return null; } } /** - * TrustVerifier.Context implementation. + * TrustVerifier.Context implementation. This implementation is only + * used to verify trust it is never handed outside this class, + * so we never bother to defensively copy state. */ private static class Context implements TrustVerifier.Context { /** @@ -872,9 +864,10 @@ public final class Security { final ArrayList list = new ArrayList(1); final ClassLoader scl = cl; AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { for (Iterator iter = - Service.providers(TrustVerifier.class, scl); + Service.providers(TrustVerifier.class, scl); iter.hasNext(); ) { list.add(iter.next()); @@ -891,7 +884,7 @@ public final class Security { new TrustVerifier[list.size()]); synchronized (map) { map.put(cl, new SoftReference(verifiers)); - } + } } this.verifiers = verifiers; this.context = context; @@ -970,4 +963,48 @@ public final class Security { return getClassContext()[2]; } } + + private static class SecurityContextImpl implements SecurityContext { + + private final AccessControlContext acc; + private final int hashCode; + + public SecurityContextImpl(AccessControlContext acc) { + this.acc = acc; + int hash = 7; + hash = 23 * hash + (this.acc != null ? this.acc.hashCode() : 0); + hashCode = hash; + } + + public <T> PrivilegedAction<T> wrap(PrivilegedAction<T> a) { + if (a == null) { + throw new NullPointerException(); + } + return a; + } + + public <T> PrivilegedExceptionAction<T> wrap(PrivilegedExceptionAction<T> a) + { + if (a == null) { + throw new NullPointerException(); + } + return a; + } + + public AccessControlContext getAccessControlContext() { + return acc; + } + + @Override + public int hashCode() { + return hashCode; + } + + @Override + public boolean equals(Object o){ + if (!(o instanceof SecurityContextImpl)) return false; + SecurityContext that = (SecurityContext) o; + return getAccessControlContext().equals(that.getAccessControlContext()); + } + } } Modified: river/jtsk/merge/src/net/jini/security/SecurityContext.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/security/SecurityContext.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/security/SecurityContext.java (original) +++ river/jtsk/merge/src/net/jini/security/SecurityContext.java Sun Feb 19 04:09:00 2012 @@ -51,7 +51,11 @@ import java.security.PrivilegedException * AccessController.doPrivileged( * ctx.wrap(action), ctx.getAccessControlContext()); * </pre> - * + * + * <BOLD> + * Implementations must override Object equals and hashCode. + * </BOLD> + * * @author Sun Microsystems, Inc. * * @since 2.0 @@ -71,12 +75,13 @@ public interface SecurityContext { * <code>run</code> method is propagated through the <code>run</code> * method of the wrapper action. * + * @param <T> return type of PrivilegedAction * @param action the action to be wrapped * @return security context-restoring action wrapping <code>action</code>, * or <code>action</code> if no wrapping is necessary * @throws NullPointerException if <code>action</code> is <code>null</code> */ - PrivilegedAction wrap(PrivilegedAction action); + <T> PrivilegedAction<T> wrap(PrivilegedAction<T> action); /** * Returns a security context-restoring @@ -91,12 +96,13 @@ public interface SecurityContext { * thrown by the wrapped action's <code>run</code> method is propagated * through the <code>run</code> method of the wrapper action. * + * @param <T> return type of PrivilegedExceptionAction * @param action the action to be wrapped * @return security context-restoring action wrapping <code>action</code>, * or <code>action</code> if no wrapping is necessary * @throws NullPointerException if <code>action</code> is <code>null</code> */ - PrivilegedExceptionAction wrap(PrivilegedExceptionAction action); + <T> PrivilegedExceptionAction<T> wrap(PrivilegedExceptionAction<T> action); /** * Returns access control context portion of snapshotted security context. Propchange: river/jtsk/merge/src/net/jini/security/policy/ ------------------------------------------------------------------------------ --- svn:mergeinfo (added) +++ svn:mergeinfo Sun Feb 19 04:09:00 2012 @@ -0,0 +1 @@ +/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy:1137883-1290923* Modified: river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java (original) +++ river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java Sun Feb 19 04:09:00 2012 @@ -26,8 +26,13 @@ import java.security.Policy; import java.security.PrivilegedAction; import java.security.ProtectionDomain; import java.security.Security; +import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; +import java.util.Enumeration; +import java.util.HashSet; import java.util.List; +import java.util.Set; import net.jini.security.GrantPermission; /** @@ -47,20 +52,22 @@ import net.jini.security.GrantPermission * @com.sun.jini.impl <!-- Implementation Specifics --> * * This implementation's no-argument constructor uses a default class name of - * <code>"sun.security.provider.PolicyFile"</code> to instantiate base policy - * objects, if the + * <code>"org.apache.river.impl.security.policy.se.ConcurrentPolicyFile"</code> + * to instantiate base policy objects, if the * <code>net.jini.security.policy.PolicyFileProvider.basePolicyClass</code> * security property is not set. */ public class PolicyFileProvider extends Policy { private static final String basePolicyClassProperty = - "net.jini.security.policy." + - "PolicyFileProvider.basePolicyClass"; + "net.jini.security.policy.PolicyFileProvider.basePolicyClass"; private static final String defaultBasePolicyClass = - "sun.security.provider.PolicyFile"; + // Having our own implementation removes a platform dependency + "org.apache.river.api.security.ConcurrentPolicyFile"; +// "sun.security.provider.PolicyFile"; private static final String policyProperty = "java.security.policy"; private static final Object propertyLock = new Object(); + private static final Permission umbrella = new UmbrellaGrantPermission(); private final String policyFile; private final Policy basePolicy; @@ -101,7 +108,9 @@ public class PolicyFileProvider extends * <code>net.jini.security.policy.PolicyFileProvider.basePolicyClass</code> * security property, or if the calling context does not have * adequate permissions to access the base policy class + * @deprecated DynamicPolicyProvider now supports Umbrella grants directly. */ + @Deprecated public PolicyFileProvider() throws PolicyInitializationException { policyFile = null; @@ -266,14 +275,25 @@ public class PolicyFileProvider extends */ private void ensureDependenciesResolved() { // force resolution of GrantPermission and UmbrellaGrantPermission - new GrantPermission(new UmbrellaGrantPermission()); + new GrantPermission(umbrella); } - private static void expandUmbrella(PermissionCollection pc) { - if (pc.implies(new UmbrellaGrantPermission())) { - List l = Collections.list(pc.elements()); - pc.add(new GrantPermission( - (Permission[]) l.toArray(new Permission[l.size()]))); + static void expandUmbrella(PermissionCollection pc) { + if (pc.implies(umbrella)) { + // Don't use Set, avoid calling equals and hashCode on SocketPermission. + Collection<Permission> perms = new ArrayList<Permission>(120); + Enumeration<Permission> e = pc.elements(); + while (e.hasMoreElements()){ + Permission p = e.nextElement(); + // Avoid unintended granting of GrantPermission + // and recursive UmbrellaGrantPermission + if ( p instanceof GrantPermission || + p instanceof UmbrellaGrantPermission){ + continue; + } + perms.add(p); + } + pc.add(new GrantPermission(perms.toArray(new Permission[perms.size()]))); } } @@ -287,7 +307,8 @@ public class PolicyFileProvider extends public Object run() { if (value == null) { // TODO: Use System.clearProperty when we move to 1.5 - System.getProperties().remove(policyProperty); + System.clearProperty(policyProperty); + //System.getProperties().remove(policyProperty); } else { System.setProperty(policyProperty, value); } Propchange: river/jtsk/merge/src/net/jini/security/policy/PolicyFileProvider.java ------------------------------------------------------------------------------ --- svn:mergeinfo (added) +++ svn:mergeinfo Sun Feb 19 04:09:00 2012 @@ -0,0 +1 @@ +/river/jtsk/skunk/peterConcurrentPolicy/src/net/jini/security/policy/PolicyFileProvider.java:1137883-1290923 Modified: river/jtsk/merge/src/net/jini/url/httpmd/Handler.java URL: http://svn.apache.org/viewvc/river/jtsk/merge/src/net/jini/url/httpmd/Handler.java?rev=1290940&r1=1290939&r2=1290940&view=diff ============================================================================== --- river/jtsk/merge/src/net/jini/url/httpmd/Handler.java (original) +++ river/jtsk/merge/src/net/jini/url/httpmd/Handler.java Sun Feb 19 04:09:00 2012 @@ -226,6 +226,29 @@ public class Handler extends URLStreamHa } } } + + /** + * The default superclass implementation performs dns lookup to determine + * if hosts are equal, this allows two URL's with different hashCode's + * to be equal, breaking the hashCode equals contract. + * + * It also causes a test failure in the jtreg test suite. + * + * + * *** Start test: Mon Jan 23 08:11:26 EST 2012 + * [jtreg] Test 9: TestEqual: httpmd://foo:88/bar/baz;p1=v1;md5=abcd?q#r, httpmd://alpha:88/bar/baz;p1=v1;md5=abcd?q#r + * [jtreg] FAIL: Should be: false + * [jtreg] Result: true + * + * URL.implies(URL url) is better suited to perform this function, why + * it was originally implemented in equals is unknown. + */ + protected boolean hostsEqual(URL u1, URL u2) { + if (u1.getHost() != null && u2.getHost() != null) + return u1.getHost().equalsIgnoreCase(u2.getHost()); + else + return u1.getHost() == null && u2.getHost() == null; + } /** * Compares two HTTPMD URLs to see if they refer to the same file. Performs @@ -317,15 +340,15 @@ public class Handler extends URLStreamHa } /* Generate the host part */ - InetAddress addr = getHostAddress(u); - if (addr != null) { - h += addr.hashCode(); - } else { +// InetAddress addr = getHostAddress(u); +// if (addr != null) { +// h += addr.hashCode(); +// } else { String host = u.getHost(); if (host != null) { h += host.toLowerCase().hashCode(); } - } +// } /* * Generate the path part, ignoring case in the message digest and
