Author: peter_firmstone Date: Sun Oct 7 06:50:40 2012 New Revision: 1395235
URL: http://svn.apache.org/viewvc?rev=1395235&view=rev Log: Remove unnecessary new classes prior to release and perform some minor refactoring Removed: river/jtsk/trunk/src/org/apache/river/api/security/CodeSourceGrant.java river/jtsk/trunk/src/org/apache/river/api/security/CodeSourceSetGrant.java Modified: river/jtsk/trunk/src/org/apache/river/api/security/DelegatePermission.java river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilderImp.java river/jtsk/trunk/src/org/apache/river/api/security/package.html Modified: river/jtsk/trunk/src/org/apache/river/api/security/DelegatePermission.java URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/DelegatePermission.java?rev=1395235&r1=1395234&r2=1395235&view=diff ============================================================================== --- river/jtsk/trunk/src/org/apache/river/api/security/DelegatePermission.java (original) +++ river/jtsk/trunk/src/org/apache/river/api/security/DelegatePermission.java Sun Oct 7 06:50:40 2012 @@ -31,7 +31,6 @@ import java.util.Enumeration; import java.util.TreeSet; import java.util.Set; import java.util.concurrent.ConcurrentMap; -import java.util.concurrent.ConcurrentSkipListMap; import au.net.zeus.collection.RC; import au.net.zeus.collection.Ref; import au.net.zeus.collection.Referrer; @@ -40,7 +39,6 @@ import java.io.StringReader; import java.lang.reflect.Constructor; import java.lang.reflect.Modifier; import java.security.UnresolvedPermission; -import java.util.concurrent.ConcurrentHashMap; import org.apache.river.api.security.DefaultPolicyScanner.PermissionEntry; import org.cliffc.high_scale_lib.NonBlockingHashMap; @@ -66,13 +64,13 @@ import org.cliffc.high_scale_lib.NonBloc * * Security Delegates enable sensitive objects to be used by code that isn't * fully trusted you may want to monitor, such as a - * file write that is limited by the number of bytes written, or a Permission - * to write a file, that we might decide to retract or revoke if a user - * does something we don't like, such as exceed a pre set limit or behave + * file write that is limited by the number of bytes written, or Permission + * to write a file you later decide to retract or revoke if a user + * does something he or she shouldn't, such as exceed a pre set limit or behave * in a manner we would like to avoid, such as hogging network bandwidth. * - * If the SecurityManager installed doesn't implement DelegateSecurityManager, - * the DelegatePermission Guard's will be disabled. This allows delegate's + * The SecurityManager installed must implement DelegateSecurityManager, + * otherwise DelegatePermission Guard's will be disabled. This allows delegates * to be included in code, the decision to utilise delegate functionality may * delayed until runtime or deployment. * @@ -89,8 +87,8 @@ import org.cliffc.high_scale_lib.NonBloc * * PermissionCollection's are used mostly read only. * - * Serialization has been implemented so the implementation is not - * tied to the serialized form, instead serialization proxy's are used. + * Serialization has been designed so the implementation is not + * tied to serialized form, by utilising a serialization proxy. * * The candidate permission name (also referred to as the "target name") of each * <code>DelegatePermission</code> instance carries a string representation of the Modified: river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java?rev=1395235&r1=1395234&r2=1395235&view=diff ============================================================================== --- river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java (original) +++ river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java Sun Oct 7 06:50:40 2012 @@ -21,7 +21,6 @@ package org.apache.river.api.security; import java.lang.ref.WeakReference; import java.net.URI; import java.net.URISyntaxException; -import java.security.CodeSource; import java.security.Permission; import java.security.Principal; import java.security.ProtectionDomain; @@ -50,20 +49,7 @@ public abstract class PermissionGrantBui * the ClassLoader */ public static final int CLASSLOADER = 0; - /** - * The PermissionGrant generated will apply to all classes loaded from - * the CodeSource. This has been provided for strict compatibility - * with the standard Java Policy, where a DNS lookup may be performed - * to determine if CodeSource.implies(CodeSource). In addition, to - * resolve a File URL, it will require disk access. - * - * This is very bad for Policy performance, it's use is discouraged, - * so much so, it may removed. - * - * @deprecated use URI instead. - */ - @Deprecated - public static final int CODESOURCE = 1; + /** * The PermissionGrant generated will apply to all classes belonging to * the ProtectionDomain. This is actually a simplification for the @@ -75,20 +61,20 @@ public abstract class PermissionGrantBui * @see java.security.DomainCombiner * @see javax.security.auth.SubjectDomainCombiner */ - public static final int PROTECTIONDOMAIN = 2; + public static final int PROTECTIONDOMAIN = 1; /** * The PermissionGrant generated will apply to all classes loaded from * CodeSource's that have at a minimum the defined array Certificate[] * */ - public static final int CODESOURCE_CERTS = 3; + public static final int CODESOURCE_CERTS = 2; /** * The PermissionGrant generated will apply to the Subject that has * all the principals provided. * * @see Subject */ - public static final int PRINCIPAL = 4; + public static final int PRINCIPAL = 3; /** * The PermissionGrant generated will apply to the ProtectionDomain or @@ -101,7 +87,7 @@ public abstract class PermissionGrantBui * could allow an attacker to use DNS Cache poisoning to escalate * Permission, by imitating a URL with greater privileges. */ - public static final int URI = 5; + public static final int URI = 4; public static PermissionGrantBuilder newBuilder(){ return new PermissionGrantBuilderImp(); @@ -122,16 +108,6 @@ public abstract class PermissionGrantBui * @throws IllegalStateException */ public abstract PermissionGrantBuilder context(int context) throws IllegalStateException; - /** - * Sets the CodeSource that will receive the PermissionGrant - * @param cs - * @return PermissionGrantBuilder - * @deprecated use uri instead. - */ - @Deprecated - public abstract PermissionGrantBuilder codeSource(CodeSource cs); - - public abstract PermissionGrantBuilder multipleCodeSources(); public abstract PermissionGrantBuilder uri(URI uri); /** Modified: river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilderImp.java URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilderImp.java?rev=1395235&r1=1395234&r2=1395235&view=diff ============================================================================== --- river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilderImp.java (original) +++ river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilderImp.java Sun Oct 7 06:50:40 2012 @@ -56,17 +56,13 @@ class PermissionGrantBuilderImp extends // Serial Form private URI[] uri; - private CodeSource cs; - private CodeSource[] csources; private Certificate[] certs; private Principal[] principals; private Permission[] permissions; private int context; - private boolean hasMultipleCodeSources; private boolean hasDomain; // Transient Fields - private transient Collection<CodeSource> multipleCodeSources; private transient Collection<URI> uris; private transient WeakReference<ProtectionDomain> domain; @@ -82,16 +78,12 @@ class PermissionGrantBuilderImp extends public final PermissionGrantBuilder reset() { uri = null; if (uris != null) uris.clear(); - cs = null; certs = null; domain = null; hasDomain = false; principals = null; permissions = null; context = -1; - multipleCodeSources = null; - csources = null; - hasMultipleCodeSources = false; return this; } @@ -99,8 +91,8 @@ class PermissionGrantBuilderImp extends if (context < 0) { throw new IllegalStateException("context must be >= 0"); } - if (context > 5) { - throw new IllegalStateException("context must be <= 5"); + if (context > 4) { + throw new IllegalStateException("context must be <= 4"); } this.context = context; return this; @@ -113,25 +105,6 @@ class PermissionGrantBuilderImp extends return this; } - public PermissionGrantBuilder codeSource(CodeSource cs) { - if (hasMultipleCodeSources){ - multipleCodeSources.add(cs); - } else { - this.cs = cs; - } - return this; - } - - @Override - public PermissionGrantBuilder multipleCodeSources() { - hasMultipleCodeSources = true; - multipleCodeSources = new HashSet<CodeSource>(); - csources = null; - cs = null; - return this; - } - - public PermissionGrantBuilder clazz(Class cl) { if (cl != null) { ProtectionDomain pd = cl.getProtectionDomain(); @@ -175,13 +148,6 @@ class PermissionGrantBuilderImp extends if (uris != null && !uris.isEmpty() ) uri = uris.toArray(new URI[uris.size()]); if (uri == null ) uri = new URI[0]; return new URIGrant(uri, certs, principals, permissions); - case CODESOURCE: - if (hasMultipleCodeSources) { - if (multipleCodeSources != null) csources = - multipleCodeSources.toArray(new CodeSource[multipleCodeSources.size()]); - return new CodeSourceSetGrant(csources, principals, permissions); - } - return new CodeSourceGrant(cs, principals, permissions); case CODESOURCE_CERTS: return new CertificateGrant(certs, principals, permissions); case PROTECTIONDOMAIN: //Dynamic grant @@ -207,11 +173,6 @@ class PermissionGrantBuilderImp extends } private void writeObject(ObjectOutputStream out) throws IOException{ - if (hasMultipleCodeSources) { - if (csources == null && multipleCodeSources != null) csources = - multipleCodeSources.toArray(new CodeSource[multipleCodeSources.size()]); - cs = null; - } if (uris != null && !uris.isEmpty()) uri = uris.toArray(new URI[uris.size()]); out.defaultWriteObject(); } Modified: river/jtsk/trunk/src/org/apache/river/api/security/package.html URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/package.html?rev=1395235&r1=1395234&r2=1395235&view=diff ============================================================================== --- river/jtsk/trunk/src/org/apache/river/api/security/package.html (original) +++ river/jtsk/trunk/src/org/apache/river/api/security/package.html Sun Oct 7 06:50:40 2012 @@ -24,11 +24,11 @@ </head> <body bgcolor="white" <p> -This package contains a scalable cache based security manager that parallelises -domain security checks. Also included is a concurrent +This package contains a scalable cache based security manager that performs +concurrent domain security checks. Also included is a concurrent policy file provider to replace Java's standard offering, this policy provider is in theory much faster after policy file parsing is complete, it uses an immutable data -structure that supports highly scalable concurrent access and does not require +structure that supports highly scalable concurrent access, does not require further disk access and minimises network and DNS requirements. </p><p> Disk access of policy files is performed serially.
