mcconnell    2004/03/06 16:00:59

  Modified:    
merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl
                        DefaultModelFactory.java DefaultSystemContext.java
                        DefaultSystemContextFactory.java
               merlin/composition/spi/src/java/org/apache/avalon/composition/provider
                        SystemContextFactory.java
               merlin/kernel/impl/conf kernel.xml
               merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl
                        DefaultFactory.java
               merlin/platform/src/config debug.xml
  Log:
  Complete the asignment of grants of named security profile name to a deployment 
address.
  
  Revision  Changes    Path
  1.11      +102 -44   
avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultModelFactory.java
  
  Index: DefaultModelFactory.java
  ===================================================================
  RCS file: 
/home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultModelFactory.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- DefaultModelFactory.java  29 Feb 2004 22:25:26 -0000      1.10
  +++ DefaultModelFactory.java  7 Mar 2004 00:00:58 -0000       1.11
  @@ -26,8 +26,10 @@
   import java.security.Permissions;
   import java.security.PermissionCollection;
   import java.security.ProtectionDomain;
  -import java.util.Map;
   import java.util.Hashtable;
  +import java.util.Map;
  +import java.util.Iterator;
  +import java.util.Set;
   
   import org.apache.avalon.composition.data.SecurityProfile;
   import org.apache.avalon.composition.data.ComponentProfile;
  @@ -89,6 +91,8 @@
       private static final SecurityModel NULL_SECURITY = 
         new DefaultSecurityModel();
   
  +    private static final String DEFAULT_PROFILE_NAME = "default";
  +
       //-------------------------------------------------------------------
       // immutable state
       //-------------------------------------------------------------------
  @@ -120,20 +124,23 @@
      /**
       * A table of protection domain instances keyed by code source.
       */
  -    private Map m_domains = new Hashtable();
  +    private Map m_grants;
   
       //-------------------------------------------------------------------
       // constructor
       //-------------------------------------------------------------------
   
      /**
  -    * Creation of a new model factory.  
  +    * Creation of a new model factory.
  +    *
       * @param system the system context
       * @param profiles the set of initial security profiles
  -    * @param targets the set of initial override targets
  +    * @param grants the set of initial address to permission 
  +    *    profile assignments 
       */
       DefaultModelFactory( 
  -      final SystemContext system, SecurityProfile[] profiles, TargetDirective[] 
targets )
  +      final SystemContext system, SecurityProfile[] profiles, 
  +      Map grants )
       {
           if( system == null )
           {
  @@ -143,37 +150,61 @@
           {
               throw new NullPointerException( "profiles" );
           }
  +        if( grants == null )
  +        {
  +            throw new NullPointerException( "grants" );
  +        }
   
           m_system = system;
  +        m_grants = grants;
  +
           m_logger = system.getLogger();
   
           //
           // register the set of security profiles
           //
   
  -        for( int i=0; i<profiles.length; i++ )
  +        if( system.isCodeSecurityEnabled() )
           {
  -            SecurityProfile profile = profiles[i];
  -            final String name = profile.getName();
  -            SecurityModel model = new DefaultSecurityModel( profile );
  -            m_security.put( profile.getName(), model );
  -            if( m_logger.isDebugEnabled() )
  +            for( int i=0; i<profiles.length; i++ )
               {
  -                m_logger.debug( "added security profile [" + name + "]." );
  +                SecurityProfile profile = profiles[i];
  +                final String name = profile.getName();
  +                SecurityModel model = new DefaultSecurityModel( profile );
  +                m_security.put( profile.getName(), model );
  +                if( m_logger.isDebugEnabled() )
  +                {
  +                    m_logger.debug( 
  +                      "added security profile [" + name + "]." );
  +                }
               }
  -        }
   
  -        //
  -        // check that we have a default security profile
  -        //
  +            //
  +            // check that we have a default security profile
  +            //
   
  -        if( null == m_security.get( "default" ) )
  -        {
  -            if( m_logger.isDebugEnabled() )
  +            if( null == m_security.get( DEFAULT_PROFILE_NAME ) )
               {
  -                m_logger.debug( "code security disabled" );
  +                final String error = 
  +                  "Security enabled without a \""
  +                  + DEFAULT_PROFILE_NAME
  +                  + "\" profile.";
  +                throw new IllegalStateException( error );
  +            }
  +
  +            //
  +            // check that the initial set of grant bindings actually 
  +            // refer to known security profiles
  +            //
  +
  +            Set entries = grants.entrySet();
  +            Iterator iterator = entries.iterator();
  +            while( iterator.hasNext() )
  +            {
  +                Map.Entry entry = (Map.Entry) iterator.next();
  +                final String profile = (String) entry.getValue();
  +                getNamedSecurityModel( profile );
               }
  -            m_security.put( "default", NULL_SECURITY );
           }
       }
   
  @@ -284,10 +315,8 @@
       public ComponentModel createComponentModel( ComponentContext context )
         throws ModelException
       {
  -        //
  -        // TODO: update to check for a named profile assignment
  -        //
  -        SecurityModel security = getDefaultSecurityModel();
  +        final String path = context.getQualifiedName();
  +        SecurityModel security = getAssignedSecurityModel( path );
           return new DefaultComponentModel( context, security );
       }
   
  @@ -301,11 +330,8 @@
       public ContainmentModel createContainmentModel( ContainmentContext context )
         throws ModelException
       {
  -        //
  -        // TODO: update to check for a named profile assignment
  -        //
  -
  -        SecurityModel security = getDefaultSecurityModel();
  +        final String path = context.getQualifiedName();
  +        SecurityModel security = getAssignedSecurityModel( path );
           return new DefaultContainmentModel( context, security );
       }
   
  @@ -369,29 +395,61 @@
       }
   
      /**
  -    * WARNING: Lots of updates needed here.  We need to be suppied
  -    * with mapping of container paths to security profiles names. For 
  -    * the moment just return a default security model.
  +    * Return the security profile matching the supplied deployment
  +    * path.  The implementation will return the default security profile
  +    * unless an explicit grant has been declared for the the supplied
  +    * path, and the grant referes to a known security profile.
       * 
  -    * @param path the container path
  +    * @param path the container or component path
       * @return the assigned security model
       */
       private SecurityModel getAssignedSecurityModel( final String path )
       {
  -        return getDefaultSecurityModel();
  +        if( m_system.isCodeSecurityEnabled() )
  +        {
  +            final String profile = getAssignedProfileName( path );
  +            return getNamedSecurityModel( profile );
  +        }
  +        else
  +        {
  +            return NULL_SECURITY;
  +        }
       }
   
      /**
  -    * Return a named security profile.
  -    * 
  -    * @param name the profile name
  +    * Return a named security profile. 
  +    * @param name an existing security profile name
       * @return the security model
  +    * @exception IllegalArgumentException if the name is unknown
  +    */
  +    private SecurityModel getNamedSecurityModel( String name )
  +    {
  +        SecurityModel model = 
  +          (SecurityModel) m_security.get( name );
  +        if( null != model )
  +        {
  +            return model;
  +        }
  +        else
  +        {
  +            final String error = 
  +              "Unknown security profile [" + name + "].";
  +            throw new IllegalArgumentException( error );
  +        }
  +    }
  +
  +   /**
  +    * Return the security profile name assigned to the supplied path.
  +    * If no assignment has been declared the default security profile
  +    * name will be returned.
  +    *
  +    * @return the security profile name for the path
       */
  -    private SecurityModel getNamedSecurityModel( final String name )
  +    private String getAssignedProfileName( String path )
       {
  -        SecurityModel model = (SecurityModel) m_security.get( name );
  -        if( null != model ) return model;
  -        return getDefaultSecurityModel();
  +        final String profile = (String) m_grants.get( path );
  +        if( null != profile ) return profile;
  +        return DEFAULT_PROFILE_NAME;
       }
   
      /**
  @@ -401,7 +459,7 @@
       */
       private SecurityModel getDefaultSecurityModel()
       {
  -        return (SecurityModel) m_security.get( "default" );
  +        return (SecurityModel) m_security.get( DEFAULT_PROFILE_NAME );
       }
   
   }
  
  
  
  1.26      +4 -4      
avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContext.java
  
  Index: DefaultSystemContext.java
  ===================================================================
  RCS file: 
/home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContext.java,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- DefaultSystemContext.java 4 Mar 2004 03:42:30 -0000       1.25
  +++ DefaultSystemContext.java 7 Mar 2004 00:00:58 -0000       1.26
  @@ -143,7 +143,7 @@
         long timeout, 
         boolean secure, 
         SecurityProfile[] security,
  -      TargetDirective[] targets ) throws SystemException
  +      Map grants ) throws SystemException
       {
           super( parent );
   
  @@ -153,7 +153,7 @@
           assertNotNull( "logging", logging );
           assertNotNull( "category", category );
           assertNotNull( "security", security );
  -        assertNotNull( "targets", targets );
  +        assertNotNull( "grants", grants );
   
           if( !base.isDirectory() )
           {
  @@ -184,7 +184,7 @@
               }
           }
   
  -        m_factory = new DefaultModelFactory( this, security, targets );
  +        m_factory = new DefaultModelFactory( this, security, grants );
   
           //
           // use avalon-repository to load the runtime
  
  
  
  1.5       +36 -12    
avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContextFactory.java
  
  Index: DefaultSystemContextFactory.java
  ===================================================================
  RCS file: 
/home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContextFactory.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- DefaultSystemContextFactory.java  4 Mar 2004 03:42:30 -0000       1.4
  +++ DefaultSystemContextFactory.java  7 Mar 2004 00:00:59 -0000       1.5
  @@ -19,10 +19,11 @@
   
   import java.io.File;
   import java.net.URL;
  -import java.util.Map;
   import java.lang.reflect.Constructor;
   import java.lang.reflect.InvocationTargetException ;
   import java.lang.reflect.Method ;
  +import java.util.Hashtable;
  +import java.util.Map;
   
   import org.apache.avalon.logging.provider.LoggingException;
   import org.apache.avalon.logging.provider.LoggingFactory;
  @@ -108,7 +109,7 @@
   
       private SecurityProfile[] m_profiles;
   
  -    private TargetDirective[] m_targets;
  +    private Map m_grants;
   
       private Context m_parent;
   
  @@ -208,12 +209,12 @@
       }
   
      /**
  -    * Set the initial set of target override directives.
  -    * @param targets the target overrides
  +    * Set the initial set of address to security profile grants.
  +    * @param grants the initial grants table
       */
  -    public void setTargetDirectives( TargetDirective[] targets )
  +    public void setGrantsTable( Map grants )
       {
  -        m_targets = targets;
  +        m_grants = grants;
       }
   
      /**
  @@ -241,15 +242,31 @@
             getDefaultDeploymentTimeout(), 
             getSecurityEnabled(),
             getSecurityProfiles(), 
  -          getTargetDirectives()
  +          getGrantsTable()
           );
       }
   
  +   /**
  +    * Return the security enabled status flag. If the value
  +    * return is TRUE then the composition model and runtime
  +    * will validate component initiated requires against 
  +    * named permission profiles.  If the value is FALSE the 
  +    * permission validation actions will not be performed.
  +    * The default value is FALSE.
  +    *
  +    * @return the security enabled flag
  +    */
       public boolean getSecurityEnabled()
       {
           return m_secure;
       }
   
  +   /**
  +    * Return the parent context to use when establishing a 
  +    * new SystemContext.
  +    *
  +    * @return the parent context
  +    */ 
       public Context getParentContext()
       {
           return m_parent;
  @@ -265,10 +282,15 @@
           return m_name;
       }
   
  -    public TargetDirective[] getTargetDirectives()
  +   /**
  +    * Return the initial grants table.
  +    * 
  +    * @return the grants table
  +    */
  +    public Map getGrantsTable()
       {
  -        if( null == m_targets ) return new TargetDirective[0];
  -        return m_targets;
  +        if( null == m_grants ) return new Hashtable();
  +        return m_grants;
       }
   
      /**
  @@ -407,10 +429,12 @@
           }
   
           Artifact artifact = artifacts[0];
  +
           try
           {
               File dir = getBaseDirectory();
  -            ClassLoader classloader = 
DefaultSystemContextFactory.class.getClassLoader();
  +            ClassLoader classloader = 
  +              DefaultSystemContextFactory.class.getClassLoader();
               Builder builder = m_context.newBuilder( classloader, artifact );
               LoggingFactory factory = (LoggingFactory) builder.getFactory();
               LoggingCriteria params = factory.createDefaultLoggingCriteria();
  
  
  
  1.5       +5 -4      
avalon/merlin/composition/spi/src/java/org/apache/avalon/composition/provider/SystemContextFactory.java
  
  Index: SystemContextFactory.java
  ===================================================================
  RCS file: 
/home/cvs/avalon/merlin/composition/spi/src/java/org/apache/avalon/composition/provider/SystemContextFactory.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- SystemContextFactory.java 4 Mar 2004 03:42:30 -0000       1.4
  +++ SystemContextFactory.java 7 Mar 2004 00:00:59 -0000       1.5
  @@ -18,6 +18,7 @@
   package org.apache.avalon.composition.provider;
   
   import java.io.File;
  +import java.util.Map;
   
   import org.apache.avalon.composition.data.TargetDirective;
   import org.apache.avalon.composition.data.SecurityProfile;
  @@ -106,10 +107,10 @@
       void setSecurityProfiles( SecurityProfile[] profiles );
   
      /**
  -    * Set the initial set of target override directives.
  -    * @param targets the target overrides
  +    * Set the initial grants table.
  +    * @param grants the initial grants table
       */
  -    void setTargetDirectives( TargetDirective[] targets );
  +    void setGrantsTable( Map grants );
   
      /**
       * Set the working directory.
  
  
  
  1.7       +1 -1      avalon/merlin/kernel/impl/conf/kernel.xml
  
  Index: kernel.xml
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/kernel/impl/conf/kernel.xml,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- kernel.xml        4 Mar 2004 03:42:30 -0000       1.6
  +++ kernel.xml        7 Mar 2004 00:00:59 -0000       1.7
  @@ -33,7 +33,7 @@
   
     <repository>
       <hosts>
  -      <host path="http://dpml.net/"/>
  +      <host path="http://www.dpml.net/"/>
         <host path="http://www.ibiblio.org/maven/"/>
       </hosts>
     </repository>
  
  
  
  1.38      +29 -3     
avalon/merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl/DefaultFactory.java
  
  Index: DefaultFactory.java
  ===================================================================
  RCS file: 
/home/cvs/avalon/merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl/DefaultFactory.java,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- DefaultFactory.java       1 Mar 2004 16:46:03 -0000       1.37
  +++ DefaultFactory.java       7 Mar 2004 00:00:59 -0000       1.38
  @@ -22,6 +22,7 @@
   import java.io.InputStream;
   import java.io.IOException;
   import java.net.URL;
  +import java.util.Hashtable;
   import java.util.Map;
   import java.util.ArrayList;
   import java.util.Iterator;
  @@ -219,6 +220,15 @@
           getLogger().debug( "logging system established" );
   
           //
  +        // Resolve the target overrides now because we need this 
  +        // information now to construct the set of permission profile
  +        // grants and secondly, we will need to the targets later 
  +        // during the model customization phase
  +        //
  +
  +        TargetDirective[] targets = getTargetOverrides( criteria );
  +
  +        //
           // Create the system context.
           //
   
  @@ -228,7 +238,7 @@
   
           SystemContext systemContext = 
             createSystemContext( 
  -            m_context, criteria, hosts, logging, config, "kernel" );
  +            m_context, criteria, hosts, logging, config, targets, "kernel" );
   
           //
           // with the logging system established, check if the 
  @@ -400,14 +410,15 @@
       */
       private SystemContext createSystemContext( 
         InitialContext context, KernelCriteria criteria, String[] hosts, 
  -      LoggingManager logging, Configuration config, String name ) throws Exception
  +      LoggingManager logging, Configuration config, TargetDirective[] targets, 
  +      String name ) throws Exception
       {
   
           SystemContextFactory factory = 
             new DefaultSystemContextFactory( context );
   
           //
  -        // add the security profiles
  +        // add the security profiles and the grants
           //
   
           boolean secure = criteria.isSecurityEnabled();
  @@ -418,6 +429,19 @@
               SecurityProfile[] profiles = 
                 SECURITY_CREATOR.createSecurityProfiles( secConfig );
               factory.setSecurityProfiles( profiles );
  +
  +            Map grants = new Hashtable();
  +            for( int i=0; i<targets.length; i++ )
  +            {
  +                TargetDirective target = targets[i];
  +                final String profile = 
  +                  target.getSecurityProfileName();
  +                if( null != profile )
  +                {
  +                    grants.put( target.getPath(), profile );
  +                }
  +            }
  +            factory.setGrantsTable( grants );
           }
   
           //
  @@ -715,6 +739,8 @@
           buffer.append( "\n" );
           buffer.append( "\n  ${avalon.repository.cache} == " 
             + context.getInitialCacheDirectory() );
  +        buffer.append( "\n  ${avalon.repository.online} == " 
  +          + context.getOnlineMode() );
           buffer.append( "\n  ${avalon.repository.hosts} == " );
           String[] ihosts = context.getInitialHosts();
           for( int i=0; i<ihosts.length; i++ )
  
  
  
  1.10      +2 -2      avalon/merlin/platform/src/config/debug.xml
  
  Index: debug.xml
  ===================================================================
  RCS file: /home/cvs/avalon/merlin/platform/src/config/debug.xml,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- debug.xml 29 Feb 2004 22:34:54 -0000      1.9
  +++ debug.xml 7 Mar 2004 00:00:59 -0000       1.10
  @@ -3,8 +3,8 @@
   <kernel>
      <repository>
        <hosts>
  -       <host path="http://dpml.net/"/>
  -       <host path="http://ibiblio.org/maven/"/>
  +       <host path="http://www.dpml.net/"/>
  +       <host path="http://www.ibiblio.org/maven/"/>
        </hosts>
      </repository>
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to