mcconnell 2004/03/06 16:00:59
Modified:
merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl
DefaultModelFactory.java DefaultSystemContext.java
DefaultSystemContextFactory.java
merlin/composition/spi/src/java/org/apache/avalon/composition/provider
SystemContextFactory.java
merlin/kernel/impl/conf kernel.xml
merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl
DefaultFactory.java
merlin/platform/src/config debug.xml
Log:
Complete the asignment of grants of named security profile name to a deployment
address.
Revision Changes Path
1.11 +102 -44
avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultModelFactory.java
Index: DefaultModelFactory.java
===================================================================
RCS file:
/home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultModelFactory.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- DefaultModelFactory.java 29 Feb 2004 22:25:26 -0000 1.10
+++ DefaultModelFactory.java 7 Mar 2004 00:00:58 -0000 1.11
@@ -26,8 +26,10 @@
import java.security.Permissions;
import java.security.PermissionCollection;
import java.security.ProtectionDomain;
-import java.util.Map;
import java.util.Hashtable;
+import java.util.Map;
+import java.util.Iterator;
+import java.util.Set;
import org.apache.avalon.composition.data.SecurityProfile;
import org.apache.avalon.composition.data.ComponentProfile;
@@ -89,6 +91,8 @@
private static final SecurityModel NULL_SECURITY =
new DefaultSecurityModel();
+ private static final String DEFAULT_PROFILE_NAME = "default";
+
//-------------------------------------------------------------------
// immutable state
//-------------------------------------------------------------------
@@ -120,20 +124,23 @@
/**
* A table of protection domain instances keyed by code source.
*/
- private Map m_domains = new Hashtable();
+ private Map m_grants;
//-------------------------------------------------------------------
// constructor
//-------------------------------------------------------------------
/**
- * Creation of a new model factory.
+ * Creation of a new model factory.
+ *
* @param system the system context
* @param profiles the set of initial security profiles
- * @param targets the set of initial override targets
+ * @param grants the set of initial address to permission
+ * profile assignments
*/
DefaultModelFactory(
- final SystemContext system, SecurityProfile[] profiles, TargetDirective[]
targets )
+ final SystemContext system, SecurityProfile[] profiles,
+ Map grants )
{
if( system == null )
{
@@ -143,37 +150,61 @@
{
throw new NullPointerException( "profiles" );
}
+ if( grants == null )
+ {
+ throw new NullPointerException( "grants" );
+ }
m_system = system;
+ m_grants = grants;
+
m_logger = system.getLogger();
//
// register the set of security profiles
//
- for( int i=0; i<profiles.length; i++ )
+ if( system.isCodeSecurityEnabled() )
{
- SecurityProfile profile = profiles[i];
- final String name = profile.getName();
- SecurityModel model = new DefaultSecurityModel( profile );
- m_security.put( profile.getName(), model );
- if( m_logger.isDebugEnabled() )
+ for( int i=0; i<profiles.length; i++ )
{
- m_logger.debug( "added security profile [" + name + "]." );
+ SecurityProfile profile = profiles[i];
+ final String name = profile.getName();
+ SecurityModel model = new DefaultSecurityModel( profile );
+ m_security.put( profile.getName(), model );
+ if( m_logger.isDebugEnabled() )
+ {
+ m_logger.debug(
+ "added security profile [" + name + "]." );
+ }
}
- }
- //
- // check that we have a default security profile
- //
+ //
+ // check that we have a default security profile
+ //
- if( null == m_security.get( "default" ) )
- {
- if( m_logger.isDebugEnabled() )
+ if( null == m_security.get( DEFAULT_PROFILE_NAME ) )
{
- m_logger.debug( "code security disabled" );
+ final String error =
+ "Security enabled without a \""
+ + DEFAULT_PROFILE_NAME
+ + "\" profile.";
+ throw new IllegalStateException( error );
+ }
+
+ //
+ // check that the initial set of grant bindings actually
+ // refer to known security profiles
+ //
+
+ Set entries = grants.entrySet();
+ Iterator iterator = entries.iterator();
+ while( iterator.hasNext() )
+ {
+ Map.Entry entry = (Map.Entry) iterator.next();
+ final String profile = (String) entry.getValue();
+ getNamedSecurityModel( profile );
}
- m_security.put( "default", NULL_SECURITY );
}
}
@@ -284,10 +315,8 @@
public ComponentModel createComponentModel( ComponentContext context )
throws ModelException
{
- //
- // TODO: update to check for a named profile assignment
- //
- SecurityModel security = getDefaultSecurityModel();
+ final String path = context.getQualifiedName();
+ SecurityModel security = getAssignedSecurityModel( path );
return new DefaultComponentModel( context, security );
}
@@ -301,11 +330,8 @@
public ContainmentModel createContainmentModel( ContainmentContext context )
throws ModelException
{
- //
- // TODO: update to check for a named profile assignment
- //
-
- SecurityModel security = getDefaultSecurityModel();
+ final String path = context.getQualifiedName();
+ SecurityModel security = getAssignedSecurityModel( path );
return new DefaultContainmentModel( context, security );
}
@@ -369,29 +395,61 @@
}
/**
- * WARNING: Lots of updates needed here. We need to be suppied
- * with mapping of container paths to security profiles names. For
- * the moment just return a default security model.
+ * Return the security profile matching the supplied deployment
+ * path. The implementation will return the default security profile
+ * unless an explicit grant has been declared for the the supplied
+ * path, and the grant referes to a known security profile.
*
- * @param path the container path
+ * @param path the container or component path
* @return the assigned security model
*/
private SecurityModel getAssignedSecurityModel( final String path )
{
- return getDefaultSecurityModel();
+ if( m_system.isCodeSecurityEnabled() )
+ {
+ final String profile = getAssignedProfileName( path );
+ return getNamedSecurityModel( profile );
+ }
+ else
+ {
+ return NULL_SECURITY;
+ }
}
/**
- * Return a named security profile.
- *
- * @param name the profile name
+ * Return a named security profile.
+ * @param name an existing security profile name
* @return the security model
+ * @exception IllegalArgumentException if the name is unknown
+ */
+ private SecurityModel getNamedSecurityModel( String name )
+ {
+ SecurityModel model =
+ (SecurityModel) m_security.get( name );
+ if( null != model )
+ {
+ return model;
+ }
+ else
+ {
+ final String error =
+ "Unknown security profile [" + name + "].";
+ throw new IllegalArgumentException( error );
+ }
+ }
+
+ /**
+ * Return the security profile name assigned to the supplied path.
+ * If no assignment has been declared the default security profile
+ * name will be returned.
+ *
+ * @return the security profile name for the path
*/
- private SecurityModel getNamedSecurityModel( final String name )
+ private String getAssignedProfileName( String path )
{
- SecurityModel model = (SecurityModel) m_security.get( name );
- if( null != model ) return model;
- return getDefaultSecurityModel();
+ final String profile = (String) m_grants.get( path );
+ if( null != profile ) return profile;
+ return DEFAULT_PROFILE_NAME;
}
/**
@@ -401,7 +459,7 @@
*/
private SecurityModel getDefaultSecurityModel()
{
- return (SecurityModel) m_security.get( "default" );
+ return (SecurityModel) m_security.get( DEFAULT_PROFILE_NAME );
}
}
1.26 +4 -4
avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContext.java
Index: DefaultSystemContext.java
===================================================================
RCS file:
/home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContext.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- DefaultSystemContext.java 4 Mar 2004 03:42:30 -0000 1.25
+++ DefaultSystemContext.java 7 Mar 2004 00:00:58 -0000 1.26
@@ -143,7 +143,7 @@
long timeout,
boolean secure,
SecurityProfile[] security,
- TargetDirective[] targets ) throws SystemException
+ Map grants ) throws SystemException
{
super( parent );
@@ -153,7 +153,7 @@
assertNotNull( "logging", logging );
assertNotNull( "category", category );
assertNotNull( "security", security );
- assertNotNull( "targets", targets );
+ assertNotNull( "grants", grants );
if( !base.isDirectory() )
{
@@ -184,7 +184,7 @@
}
}
- m_factory = new DefaultModelFactory( this, security, targets );
+ m_factory = new DefaultModelFactory( this, security, grants );
//
// use avalon-repository to load the runtime
1.5 +36 -12
avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContextFactory.java
Index: DefaultSystemContextFactory.java
===================================================================
RCS file:
/home/cvs/avalon/merlin/composition/impl/src/java/org/apache/avalon/composition/model/impl/DefaultSystemContextFactory.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- DefaultSystemContextFactory.java 4 Mar 2004 03:42:30 -0000 1.4
+++ DefaultSystemContextFactory.java 7 Mar 2004 00:00:59 -0000 1.5
@@ -19,10 +19,11 @@
import java.io.File;
import java.net.URL;
-import java.util.Map;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException ;
import java.lang.reflect.Method ;
+import java.util.Hashtable;
+import java.util.Map;
import org.apache.avalon.logging.provider.LoggingException;
import org.apache.avalon.logging.provider.LoggingFactory;
@@ -108,7 +109,7 @@
private SecurityProfile[] m_profiles;
- private TargetDirective[] m_targets;
+ private Map m_grants;
private Context m_parent;
@@ -208,12 +209,12 @@
}
/**
- * Set the initial set of target override directives.
- * @param targets the target overrides
+ * Set the initial set of address to security profile grants.
+ * @param grants the initial grants table
*/
- public void setTargetDirectives( TargetDirective[] targets )
+ public void setGrantsTable( Map grants )
{
- m_targets = targets;
+ m_grants = grants;
}
/**
@@ -241,15 +242,31 @@
getDefaultDeploymentTimeout(),
getSecurityEnabled(),
getSecurityProfiles(),
- getTargetDirectives()
+ getGrantsTable()
);
}
+ /**
+ * Return the security enabled status flag. If the value
+ * return is TRUE then the composition model and runtime
+ * will validate component initiated requires against
+ * named permission profiles. If the value is FALSE the
+ * permission validation actions will not be performed.
+ * The default value is FALSE.
+ *
+ * @return the security enabled flag
+ */
public boolean getSecurityEnabled()
{
return m_secure;
}
+ /**
+ * Return the parent context to use when establishing a
+ * new SystemContext.
+ *
+ * @return the parent context
+ */
public Context getParentContext()
{
return m_parent;
@@ -265,10 +282,15 @@
return m_name;
}
- public TargetDirective[] getTargetDirectives()
+ /**
+ * Return the initial grants table.
+ *
+ * @return the grants table
+ */
+ public Map getGrantsTable()
{
- if( null == m_targets ) return new TargetDirective[0];
- return m_targets;
+ if( null == m_grants ) return new Hashtable();
+ return m_grants;
}
/**
@@ -407,10 +429,12 @@
}
Artifact artifact = artifacts[0];
+
try
{
File dir = getBaseDirectory();
- ClassLoader classloader =
DefaultSystemContextFactory.class.getClassLoader();
+ ClassLoader classloader =
+ DefaultSystemContextFactory.class.getClassLoader();
Builder builder = m_context.newBuilder( classloader, artifact );
LoggingFactory factory = (LoggingFactory) builder.getFactory();
LoggingCriteria params = factory.createDefaultLoggingCriteria();
1.5 +5 -4
avalon/merlin/composition/spi/src/java/org/apache/avalon/composition/provider/SystemContextFactory.java
Index: SystemContextFactory.java
===================================================================
RCS file:
/home/cvs/avalon/merlin/composition/spi/src/java/org/apache/avalon/composition/provider/SystemContextFactory.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SystemContextFactory.java 4 Mar 2004 03:42:30 -0000 1.4
+++ SystemContextFactory.java 7 Mar 2004 00:00:59 -0000 1.5
@@ -18,6 +18,7 @@
package org.apache.avalon.composition.provider;
import java.io.File;
+import java.util.Map;
import org.apache.avalon.composition.data.TargetDirective;
import org.apache.avalon.composition.data.SecurityProfile;
@@ -106,10 +107,10 @@
void setSecurityProfiles( SecurityProfile[] profiles );
/**
- * Set the initial set of target override directives.
- * @param targets the target overrides
+ * Set the initial grants table.
+ * @param grants the initial grants table
*/
- void setTargetDirectives( TargetDirective[] targets );
+ void setGrantsTable( Map grants );
/**
* Set the working directory.
1.7 +1 -1 avalon/merlin/kernel/impl/conf/kernel.xml
Index: kernel.xml
===================================================================
RCS file: /home/cvs/avalon/merlin/kernel/impl/conf/kernel.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- kernel.xml 4 Mar 2004 03:42:30 -0000 1.6
+++ kernel.xml 7 Mar 2004 00:00:59 -0000 1.7
@@ -33,7 +33,7 @@
<repository>
<hosts>
- <host path="http://dpml.net/"/>
+ <host path="http://www.dpml.net/"/>
<host path="http://www.ibiblio.org/maven/"/>
</hosts>
</repository>
1.38 +29 -3
avalon/merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl/DefaultFactory.java
Index: DefaultFactory.java
===================================================================
RCS file:
/home/cvs/avalon/merlin/kernel/impl/src/java/org/apache/avalon/merlin/impl/DefaultFactory.java,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- DefaultFactory.java 1 Mar 2004 16:46:03 -0000 1.37
+++ DefaultFactory.java 7 Mar 2004 00:00:59 -0000 1.38
@@ -22,6 +22,7 @@
import java.io.InputStream;
import java.io.IOException;
import java.net.URL;
+import java.util.Hashtable;
import java.util.Map;
import java.util.ArrayList;
import java.util.Iterator;
@@ -219,6 +220,15 @@
getLogger().debug( "logging system established" );
//
+ // Resolve the target overrides now because we need this
+ // information now to construct the set of permission profile
+ // grants and secondly, we will need to the targets later
+ // during the model customization phase
+ //
+
+ TargetDirective[] targets = getTargetOverrides( criteria );
+
+ //
// Create the system context.
//
@@ -228,7 +238,7 @@
SystemContext systemContext =
createSystemContext(
- m_context, criteria, hosts, logging, config, "kernel" );
+ m_context, criteria, hosts, logging, config, targets, "kernel" );
//
// with the logging system established, check if the
@@ -400,14 +410,15 @@
*/
private SystemContext createSystemContext(
InitialContext context, KernelCriteria criteria, String[] hosts,
- LoggingManager logging, Configuration config, String name ) throws Exception
+ LoggingManager logging, Configuration config, TargetDirective[] targets,
+ String name ) throws Exception
{
SystemContextFactory factory =
new DefaultSystemContextFactory( context );
//
- // add the security profiles
+ // add the security profiles and the grants
//
boolean secure = criteria.isSecurityEnabled();
@@ -418,6 +429,19 @@
SecurityProfile[] profiles =
SECURITY_CREATOR.createSecurityProfiles( secConfig );
factory.setSecurityProfiles( profiles );
+
+ Map grants = new Hashtable();
+ for( int i=0; i<targets.length; i++ )
+ {
+ TargetDirective target = targets[i];
+ final String profile =
+ target.getSecurityProfileName();
+ if( null != profile )
+ {
+ grants.put( target.getPath(), profile );
+ }
+ }
+ factory.setGrantsTable( grants );
}
//
@@ -715,6 +739,8 @@
buffer.append( "\n" );
buffer.append( "\n ${avalon.repository.cache} == "
+ context.getInitialCacheDirectory() );
+ buffer.append( "\n ${avalon.repository.online} == "
+ + context.getOnlineMode() );
buffer.append( "\n ${avalon.repository.hosts} == " );
String[] ihosts = context.getInitialHosts();
for( int i=0; i<ihosts.length; i++ )
1.10 +2 -2 avalon/merlin/platform/src/config/debug.xml
Index: debug.xml
===================================================================
RCS file: /home/cvs/avalon/merlin/platform/src/config/debug.xml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- debug.xml 29 Feb 2004 22:34:54 -0000 1.9
+++ debug.xml 7 Mar 2004 00:00:59 -0000 1.10
@@ -3,8 +3,8 @@
<kernel>
<repository>
<hosts>
- <host path="http://dpml.net/"/>
- <host path="http://ibiblio.org/maven/"/>
+ <host path="http://www.dpml.net/"/>
+ <host path="http://www.ibiblio.org/maven/"/>
</hosts>
</repository>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]