Good news, I've merged the current trunk and refactored my previous
Concurrent Policy work on skunk, all qa tests are passing and all new
junit tests are passing.
Previously I'd defined an SPI provider for the DynamicPolicy so I could
swap out implementations.
However now since we're not supporting anything pre Java 5, I intend to
just replace the existing DynamicPolicyProvider implementation instead.
Anyone who's ever activated security debugging will soon realise, there
are a lot of security checks in Java code, the resulting lock contention
has long been a source of criticism for Java 2 Security, which has not
changed since Java 1.4.
With a new SecurityManager that caches the result of security checks for
AccessControlContext's, two Concurrent Policy implementations, one for
DynamicPolicy and the other an ordinary file Policy provider as well as
ConcurrentPermissions, a heterogenous PermissionCollection (replaces
java.security.Permissions) and a homogenous
MultiReadPermissionCollection, for Permission implementations without
their own PermissionCollection, this is a completely new implementation
from top to bottom. The only things that haven't changed are the
Permission's themselves, ProtectionDomain, AccessController and
AccessControlContext. Oh and did I mention the DynamicPolicy supports
UmbrellaGrantPermission?
Policy's have a much larger magnitude of reads than writes, the policy
is designed to be non blocking on read (except for the old
PermissionCollection implementations, that still use synchronization).
Don't expect better single thread performance though, this code is
designed to scale with many threads performing security checks.
Remember every ProtectionDomain in a thread's AccessControlContext must
be checked every time a security check must be performed.
Anyway it's an important milestone.
Now it's time to swap policies and hope nothing breaks.
Cheers,
Peter.
