The current policy parser implementation still generates CodeSource
based grant's, these can cause dns lookups when CodeSource.implies is
called. For this reason, as soon as all tests are confirmed passing,
I'll be switching it over to utilise URI based grants.
Peter.
Peter Firmstone wrote:
net.jini.security.policy.ConcurrentPolicyFile is a concurrent
replacement for sun.security.provider.PolicyFile and combined with
DynamicPolicyProvider is passing all policy provider and security
tests for Apache River, except for one appended below.
The good news is this test checks for the SecurityPermission
accessClassInPackage sun.security.provider.
Since we aren't accessing a class in sun.security.provider, the test
failure is based on an assumption of using Sun's PolicyFile
implementation.
The new ConcurrentPolicyFile is based on code from Apache Harmony,
refactored for concurrency and full support of Sun's java policy file
syntax, including the undocumented array properties delimited by
double curly braces ${{java.ext.dirs}} , values delimited by colon :
. It's also capable of expanding nested properties.
The policy parser will also be used for the RemotePolicy
implementation to enable administrator nodes to update security policy
within a djinn.
Cheers,
Peter.
