Hello Apache River,
Since there are some 1200 qa tests in River's QA test suite, ammending
policy files can be quite a chore.
When you take into account that these tests can be run with different
endpoints, JERI, JRMP, JSSE, Kerberos, and it can be persistant,
activatable or transient, the number of tests explodes.
The old way of manually adding permissions by trial and error doesn't
cut it, even my security policy file generator, which appends all
missing permissions into a file, is a pain; after running so many tests,
policy files contain thousands of lines and duplicates.
So I wrote this neat little tool appended below to tidy up policy
files. Now I can have policy files, with all permissions grants neatly
arranged with far less hassle.
In the past we only ran the qa suite with JERI in transient mode, right
now, I'm running a number of JSSE tests in transient mode. Unusually
when I run with JERI in activatable or transient mode, the tests, pass,
as does JSSE in transient mode, however when I run the tests activatable
with JSSE, I have test failures...
Cheers,
Peter.
public class PolicyCondenser {
public static void main(String [] args) throws Exception{
PolicyCondenser condenser = new PolicyCondenser();
for (int i = 0, l = args.length; i < l; i++){
condenser.condense(args[i]);
}
}
private PolicyCondenser()
{
super();
}
private static File policyFile(String filename) throws
URISyntaxException{
File policyFile = new File(filename);
if (!policyFile.exists()){
try {
policyFile.createNewFile();
} catch (IOException ex) {
throw new RuntimeException("Unable to create a policy file: " +
filename, ex);
}
}
return policyFile;
}
private void condense(String arg) throws Exception {
File policy = policyFile(arg);
File condensedPolicy = policyFile(arg + ".con");
PolicyParser parser = new DefaultPolicyParser();
Collection<PermissionGrant> grantsCol =
parser.parse(policy.toURI().toURL(), System.getProperties());
PermissionGrant [] grants = grantsCol.toArray(new
PermissionGrant[grantsCol.size()]);
int length = grants.length;
Collection<PermissionGrantBuilder> builders = new
ArrayList<PermissionGrantBuilder>(length);
for (int i = 0; i < length; i++){
if (grants[i] == null) continue;
PermissionGrantBuilder builder = grants[i].getBuilderTemplate();
Collection<Permission> permissions = new
TreeSet<Permission>(new PermissionComparator());
permissions.addAll(grants[i].getPermissions());
for (int j = 0; j < length; j++){
if (i == j || grants[j] == null) continue;
if (grants[i].impliesEquivalent(grants[j])){
permissions.addAll(grants[j].getPermissions());
grants[j] = null;
}
}
builder.permissions(permissions.toArray(new
Permission[permissions.size()]));
builders.add(builder);
grants[i] = null;
}
PrintWriter pw = new PrintWriter(new BufferedWriter(new
FileWriter(condensedPolicy, true)));
Iterator<PermissionGrantBuilder> builderIt = builders.iterator();
while(builderIt.hasNext()){
pw.print("grant ");
pw.print(builderIt.next().build().toString());
}
pw.flush();
pw.close();
}
}
