river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter_firmst...@apache.org
Subject svn commit: r1158535 [4/4] - in /river/jtsk/skunk/peterConcurrentPolicy: ./ qa/ qa/harness/policy/ qa/src/com/sun/jini/qa/harness/ qa/src/com/sun/jini/qa/resources/ qa/src/com/sun/jini/test/impl/reggie/ qa/src/com/sun/jini/test/impl/start/loadersplitpo...
Date Wed, 17 Aug 2011 06:18:12 GMT
Added: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java?rev=1158535&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java Wed Aug 17 06:18:09 2011
@@ -0,0 +1,250 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.security;
+
+import java.lang.ref.WeakReference;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.DomainCombiner;
+import java.security.Guard;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.concurrent.ConcurrentMap;
+import org.apache.river.api.delegates.DelegatePermission;
+import org.apache.river.impl.util.ConcurrentCollections;
+import org.apache.river.impl.util.ConcurrentWeakIdentityMap;
+import org.apache.river.impl.util.ConcurrentWeakMap;
+
+/**
+ * DelegateCombinerSecurityManager, is intended to be a high performance
+ * SecurityManager implementation that weakly caches the results of security checks
+ * for each AccessControlContext.
+ * 
+ * @author Peter Firmstone
+ */
+public class DelegateCombinerSecurityManager 
+extends SecurityManager implements DelegateSecurityManager {
+    
+    private final DomainCombiner dc;
+    // Cache of optimised Delegate AccessControlContext's
+    private final ConcurrentMap<AccessControlContext, AccessControlContext> contextCache;
+    private final ConcurrentMap<AccessControlContext, Set<Permission>> checked;
+    private final Guard g;
+    private final Action action;
+    
+    public DelegateCombinerSecurityManager(){
+        super();
+        dc = new DelegateDomainCombiner();
+        contextCache = new ConcurrentWeakMap<AccessControlContext, AccessControlContext>(100);
+        checked = new ConcurrentWeakMap<AccessControlContext, Set<Permission>>(100);
+        g = new RevokePermission();
+        action = new Action();
+    }
+    
+    @Override
+    public void checkPermission(Permission perm, Object context) throws SecurityException {
+	if (!(context instanceof AccessControlContext)) throw new SecurityException();
+	if (perm == null ) throw new NullPointerException("Permission Collection null");
+        AccessControlContext executionContext = (AccessControlContext) context;
+        // Checks if Permission has already been checked for this context.
+        Set<Permission> checkedPerms = checked.get(executionContext);
+        if (checkedPerms == null){
+            checkedPerms = ConcurrentCollections.multiReadSet(new HashSet<Permission>(96));
+            Set<Permission> existed = checked.putIfAbsent(executionContext, checkedPerms);
+            if (existed != null) checkedPerms = existed;
+        }
+        if (checkedPerms.contains(perm)) return; // don't need to check again.
+        if (perm instanceof DelegatePermission) {
+            // This is an expensive operation, so we cache the created AccessControlContext.
+            AccessControlContext delegateContext = contextCache.get(executionContext);
+            if (delegateContext == null) {
+                final AccessControlContext finalExecutionContext = executionContext;
+                // Create a new AccessControlContext with the DelegateDomainCombiner
+                // we don't need to preserve the Subject accross the call
+                // we have sufficient privilege.
+                delegateContext = AccessController.doPrivileged( 
+                    new PrivilegedAction<AccessControlContext>(){
+                       
+                        public AccessControlContext run() {
+                            return new AccessControlContext(finalExecutionContext, dc);
+                        }
+                    }
+                );
+                // Optimise the delegateContext, this runs the DelegateDomainCombiner
+                // and returns the AccessControlContext.
+                // This is a mutator method, the delegateContext returned
+                // is actually the same object passed in, after it is
+                // mutated, but just in case that changes in future we
+                // return it.
+                delegateContext = AccessController.doPrivileged(action, delegateContext);
+                contextCache.putIfAbsent(executionContext, delegateContext);
+                // Above putIfAbsent: It doesn't matter if it already existed,
+                // the context we have is valid to perform a permissionCheck.
+            }
+            executionContext = delegateContext;
+        } 
+        // Normal execution, same as SecurityManager.
+        executionContext.checkPermission(perm);
+        // If we get to here, no exceptions were thrown, we have permission.
+        checkedPerms.add(perm);
+    }
+
+    public void clearFromCache(Set<Permission> perms) throws SecurityException {
+        // This is a slow operation, with the benefit
+        // of faster security checks, which occur far more often.
+        // The cache will change while we make removals, however
+        // the policy will prevent any being re-added, since these have already 
+        // been removed from the policy.
+        g.checkGuard(this);
+        if (perms == null){
+            checked.clear();
+            return;
+        }
+        Set<Class> classes = new HashSet<Class>(30);
+        Iterator<Permission> i = perms.iterator();
+        while (i.hasNext()){
+            classes.add(i.next().getClass());
+        }
+        Collection<Set<Permission>> cache = checked.values();
+        Collection<Permission> remove = new ArrayList<Permission>(60);
+        Iterator<Set<Permission>> j = cache.iterator();
+        while (j.hasNext()){
+            Set<Permission> s = j.next();
+            Iterator<Permission> k = s.iterator();
+            while(k.hasNext()){
+                Permission p = k.next();
+                if (classes.contains(p.getClass())) remove.add(p);
+            }
+            s.removeAll(remove);
+            remove.clear();
+        }
+    }
+    
+    // Action retrieves the optimised AccessControlContext.
+    private class Action implements PrivilegedAction<AccessControlContext> {
+        private Action(){}
+        
+        public AccessControlContext run(){
+            return AccessController.getContext();
+        }
+        
+    }
+    
+    private class DelegateDomainCombiner implements DomainCombiner {
+        // Cache the DelegateProtectionDomain's we don't want to 
+        // create any more than abolutely necessary.
+        private final ConcurrentMap<ProtectionDomain,DelegateProtectionDomain> cache;
+        private DelegateDomainCombiner (){
+            cache = new ConcurrentWeakIdentityMap<ProtectionDomain,DelegateProtectionDomain>(120);
+        }
+
+        public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
+            /* We're only interested in the assignedDomains, since these
+             * are from the Context that the SecurityManager has been asked
+             * to check.
+             * 
+             * This code wraps each ProtectionDomain in a DelegateProtectionDomain
+             * to ensure we check for the DelegatePermission or it's candidate
+             * Permission.
+             * 
+             * The AccessControlContext instance will be the new instance
+             * we just created moments earlier, but with the context returned
+             * by this DomainCombiner.
+             */
+            int l = assignedDomains.length;
+            // I don't believe it's safe to re-use the existing array yet.
+            // I think it's the same context array from the original AccessControlContext
+            // we've duplicated, so modifing it would risk contaminating the 
+            // call stack context.
+            DelegateProtectionDomain[] delegated = new DelegateProtectionDomain[l];
+            for ( int i = 0; i < l ;i++ ){
+                delegated[i] = cache.get(assignedDomains[i]);
+                if (delegated[i] == null){
+                    delegated[i] = new DelegateProtectionDomain(assignedDomains[i]);
+                    DelegateProtectionDomain existed = 
+                            cache.putIfAbsent(assignedDomains[i], delegated[i]);
+                    if (existed != null){
+                        delegated[i] = existed;
+                    }
+                }
+            }
+            return delegated;
+        }
+    }
+    
+    /*
+     * DelegateProtectionDomain is only used briefly on the stack for
+     * a permission check.  The policy will never see it.
+     */
+    private class DelegateProtectionDomain extends ProtectionDomain {
+        // weakly reference the pd, so it doesn't prevent the cache key
+        // from being garbage collected.
+        private final WeakReference<ProtectionDomain> pd;
+        
+        DelegateProtectionDomain(ProtectionDomain pd){
+            // Use static domain so we don't strong reference to ClassLoader
+            // which has a strong reference to ProtectionDomain.
+            super(pd.getCodeSource(),pd.getPermissions());
+            this.pd = new WeakReference<ProtectionDomain>(pd);
+        }
+        
+        @Override
+        public boolean implies(Permission perm) {
+            ProtectionDomain pd = this.pd.get();
+            if (pd != null){
+                if (pd.implies(perm)) {
+                    return true;
+                }
+                if (perm instanceof DelegatePermission ){
+                    Permission candidate = ((DelegatePermission)perm).getPermission();
+                    if (pd.implies(candidate)){
+                        return true;
+                    }
+                }
+            }
+            return false;
+        }
+        
+        @Override
+        public String toString(){
+            // When pd.toString() is called, it will merge the policy permissions
+            // with those in pd if non static, which means the Permissions will no longer
+            // be correct in the superclass.  This won't affect implies, since it
+            // calls the policy anyway, where the permissions have been combined
+            // by the policy.
+            // It will affect getPermissions() however this won't be used.
+//            StringBuilder sb = new StringBuilder(200);
+//            return sb.append("DelegateProtectionDomain\n").append(pd.toString()).toString();
+            // I don't think the output should be any different from standard.
+            ProtectionDomain pd = this.pd.get();
+            if (pd != null){
+                return pd.toString();
+            }
+            return "";
+        }
+        
+    }
+    
+}

Propchange: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateCombinerSecurityManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateReflectionSecurityManager.java (from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateReflectionSecurityManager.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateReflectionSecurityManager.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java&r1=1153098&r2=1158535&rev=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/InternetSecurityManager.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateReflectionSecurityManager.java Wed Aug 17 06:18:09 2011
@@ -39,7 +39,7 @@ import org.apache.river.impl.util.Concur
 import org.apache.river.impl.util.ConcurrentWeakMap;
 
 /**
- * The InternetSecurityManager provides cached permission check results and
+ * The DelegateReflectionSecurityManager provides cached permission check results and
  * proper functionality for DelegatePermission's.
  * 
  * The best way to utilise this SecurityManager is via Guard.checkGuard().
@@ -49,7 +49,7 @@ import org.apache.river.impl.util.Concur
  *  
  * @author Peter Firmstone
  */
-public class InternetSecurityManager extends SecurityManager {
+public class DelegateReflectionSecurityManager extends SecurityManager implements DelegateSecurityManager {
 
     private final ConcurrentMap<AccessControlContext,ExecutionContextChecks> checks;
 //    private final ReadWriteLock revokeLock;
@@ -78,7 +78,7 @@ public class InternetSecurityManager ext
      * contains.
      */ 
     
-    public InternetSecurityManager(){
+    public DelegateReflectionSecurityManager(){
 	/* This checks adequate permission is held */
 	super();
 	/* Previous checks */
@@ -171,7 +171,10 @@ public class InternetSecurityManager ext
 	     * are on the stack.
 	     * However if there is an error, then we default to the safest
 	     * action of directly consulting the AccessControlContext instead.
-	     */
+	     *
+             *
+             * Instead of using reflection 
+             */
 	    ProtectionDomain[] contx = AccessController.doPrivileged( new PrivilegedAction<ProtectionDomain[]>(){
 		public ProtectionDomain[] run() {
 		    try {
@@ -179,16 +182,16 @@ public class InternetSecurityManager ext
 			field.setAccessible(true);
 			return (ProtectionDomain[]) field.get(acc);
 		    } catch (IllegalArgumentException ex) {
-			Logger.getLogger(InternetSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
+			Logger.getLogger(DelegateReflectionSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
 			return null;
 		    } catch (IllegalAccessException ex) {
-			Logger.getLogger(InternetSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
+			Logger.getLogger(DelegateReflectionSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
 			return null;
 		    } catch (NoSuchFieldException ex) {
-			Logger.getLogger(InternetSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
+			Logger.getLogger(DelegateReflectionSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
 			return null;
 		    } catch (SecurityException ex) {
-			Logger.getLogger(InternetSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
+			Logger.getLogger(DelegateReflectionSecurityManager.class.getName()).log(Level.SEVERE, null, ex);
 			return null;
 		    }
 		}
@@ -243,4 +246,5 @@ public class InternetSecurityManager ext
 	}
 	
     }
+
 }

Added: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateSecurityManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateSecurityManager.java?rev=1158535&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateSecurityManager.java (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateSecurityManager.java Wed Aug 17 06:18:09 2011
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.security;
+
+import java.security.Permission;
+import java.util.Set;
+
+/**
+ * The DelegateSecurityManager is designed to enable the use of DelegatePermission
+ * for Delegate Objects to encapsulate security sensitive objects using
+ * Li Gong's method guard pattern.
+ * 
+ * In this manner we can prevent references to security sensitive object's from 
+ * escaping.
+ * 
+ * See "Inside Java 2 Platform Security" 2nd Edition, ISBN:0-201-78791-1, page 176.
+ * 
+ * @author Peter Firmstone.
+ */
+public interface DelegateSecurityManager {
+
+    /**
+     * 
+     * @param perm
+     * @param context
+     * @throws SecurityException
+     */
+    void checkPermission(Permission perm, Object context) throws SecurityException;
+
+    /**
+     * This method clears permissions from the checked cache, it should be
+     * called after calling Policy.refresh();
+     * 
+     * If the Set provided contains permissions, only those of the same
+     * class will be removed from the checked cache.
+     * 
+     * If the Set is null, the checked cache is cleared completely.
+     *
+     * @param perms
+     * @throws java.lang.InterruptedException
+     * @throws java.util.concurrent.ExecutionException
+     */
+    void clearFromCache(Set<Permission> perms) throws SecurityException;
+    
+}

Propchange: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/DelegateSecurityManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrant.java Wed Aug 17 06:18:09 2011
@@ -90,7 +90,16 @@ public interface PermissionGrant {
      * Returns true if this PermissionGrant defines no Permissions, or if
      * a PermissionGrant was made to a ProtectionDomain that no longer exists,
      * or if the Exclusion excludes the PermissionGrant.
+     * @param excl 
      */
     public boolean isVoid(Exclusion excl);
+    
+    /**
+     * Provide a suitable PermissionGrantBuilder, the user can use to
+     * produce a new PermissionGrant.
+     * 
+     * @return
+     */
+    public PermissionGrantBuilder getBuilderTemplate();
 
 }

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilder.java Wed Aug 17 06:18:09 2011
@@ -77,7 +77,7 @@ public abstract class PermissionGrantBui
      */
     public static final int PRINCIPAL = 4;
     
-    public static PermissionGrantBuilder create(){
+    public static PermissionGrantBuilder newBuilder(){
         return new PermissionGrantBuilderImp();
     }
     

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PermissionGrantBuilderImp.java Wed Aug 17 06:18:09 2011
@@ -22,6 +22,7 @@ import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.Serializable;
+import java.util.Collection;
 import org.apache.river.api.security.Exclusion;
 import org.apache.river.api.security.PermissionGrantBuilder;
 import java.lang.ref.WeakReference;
@@ -30,6 +31,7 @@ import java.security.Permission;
 import java.security.Principal;
 import java.security.ProtectionDomain;
 import java.security.cert.Certificate;
+import java.util.Collections;
 import org.apache.river.api.security.PermissionGrant;
 
 /**
@@ -46,6 +48,7 @@ import org.apache.river.api.security.Per
 class PermissionGrantBuilderImp extends PermissionGrantBuilder implements
         Serializable{
     private static final long serialVersionUID = 1L;
+    private static final PermissionGrant nullGrant = new NullPermissionGrant();
     private CodeSource cs;
     private Certificate[] certs;
     private transient WeakReference<ProtectionDomain> domain;
@@ -72,7 +75,7 @@ class PermissionGrantBuilderImp extends 
         principals = null;
         permissions = null;
         deny = null;
-        context = CODESOURCE;
+        context = -1;
     }
 
     public PermissionGrantBuilder context(int context) {
@@ -138,20 +141,20 @@ class PermissionGrantBuilderImp extends 
 
     public PermissionGrant build() {
         switch (context) {
-            case CLASSLOADER:
-                if (!hasDomain) return new PrincipalGrant(principals, permissions);
+            case CLASSLOADER: //Dynamic grant
+                // Don't return principal grant if domain null, dynamic grant's
+                // are treated special.
                 return new ClassLoaderGrant(domain, principals, permissions );
             case CODESOURCE:
                 return new CodeSourceGrant(cs, principals, permissions ,null );
             case CODESOURCE_CERTS:
                 return new CertificateGrant(certs, principals, permissions, deny );
-            case PROTECTIONDOMAIN:
-                if (!hasDomain) return new PrincipalGrant(principals, permissions);
+            case PROTECTIONDOMAIN: //Dynamic grant
                 return new ProtectionDomainGrant(domain, principals, permissions );
             case PRINCIPAL:
                 return new PrincipalGrant(principals, permissions);
             default:
-                return null;
+                return nullGrant;
         }
     }
 
@@ -179,6 +182,49 @@ class PermissionGrantBuilderImp extends 
     
     // readResolve method returns a PermissionGrant instance.
     private Object readResolve(){
+        // Don't deserialize specific grant's, they will grant to any domain.
+        if (context == CLASSLOADER || context == PROTECTIONDOMAIN){
+            if (hasDomain) return nullGrant;
+        }
+        // It's ok to return domainless dynamic grants.
         return build();
     }
+    
+    // This is a singleton so we don't need to implement equals or hashCode.
+    private static class NullPermissionGrant implements PermissionGrant, Serializable {
+        private static final long serialVersionUID = 1L;
+
+        public boolean implies(ProtectionDomain pd) {
+            return false;
+        }
+
+        public boolean implies(ClassLoader cl, Principal[] pal) {
+            return false;
+        }
+
+        public boolean implies(CodeSource codeSource, Principal[] pal) {
+            return false;
+        }
+
+        public Collection<Permission> getPermissions() {
+            return Collections.emptySet();
+        }
+
+        public boolean isVoid(Exclusion excl) {
+            return true;
+        }
+
+        public PermissionGrantBuilder getBuilderTemplate() {
+            return new PermissionGrantBuilderImp();
+        }
+        
+        public String toString(){
+            return "Null PermissionGrant";
+        }
+        
+        private Object readResolve(){
+            return nullGrant;
+        }
+        
+    }
 }

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PrincipalGrant.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PrincipalGrant.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PrincipalGrant.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/PrincipalGrant.java Wed Aug 17 06:18:09 2011
@@ -28,6 +28,7 @@ import java.security.Permission;
 import java.security.Principal;
 import java.security.ProtectionDomain;
 import java.security.acl.Group;
+import java.security.cert.Certificate;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
@@ -43,7 +44,9 @@ import org.apache.river.impl.security.po
  */
 class PrincipalGrant implements PermissionGrant, Serializable{
     private static final long serialVersionUID = 1L;
-    private final Set<Principal> pals;
+    // Null object pattern for CodeSource.
+    protected static final CodeSource nullCS = new CodeSource((URL) null, (Certificate[]) null);
+    protected final Set<Principal> pals;
     private final int hashCode;
     private final Set<Permission> perms;
     @SuppressWarnings("unchecked")
@@ -116,10 +119,10 @@ class PrincipalGrant implements Permissi
         Iterator<Principal> principalItr = pals.iterator();
         while (principalItr.hasNext()){
             Principal entrypal = principalItr.next();
-            Group g = null;
-            if ( entrypal instanceof Group ){
-                g = (Group) entrypal;
-            }
+//            Group g = null;
+//            if ( entrypal instanceof Group ){
+//                g = (Group) entrypal;
+//            }
             Iterator<Principal> p = princp.iterator();
             // The first match breaks out of internal loop.
             while (p.hasNext()){
@@ -180,9 +183,18 @@ class PrincipalGrant implements Permissi
         return result;
     } 
     
+    /* Dynamic grant's and file policy grant's have different semantics,
+     * this class was originally abstract, it might be advisable to make it so
+     * again.
+     * 
+     * dynamic grant's check if the contained protection domain is null first
+     * and if so return true.  policy file grant's check if the passed in
+     * pd is null first and if so return false.
+     * 
+     */
     public boolean implies(ProtectionDomain pd) {
+        if (pals.isEmpty()) return true;
 	if (pd == null) return false;
-	if (pals.isEmpty()) return true;
 	Principal[] hasPrincipals = pd.getPrincipals();
 	return implies(hasPrincipals);
     }
@@ -197,7 +209,7 @@ class PrincipalGrant implements Permissi
     }
 
     public PermissionGrantBuilder getBuilderTemplate() {
-        PermissionGrantBuilder pgb = PermissionGrantBuilder.create();
+        PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
         pgb.context(PermissionGrantBuilder.PRINCIPAL)
            .principals(pals.toArray(new Principal[pals.size()]))
            .permissions(perms.toArray(new Permission[perms.size()]));

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ProtectionDomainGrant.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ProtectionDomainGrant.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ProtectionDomainGrant.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/ProtectionDomainGrant.java Wed Aug 17 06:18:09 2011
@@ -41,7 +41,6 @@ class ProtectionDomainGrant extends Prin
     ProtectionDomainGrant(WeakReference<ProtectionDomain> domain, Principal[] groups, 
             Permission[] perm){
         super(groups, perm);
-        if (domain == null) throw new IllegalArgumentException("domain cannot be null");
         this.domain = domain;
         int hash = 7;
         hash = 13 * hash + (this.domain != null ? this.domain.hashCode() : 0);
@@ -57,7 +56,7 @@ class ProtectionDomainGrant extends Prin
         if (o instanceof ProtectionDomainGrant){
             ProtectionDomainGrant c = (ProtectionDomainGrant) o;
             if ( !super.equals(o)) return false;
-            if (domain.equals(c.domain)) return true;
+            if ( domain !=null && domain.equals(c.domain)) return true;
         }
         return false;
     }
@@ -71,11 +70,15 @@ class ProtectionDomainGrant extends Prin
         StringBuilder sb = new StringBuilder(400);
         sb.append(super.toString())
           .append("ProtectionDomain: \n");
-        ProtectionDomain pd = domain.get();
-        if (pd != null){
-            sb.append(pd.toString());
+        ProtectionDomain pd = null;
+        if (domain != null){ pd = domain.get();
+            if (pd != null){
+                sb.append(pd.toString());
+            } else {
+                sb.append("Grant is void - ProtectionDomain is null");
+            }
         } else {
-            sb.append("Grant is void - ProtectionDomain is null");
+            sb.append("Grant applies to all ProtectionDomain's");
         }
         return sb.toString();
     }
@@ -83,6 +86,8 @@ class ProtectionDomainGrant extends Prin
     
     @Override
     public boolean implies(ProtectionDomain pd){
+//        if ((domain == null) && (pals.isEmpty())) return true;
+//        if (pd == null) return false;
         return impliesProtectionDomain(pd) && implies(pd.getPrincipals());
 	
     }
@@ -106,6 +111,7 @@ class ProtectionDomainGrant extends Prin
     // for grant
     private boolean impliesProtectionDomain(ProtectionDomain pd) {
         // ProtectionDomain comparison
+        if (domain == null) return true; // Dynamic grant compatibility, opposite of CodeSource and Certificate grant's
         if (pd == null) return false;       
         if (domain.get() == null ) return false; // grant is void.
         if ( pd.equals(domain.get())) return true; // pd not null fast reference comparison
@@ -119,14 +125,15 @@ class ProtectionDomainGrant extends Prin
     // This is here for revoke and for new ProtectionDomain's created by the
     // DomainCombiner such as those in the SubjectDomainCombiner.
     private boolean impliesClassLoader(ClassLoader cl) {
+        if (domain == null ) return true;  // Dynamic grant compatibility
         if (cl == null) return false;       
         if (domain.get() == null ) return false; // is void.
         return domain.get().getClassLoader().equals(cl); // pd not null
     }
     // This is here for revoke and for new ProtectionDomain's created by the
     // DomainCombiner such as those in the SubjectDomainCombiner.
-    private boolean impliesCodeSource(CodeSource codeSource) { 
-        ProtectionDomain pd = domain.get();
+    private boolean impliesCodeSource(CodeSource codeSource) {
+        ProtectionDomain pd = domain != null ? domain.get(): null;
         if (pd == null) return false; // is void - why did I have true?
         CodeSource cs = normalizeCodeSource(pd.getCodeSource());
         if (cs == codeSource) return true; // same reference.
@@ -138,7 +145,7 @@ class ProtectionDomainGrant extends Prin
     @Override
     public boolean isVoid(Exclusion excl) {        
         if ( super.isVoid(null)) return true;
-        if (domain.get() == null) return true;
+        if ( domain != null && domain.get() == null) return true;
         return false;
     }
 

Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RemotePolicy.java (from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RemotePolicy.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RemotePolicy.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java&r1=1153098&r2=1158535&rev=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RemotePolicy.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RemotePolicy.java Wed Aug 17 06:18:09 2011
@@ -16,11 +16,12 @@
  * limitations under the License.
  */
 
-package org.apache.river.api.security;
+package org.apache.river.api.security.policy;
 
 import java.io.IOException;
 import net.jini.security.GrantPermission;
 import net.jini.security.policy.UmbrellaGrantPermission;
+import org.apache.river.api.security.PermissionGrant;
 import org.apache.river.impl.security.policy.util.PolicyParser;
 import org.apache.river.impl.security.policy.util.DefaultPolicyParser;
 import org.apache.river.impl.security.policy.util.DefaultPolicyScanner;
@@ -95,10 +96,15 @@ public interface RemotePolicy {
      * as well as GrantPermission or UmbrellaGrantPermission for every
      * Permission granted by each PermissionGrant.
      * 
-     * In this case the caller will be the client Subject.
+     * If the calling Subject doesn't have sufficient permission, the 
+     * first permission that fails will include the SecurityException as the
+     * cause of the thrown IOException.
      * 
-     * These Permissions should be set in the local policy files at the 
-     * RemotePolicy server.
+     * Permissions required by the callers Subject should be set in the 
+     * local policy files at the RemotePolicy server.
+     * 
+     * Where an IOException is thrown, no update to the
+     * RemotePolicy has occurred.
      * 
      * @param policyPermissions
      * @throws java.io.IOException 

Copied: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RevokeableDynamicPolicy.java (from r1153098, river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RevokeableDynamicPolicy.java?p2=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RevokeableDynamicPolicy.java&p1=river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java&r1=1153098&r2=1158535&rev=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/RevokeableDynamicPolicy.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/api/security/policy/RevokeableDynamicPolicy.java Wed Aug 17 06:18:09 2011
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 
-package org.apache.river.api.security;
+package org.apache.river.api.security.policy;
 
 import java.security.Permission;
 import java.security.Principal;

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/DefaultPolicyParser.java Wed Aug 17 06:18:09 2011
@@ -225,7 +225,7 @@ public class DefaultPolicyParser impleme
                 }
             }
         }
-        PermissionGrantBuilder pgb = PermissionGrantBuilder.create();
+        PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
         return pgb.codeSource(new CodeSource(codebase, signers))
                 .principals(principals.toArray(new Principal[principals.size()]))
                 .permissions(permissions.toArray(new Permission[permissions.size()]))
@@ -250,7 +250,7 @@ public class DefaultPolicyParser impleme
      * @return resolved Permission object, either of concrete class or UnresolvedPermission
      * @throws Exception if failed to expand properties, 
      * or to get a Certificate, 
-     * or to create an instance of a successfully found class 
+     * or to newBuilder an instance of a successfully found class 
      */
     protected Permission resolvePermission(
             DefaultPolicyScanner.PermissionEntry pe,

Modified: river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/src/org/apache/river/impl/security/policy/util/PolicyUtils.java Wed Aug 17 06:18:09 2011
@@ -42,7 +42,7 @@ import java.util.Enumeration;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Properties;
-import org.apache.river.impl.security.policy.se.ConcurrentPermissions;
+import net.jini.security.ConcurrentPermissions;
 
 /**
  * This class consist of a number of static methods, which provide a common functionality 
@@ -80,54 +80,6 @@ public class PolicyUtils {
     }
 
     /** 
-     * Auxiliary action for accessing system properties in a bundle. 
-     */
-    public static class SystemKit implements PrivilegedAction<Properties> {
-
-        /** 
-         * Returns system properties.
-         */
-        public Properties run() {
-            return System.getProperties();
-        }
-    }
-
-    /** 
-     * Auxiliary action for accessing specific system property. 
-     */
-    public static class SystemPropertyAccessor implements PrivilegedAction<String> {
-
-        /** 
-         * A key of a required system property.
-         */
-        public String key;
-
-        /** 
-         * Constructor with a property key parameter. 
-         */
-        public SystemPropertyAccessor(String key) {
-            this.key = key;
-        }
-
-        /** 
-         * Handy one-line replacement of 
-         * &quot;provide key and supply action&quot; code block, 
-         * for reusing existing action instance. 
-         */
-        public PrivilegedAction<String> key(String key) {
-            this.key = key;
-            return this;
-        }
-
-        /** 
-         * Returns specified system property. 
-         */
-        public String run() {
-            return System.getProperty(key);
-        }
-    }
-
-    /** 
      * Auxiliary action for accessing specific security property. 
      */
     public static class SecurityPropertyAccessor implements PrivilegedAction<String> {
@@ -154,66 +106,6 @@ public class PolicyUtils {
             return Security.getProperty(key);
         }
     }
-    
-    /** 
-     * Auxiliary action for loading a provider by specific security property.
-     */
-    public static class ProviderLoader<T> implements PrivilegedAction<T> {
-
-        private String key;
-        
-        /**
-         * Acceptable provider superclass.
-         */
-        private Class<T> expectedType;
-        
-        /** 
-         * Constructor taking property key and acceptable provider 
-         * superclass parameters.
-         */
-        public ProviderLoader(String key, Class<T> expected) {
-            super();
-            this.key = key;
-            this.expectedType = expected;
-        }
-
-        /** 
-         * Returns provider instance by specified security property.
-         * The <code>key</code> should map to a fully qualified classname.
-         * 
-         * @throws SecurityException if no value specified for the key 
-         * in security properties or if an Exception has occurred 
-         * during classloading and instantiating.
-         */
-        public T run() {
-            String klassName = Security.getProperty(key);
-            if (klassName == null || klassName.length() == 0) {
-                throw new SecurityException(Messages.getString("security.14C", //$NON-NLS-1$
-                                            key));
-            }
-            // TODO accurate classloading
-            try {
-                Class<?> klass = Class.forName(klassName, true,
-                        Thread.currentThread().getContextClassLoader());
-                if (expectedType != null && klass.isAssignableFrom(expectedType)){
-                    throw new SecurityException(Messages.getString("security.14D", //$NON-NLS-1$
-                                              klassName, expectedType.getName()));
-                }
-                //FIXME expectedType.cast(klass.newInstance());
-                return (T)klass.newInstance();
-            }
-            catch (SecurityException se){
-                throw se;
-            }
-            catch (Exception e) {
-                // TODO log error ??
-                SecurityException se = new SecurityException(
-                        Messages.getString("security.14E", klassName)); //$NON-NLS-1$
-                se.initCause(e);
-                throw se;
-            }
-        }
-    }
 
     /** 
      * Specific exception to signal that property expansion failed 
@@ -463,15 +355,12 @@ public class PolicyUtils {
     public static URL[] getPolicyURLs(final Properties system,
             final String systemUrlKey, final String securityUrlPrefix) {
 
-        final SecurityPropertyAccessor security = new SecurityPropertyAccessor(
-                null);
         final List<URL> urls = new ArrayList<URL>();
         boolean dynamicOnly = false;
         URL dynamicURL = null;
 
         //first check if policy is set via system properties
-        if (!Util.equalsIgnoreCase(FALSE, AccessController
-                .doPrivileged(security.key(POLICY_ALLOW_DYNAMIC)))) {
+        if (!Util.equalsIgnoreCase(FALSE, Security.getProperty(POLICY_ALLOW_DYNAMIC))) {
             String location = system.getProperty(systemUrlKey);
             if (location != null) {
                 if (location.startsWith("=")) { //$NON-NLS-1$
@@ -483,34 +372,25 @@ public class PolicyUtils {
                     location = expandURL(location, system);
                     // location can be a file, but we need an url...
                     final File f = new File(location);
-                    dynamicURL = AccessController
-                            .doPrivileged(new PrivilegedExceptionAction<URL>() {
-
-                                public URL run() throws Exception {
-                                    if (f.exists()) {
-                                        return f.toURI().toURL();
-                                    } else {
-                                        return null;
-                                    }
-                                }
-                            });
+                    if (f.exists()) {
+                        dynamicURL = f.toURI().toURL();
+                    } 
                     if (dynamicURL == null) {
                         dynamicURL = new URL(location);
                     }
                 }
                 catch (Exception e) {
                     // TODO: log error
-                    // System.err.println("Error detecting system policy location: "+e);
+                    System.err.println("Error detecting system policy location: "+e);
                 }
             }
         }
         //next read urls from security.properties 
         if (!dynamicOnly) {
             int i = 1;
-            while (true) {
-                String location = AccessController
-                        .doPrivileged(security.key(new StringBuilder(
-                                securityUrlPrefix).append(i++).toString()));
+            while (true) { 
+                String location = Security.getProperty(new StringBuilder(
+                                securityUrlPrefix).append(i++).toString());
                 if (location == null) {
                     break;
                 }
@@ -523,7 +403,7 @@ public class PolicyUtils {
                 }
                 catch (Exception e) {
                     // TODO: log error
-                    // System.err.println("Error detecting security policy location: "+e);
+                    System.err.println("Error detecting security policy location: "+e);
                 }
             }
         }
@@ -542,7 +422,7 @@ public class PolicyUtils {
      */
     public static PermissionCollection 
             toPermissionCollection(Collection<Permission> perms) {
-        PermissionCollection pc = new ConcurrentPermissions();
+        PermissionCollection pc = new Permissions();
         if (perms != null) {
             for (Iterator<Permission> iter = perms.iterator(); iter.hasNext();) {
                 Permission element = iter.next();
@@ -562,21 +442,21 @@ public class PolicyUtils {
      * from the specified PermissionCollection. An empty PermissionCollection
      * is returned if parameter is null.
      */
-    public static PermissionCollection 
-            mergePermissions(PermissionCollection[] perms) {
-        PermissionCollection pc = new ConcurrentPermissions();
-	int l = perms.length;
-	for (int i = 0; i < l; i++ ){
-	    if (perms[i] != null) {
-		Enumeration<Permission> iter = perms[i].elements();
-		while ( iter.hasMoreElements() ) {
-		    Permission element = iter.nextElement();
-		    pc.add(element);
-		}
-	    }
-	}
-        return pc;
-    }
+//    public static PermissionCollection 
+//            mergePermissions(PermissionCollection[] perms) {
+//        PermissionCollection pc = new ConcurrentPermissions();
+//	int l = perms.length;
+//	for (int i = 0; i < l; i++ ){
+//	    if (perms[i] != null) {
+//		Enumeration<Permission> iter = perms[i].elements();
+//		while ( iter.hasMoreElements() ) {
+//		    Permission element = iter.nextElement();
+//		    pc.add(element);
+//		}
+//	    }
+//	}
+//        return pc;
+//    }
     
     /** 
      * Converts common-purpose homegeneous or heterogeneous PermissionCollection's 

Copied: river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/ConcurrentPermissionsTest.java (from r1153098, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPermissionsTest.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/ConcurrentPermissionsTest.java?p2=river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/ConcurrentPermissionsTest.java&p1=river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPermissionsTest.java&r1=1153098&r2=1158535&rev=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPermissionsTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/ConcurrentPermissionsTest.java Wed Aug 17 06:18:09 2011
@@ -3,7 +3,7 @@
  * and open the template in the editor.
  */
 
-package org.apache.river.impl.security.policy.se;
+package net.jini.security;
 
 import java.lang.reflect.ReflectPermission;
 import java.net.NetPermission;
@@ -18,7 +18,6 @@ import java.util.PropertyPermission;
 import java.util.logging.LoggingPermission;
 import net.jini.security.AccessPermission;
 import net.jini.security.AuthenticationPermission;
-import org.apache.river.impl.security.policy.se.ConcurrentPermissions;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;

Modified: river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/GrantPermissionTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/GrantPermissionTest.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/GrantPermissionTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/GrantPermissionTest.java Wed Aug 17 06:18:09 2011
@@ -38,33 +38,29 @@ public class GrantPermissionTest {
     public void tearDown() throws Exception {
     }
 
-    /**
-     * Test of getActions method, of class GrantPermission.
-     */
-//    @org.junit.Test
-//    public void getActions() {
-//        System.out.println("getActions");
-//        GrantPermission instance = null;
-//        String expResult = "";
-//        String result = instance.getActions();
-//        assertEquals(expResult, result);
-//        // TODO review the generated test code and remove the default call to fail.
-//        fail("The test case is a prototype.");
-//    }
-
-    /**
-     * Test of newPermissionCollection method, of class GrantPermission.
+   /**
+     * Test of string construction, of class GrantPermission.
      */
-//    @org.junit.Test
-//    public void newPermissionCollection() {
-//        System.out.println("newPermissionCollection");
-//        GrantPermission instance = null;
-//        PermissionCollection expResult = null;
-//        PermissionCollection result = instance.newPermissionCollection();
-//        assertEquals(expResult, result);
-//        // TODO review the generated test code and remove the default call to fail.
-//        fail("The test case is a prototype.");
-//    }
+    @org.junit.Test
+    public void construct() {
+        System.out.println("String constructor");
+        RuntimePermission rpD = new RuntimePermission("D", "");
+//        RuntimePermission rpD1 = new RuntimePermission("D1");
+//        RuntimePermission rpC = new RuntimePermission("C");
+//        RuntimePermission rpC1 = new RuntimePermission("C1");
+        
+        String rpDS = "delim=' java.lang.RuntimePermission 'D'";
+        
+        GrantPermission gpS = new GrantPermission(rpDS);
+        GrantPermission gpP = new GrantPermission(rpD);
+        System.out.print(gpS.toString());
+        System.out.print(gpP.toString());
+        boolean result = gpS.implies(gpP);
+        boolean expResult = true;
+        assertEquals(expResult, result);
+        result = gpP.implies(gpS);
+        assertEquals(expResult, result);
+    }
 
     /**
      * Test of implies method, of class GrantPermission.
@@ -199,7 +195,7 @@ public class GrantPermissionTest {
         System.out.println(msg);
         return ret == exp;
     }
-    
+
     /**
      * Test of equals method, of class GrantPermission.
      */

Copied: river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/MultiReadPermissionCollectionTest.java (from r1153098, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollectionTest.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/MultiReadPermissionCollectionTest.java?p2=river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/MultiReadPermissionCollectionTest.java&p1=river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollectionTest.java&r1=1153098&r2=1158535&rev=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/MultiReadPermissionCollectionTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/MultiReadPermissionCollectionTest.java Wed Aug 17 06:18:09 2011
@@ -3,7 +3,7 @@
  * and open the template in the editor.
  */
 
-package org.apache.river.impl.security.policy.se;
+package net.jini.security;
 
 
 import java.security.Permission;
@@ -12,7 +12,6 @@ import java.util.ArrayList;
 import java.util.Enumeration;
 import net.jini.security.AccessPermission;
 import net.jini.security.AuthenticationPermission;
-import org.apache.river.impl.security.policy.se.MultiReadPermissionCollection;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;

Copied: river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/Permissions_ImplTest.java (from r1153098, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/Permissions_ImplTest.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/Permissions_ImplTest.java?p2=river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/Permissions_ImplTest.java&p1=river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/Permissions_ImplTest.java&r1=1153098&r2=1158535&rev=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/Permissions_ImplTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/Permissions_ImplTest.java Wed Aug 17 06:18:09 2011
@@ -20,7 +20,7 @@
 * @version $Revision$
 */
 
-package org.apache.river.impl.security.policy.se;
+package net.jini.security;
 import java.security.AllPermission;
 import java.security.BasicPermission;
 import java.security.Permission;
@@ -29,7 +29,6 @@ import java.security.SecurityPermission;
 import java.security.UnresolvedPermission;
 
 import junit.framework.TestCase;
-import org.apache.river.impl.security.policy.se.ConcurrentPermissions;
 
 /**
  * Tests for <code>Permissions</code>

Copied: river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/ConcurrentPolicyFileTest.java (from r1153103, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFileTest.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/ConcurrentPolicyFileTest.java?p2=river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/ConcurrentPolicyFileTest.java&p1=river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFileTest.java&r1=1153103&r2=1158535&rev=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/ConcurrentPolicyFileTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/ConcurrentPolicyFileTest.java Wed Aug 17 06:18:09 2011
@@ -20,7 +20,7 @@
 * @version $Revision$
 */
 
-package org.apache.river.impl.security.policy.se;
+package net.jini.security.policy;
 
 import tests.support.FakePrincipal;
 import java.net.URL;
@@ -39,7 +39,6 @@ import org.apache.river.impl.security.po
 import junit.framework.TestCase;
 import org.apache.river.api.security.PermissionGrant;
 import org.apache.river.api.security.PermissionGrantBuilder;
-import org.apache.river.impl.security.policy.se.ConcurrentPolicyFile;
 
 
 /**
@@ -74,10 +73,11 @@ public class ConcurrentPolicyFileTest ex
      */
     public void testRefresh() {
         Permission sp = new SecurityPermission("sdf");
-        PermissionGrantBuilder pgb = PermissionGrantBuilder.create();
+        PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
         PermissionGrant[] pe = new PermissionGrant[] { 
             pgb.codeSource(null).principals(null)
                .permissions(new Permission[] { sp })
+               .context(PermissionGrantBuilder.CODESOURCE)
                .build()
         };
         TestParser tp = new TestParser(pe);
@@ -109,7 +109,8 @@ public class ConcurrentPolicyFileTest ex
      * @throws java.lang.Exception 
      */
     public void testGetPermissions_CodeSource() throws Exception {
-        PermissionGrantBuilder pgb = PermissionGrantBuilder.create();
+        PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
+        pgb.context(PermissionGrantBuilder.CODESOURCE);
         CodeSource cs = new CodeSource(null, (Certificate[])null);
         CodeSource cs2 = new CodeSource(new URL("http://a.b.c"),
             (Certificate[])null);
@@ -144,7 +145,8 @@ public class ConcurrentPolicyFileTest ex
      * @throws java.lang.Exception 
      */
     public void testGetPermissions_ProtectionDomain() throws Exception {
-        PermissionGrantBuilder pgb = PermissionGrantBuilder.create();
+        PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
+        pgb.context(PermissionGrantBuilder.CODESOURCE);
         Permission sp1 = new SecurityPermission("aaa");
         Permission sp2 = new SecurityPermission("bbb");
         Permission sp3 = new SecurityPermission("ccc");

Copied: river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/PermissionCollectionTest.java (from r1153098, river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/PermissionCollectionTest.java)
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/PermissionCollectionTest.java?p2=river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/PermissionCollectionTest.java&p1=river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/PermissionCollectionTest.java&r1=1153098&r2=1158535&rev=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/se/PermissionCollectionTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/net/jini/security/policy/PermissionCollectionTest.java Wed Aug 17 06:18:09 2011
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-package org.apache.river.impl.security.policy.se;
+package net.jini.security.policy;
 
 import java.io.File;
 import java.io.FileOutputStream;

Added: river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/CodeSourceGrantTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/CodeSourceGrantTest.java?rev=1158535&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/CodeSourceGrantTest.java (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/CodeSourceGrantTest.java Wed Aug 17 06:18:09 2011
@@ -0,0 +1,88 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.apache.river.api.security;
+
+import java.net.MalformedURLException;
+import java.security.cert.Certificate;
+import java.net.URL;
+import java.security.Permission;
+import java.security.ProtectionDomain;
+import net.jini.security.GrantPermission;
+import java.security.CodeSource;
+import java.security.Principal;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author peter
+ */
+public class CodeSourceGrantTest {
+    
+        RuntimePermission rpD, rpA;
+//        RuntimePermission rpD1 = new RuntimePermission("D1");
+//        RuntimePermission rpC = new RuntimePermission("C");
+//        RuntimePermission rpC1 = new RuntimePermission("C1");
+        
+        String rpDS;
+        
+        GrantPermission gpS;
+        GrantPermission gpP;
+        ProtectionDomain pd1;
+        CodeSourceGrant instance;
+        
+    public CodeSourceGrantTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() throws Exception {
+    }
+
+    @AfterClass
+    public static void tearDownClass() throws Exception {
+    }
+    
+    @Before
+    public void setUp() throws MalformedURLException {
+        rpD = new RuntimePermission("D", "");
+        rpDS = "delim=' java.lang.RuntimePermission 'D'";
+        gpS = new GrantPermission(rpDS);
+        gpP = new GrantPermission(rpD);
+        rpA = new RuntimePermission("A");
+        Permission[] perms = { rpA, gpS };
+        instance = new CodeSourceGrant(null, null, perms, null);
+        CodeSource cs = new CodeSource(new URL("file://foo.bar"), (Certificate[]) null);
+        pd1 = new ProtectionDomain(cs, null);
+       // CodeSource cs = 
+    }
+
+    /**
+     * Test of implies method, of class CodeSourceGrant.
+     */
+    @Test
+    public void testImplies() {
+        System.out.println("implies");
+        boolean expResult = true;
+        boolean result = instance.implies(pd1);
+        assertEquals(expResult, result);
+    }
+
+//    /**
+//     * Test of getBuilderTemplate method, of class CodeSourceGrant.
+//     */
+//    @Test
+//    public void testGetBuilderTemplate() {
+//        System.out.println("getBuilderTemplate");
+//        CodeSourceGrant instance = null;
+//        PermissionGrantBuilder expResult = null;
+//        PermissionGrantBuilder result = instance.getBuilderTemplate();
+//        assertEquals(expResult, result);
+//        // TODO review the generated test code and remove the default call to fail.
+//        fail("The test case is a prototype.");
+//    }
+}

Propchange: river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/CodeSourceGrantTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/DelegateCombinerSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/DelegateCombinerSecurityManagerTest.java?rev=1158535&view=auto
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/DelegateCombinerSecurityManagerTest.java (added)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/DelegateCombinerSecurityManagerTest.java Wed Aug 17 06:18:09 2011
@@ -0,0 +1,162 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.security;
+
+import java.security.Permissions;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.cert.Certificate;
+import java.security.CodeSource;
+import java.security.AllPermission;
+import java.util.PropertyPermission;
+import org.apache.river.api.delegates.DelegatePermission;
+import java.security.AccessControlContext;
+import java.net.SocketPermission;
+import java.security.ProtectionDomain;
+import java.security.Permission;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author peter
+ */
+public class DelegateCombinerSecurityManagerTest {
+    
+    public DelegateCombinerSecurityManagerTest() {
+    }
+    
+    private ProtectionDomain[] context;
+    private AccessControlContext acc;
+    Permission p1, p2, p3, p4, p5, p6, p7, p8;
+    SecurityManager sm;
+
+    @BeforeClass
+    public static void setUpClass() throws Exception {
+    }
+
+    @AfterClass
+    public static void tearDownClass() throws Exception {
+    }
+    
+    @Before
+    public void setUp() {
+        try {
+            sm = new DelegateCombinerSecurityManager();
+            CodeSource cs0, cs10, cs11, cs12;
+            p1 = new SocketPermission("river.apache.org:80", "connect,accept");
+            p2 = DelegatePermission.get(p1);
+            p3 = new RuntimePermission("readFileDescriptor");
+            p4 = DelegatePermission.get(p3);
+            p5 = new PropertyPermission("java.home", "read,write");
+            p6 = new PropertyPermission("java.home", "read");
+            p7 = DelegatePermission.get(p6);
+            p8 = new AllPermission();
+            cs0  = new CodeSource(null, (Certificate[]) null);
+            cs10 = new CodeSource(new URL("file:/foo.bar"), (Certificate[]) null);
+            cs11 = new CodeSource(new URL("file:/foo.too"), (Certificate[]) null);
+            cs12 = new CodeSource(new URL("file:/too.foo"), (Certificate[]) null);
+            Permissions pc1, pc2, pc3, pc4;
+            pc1 = new Permissions();
+            pc1.add(p1);
+            pc1.add(p3);
+            pc1.add(p5);
+            pc2 = new Permissions();
+            pc2.add(p2);
+            pc2.add(p4);
+            pc2.add(p7);
+            pc3 = new Permissions();
+            pc3.add(p2);
+            pc3.add(p4);
+            pc3.add(p7);
+            pc4 = new Permissions();
+            pc4.add(p8);
+            ProtectionDomain pd1, pd2, pd3, pd4;
+            pd1 = new ProtectionDomain(cs0, pc4);
+            pd2 = new ProtectionDomain(cs10,pc3);
+            pd3 = new ProtectionDomain(cs11,pc2);
+            pd4 = new ProtectionDomain(cs12,pc1);
+            context = new ProtectionDomain[]{pd1, pd2, pd3, pd4};
+            acc = new AccessControlContext(context);
+        } catch (MalformedURLException ex) {
+            ex.printStackTrace(System.out);
+        }
+    }
+
+    /**
+     * Test of checkPermission method, of class DelegateCombinerSecurityManager.
+     */
+    @Test
+    public void testCheckPermission1() {
+        System.out.println("checkPermission1");
+        Boolean result = Boolean.FALSE;
+        Boolean expectedResult = Boolean.FALSE;
+        try {
+            sm.checkPermission(p1, acc);
+            result = Boolean.TRUE;
+        } catch (SecurityException e){
+            result = Boolean.FALSE;
+        }
+        assertEquals(expectedResult,result);
+    }
+    
+    @Test
+    public void testCheckPermission2() {
+        System.out.println("checkPermission2");
+        Boolean result = Boolean.FALSE;
+        Boolean expectedResult = Boolean.TRUE;
+        try {
+            sm.checkPermission(p2, acc);
+            result = Boolean.TRUE;
+        } catch (Exception e){
+            e.printStackTrace(System.out);
+            result = Boolean.FALSE;
+        }
+        assertEquals(expectedResult,result);
+    }
+    /**
+     * Test of checkPermission method, of class DelegateCombinerSecurityManager.
+     */
+//    @Test
+//    public void testCheckPermission_Permission_Object() {
+//        System.out.println("checkPermission");
+//        Permission perm = null;
+//        Object context = null;
+//        DelegateCombinerSecurityManager instance = new DelegateCombinerSecurityManager();
+//        instance.checkPermission(perm, context);
+//        // TODO review the generated test code and remove the default call to fail.
+//        fail("The test case is a prototype.");
+//    }
+//
+//    /**
+//     * Test of clearFromCache method, of class DelegateCombinerSecurityManager.
+//     */
+//    @Test
+//    public void testClearFromCache() {
+//        System.out.println("clearFromCache");
+//        Set<Permission> perms = null;
+//        DelegateCombinerSecurityManager instance = new DelegateCombinerSecurityManager();
+//        instance.clearFromCache(perms);
+//        // TODO review the generated test code and remove the default call to fail.
+//        fail("The test case is a prototype.");
+//    }
+}

Propchange: river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/DelegateCombinerSecurityManagerTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PermissionGrantTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PermissionGrantTest.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PermissionGrantTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PermissionGrantTest.java Wed Aug 17 06:18:09 2011
@@ -60,7 +60,7 @@ public class PermissionGrantTest {
 	} catch ( CertificateException e) {
 	    cf = null;
 	}
-        pgb = PermissionGrantBuilder.create();
+        pgb = PermissionGrantBuilder.newBuilder();
         cs0  = new CodeSource(null, (Certificate[]) null);
         cs10 = new CodeSource(new URL("file:"), (Certificate[]) null);
         cs11 = new CodeSource(new URL("file:/"), (Certificate[]) null);
@@ -77,7 +77,11 @@ public class PermissionGrantTest {
         cs32 = new CodeSource(new URL("file://-"), (Certificate[]) null);
         cs33 = new CodeSource(new URL("file:///-"), (Certificate[]) null);
 
-        pe0 = pgb.codeSource(null).principals(null).permissions(null).build();
+        pe0 = pgb.codeSource(null)
+                .principals(null)
+                .permissions(null)
+                .context(PermissionGrantBuilder.CODESOURCE)
+                .build();
         
         pe10 = pgb.codeSource(cs10).build();
         pe11 = pgb.codeSource(cs11).build();

Modified: river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PrincipalGrantTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PrincipalGrantTest.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PrincipalGrantTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/api/security/PrincipalGrantTest.java Wed Aug 17 06:18:09 2011
@@ -78,11 +78,11 @@ public class PrincipalGrantTest {
     @Test
     public void testEquals() {
         System.out.println("equals");
-        Object o = PermissionGrantBuilder.create()
-                .principals(pals)
-                .permissions(perms)
-                .context(PermissionGrantBuilder.PRINCIPAL)
-                .build();
+        PermissionGrant o = PermissionGrantBuilder.newBuilder()
+            .principals(pals)
+            .permissions(perms)
+            .context(PermissionGrantBuilder.PRINCIPAL)
+            .build();
         Object o2 = new Object();
         boolean result = instance.equals(o);
         assertEquals(true, result);

Modified: river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java?rev=1158535&r1=1158534&r2=1158535&view=diff
==============================================================================
--- river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java (original)
+++ river/jtsk/skunk/peterConcurrentPolicy/test/src/org/apache/river/impl/security/policy/util/PolicyEntryTest.java Wed Aug 17 06:18:09 2011
@@ -51,27 +51,31 @@ public class PolicyEntryTest extends Tes
      * Tests constructor and accessors of PolicyEntry 
      */
     public void testCtor() {
-        PermissionGrantBuilder pgb = PermissionGrantBuilder.create();
+        PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
         PermissionGrant pe = pgb.build(); //everything set to null
 //        PolicyEntry pe =
 //            new PolicyEntry((CodeSource) null, (Collection<Principal>) null,
 //                (Collection<Permission>)null);
         assertTrue(pe.isVoid(null));
-        assertTrue(pe.getPermissions().size() == 0);
+        assertTrue(pe.getPermissions().isEmpty());
 
 //        pe = new PolicyEntry(new CodeSource(null, (Certificate[])null),
 //            new ArrayList<Principal>(), new ArrayList<Permission>());
         pe = pgb.codeSource(new CodeSource(null, (Certificate[])null))
                 .principals(new Principal[0])
                 .permissions(new Permission[0])
+                .context(PermissionGrantBuilder.CODESOURCE)
                 .build();
         assertTrue(pe.isVoid(null));
-        assertTrue(pe.getPermissions().size() == 0);
+        assertTrue(pe.getPermissions().isEmpty());
 
         Permission[] perms = new Permission[] {
             new SecurityPermission("dsfg"), new AllPermission() };
         //pe = new PolicyEntry((CodeSource) null, (Collection<Principal>) null, perms);
-        pe = pgb.codeSource(null).principals(null).permissions(perms).build();
+        pe = pgb.codeSource(null)
+                .principals(null)
+                .permissions(perms)
+                .build();
         assertFalse(pe.isVoid(null));
         assertTrue(Arrays.asList(perms).containsAll(pe.getPermissions()));
     }
@@ -81,8 +85,8 @@ public class PolicyEntryTest extends Tes
      * otherwise tested set must contain all Principals of PolicyEntry.
      */
     public void testImpliesPrincipals() {
-        PermissionGrantBuilder pgb = PermissionGrantBuilder.create();
-        PermissionGrant pe = pgb.build(); // Everything set to null;
+        PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
+        PermissionGrant pe = pgb.context(PermissionGrantBuilder.CODESOURCE).build(); // Everything set to null;
         
 //        PolicyEntry pe =
 //            new PolicyEntry((CodeSource) null, (Collection<Principal>) null,



Mime
View raw message