river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter_firmst...@apache.org
Subject svn commit: r1355351 [1/2] - in /river/jtsk/trunk: ./ qa/src/com/sun/jini/qa/harness/ qa/src/com/sun/jini/test/spec/security/basicproxypreparer/ src/com/sun/jini/start/ src/net/jini/security/policy/ src/org/apache/river/api/security/ test/src/org/apach...
Date Fri, 29 Jun 2012 13:01:38 GMT
Author: peter_firmstone
Date: Fri Jun 29 13:01:32 2012
New Revision: 1355351

URL: http://svn.apache.org/viewvc?rev=1355351&view=rev
Log:
Refactoring for release, clean up and decrease size of new public api.

Separated RemotePolicy implementation from DynamicPolicyProvider.

Version numbers and documentation still requires update prior to release.

Added:
    river/jtsk/trunk/src/org/apache/river/api/security/AbstractPolicy.java   (with props)
    river/jtsk/trunk/src/org/apache/river/api/security/DelegatePermission.java   (with props)
    river/jtsk/trunk/src/org/apache/river/api/security/DelegateSecurityManager.java   (with props)
    river/jtsk/trunk/src/org/apache/river/api/security/RemotePolicyProvider.java   (with props)
    river/jtsk/trunk/src/org/apache/river/api/security/ScalableNestedPolicy.java
      - copied, changed from r1337505, river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPolicy.java
    river/jtsk/trunk/test/src/org/apache/river/api/security/DelegatePermissionTest.java   (with props)
    river/jtsk/trunk/test/src/org/apache/river/api/security/DelegateSecurityManagerTest.java   (with props)
Removed:
    river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPolicy.java
Modified:
    river/jtsk/trunk/build.xml
    river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java
    river/jtsk/trunk/qa/src/com/sun/jini/test/spec/security/basicproxypreparer/PrepareProxy_Test.td
    river/jtsk/trunk/src/com/sun/jini/start/AggregatePolicyProvider.java
    river/jtsk/trunk/src/com/sun/jini/start/LoaderSplitPolicyProvider.java
    river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java
    river/jtsk/trunk/src/net/jini/security/policy/PolicyFileProvider.java
    river/jtsk/trunk/src/org/apache/river/api/security/CachingSecurityManager.java
    river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
    river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPermissions.java
    river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPolicyFile.java
    river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyParser.java
    river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyScanner.java
    river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilder.java
    river/jtsk/trunk/src/org/apache/river/api/security/PermissionGrantBuilderImp.java
    river/jtsk/trunk/src/org/apache/river/api/security/PrincipalGrant.java
    river/jtsk/trunk/src/org/apache/river/api/security/RemotePolicy.java
    river/jtsk/trunk/src/org/apache/river/api/security/RevocablePolicy.java
    river/jtsk/trunk/src/org/apache/river/api/security/package.html

Modified: river/jtsk/trunk/build.xml
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/build.xml?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/build.xml (original)
+++ river/jtsk/trunk/build.xml Fri Jun 29 13:01:32 2012
@@ -2181,12 +2181,14 @@
         <mkdir dir="${test.classes.dir}"/>
         <mkdir dir="${test.results.dir}"/>
         <copy file="dep-libs/high-scale-lib/high-scale-lib.jar" todir="test/lib"/>
+        <copy file="dep-libs/rc-libs/reference-collections-1.0.0.jar" todir="test/lib"/>
     </target>
 
     <target name="clean-tests" depends="">
         <delete dir="${test.classes.dir}" quiet="true"/>
         <delete dir="${test.results.dir}" quiet="true"/>
         <delete file="test/lib/high-scale-lib.jar" quiet="true"/>
+        <delete file="test/lib/reference-collections-1.0.0.jar" quiet="true"/>
     </target> 
     
     <target name="compile-tests" depends="compile,prep-tests">

Modified: river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java Fri Jun 29 13:01:32 2012
@@ -20,6 +20,7 @@ package com.sun.jini.qa.harness;
 import java.security.CodeSource;
 import java.security.Permission;
 import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.security.Policy;
 import java.security.ProtectionDomain;
 
@@ -29,16 +30,19 @@ import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Iterator;
+import java.util.LinkedList;
 import java.util.List;
+import java.util.NavigableSet;
 import java.util.StringTokenizer;
+import java.util.TreeSet;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
-import org.apache.river.api.security.ConcurrentPermissions;
-import org.apache.river.api.security.ConcurrentPolicy;
-
 import net.jini.security.policy.PolicyInitializationException;
 import net.jini.security.policy.PolicyFileProvider;
+import org.apache.river.api.security.AbstractPolicy;
+import org.apache.river.api.security.ConcurrentPolicyFile;
 import org.apache.river.api.security.PermissionGrant;
+import org.apache.river.api.security.ScalableNestedPolicy;
 
 /**
  * Security policy provider that delegates to a collection of underlying
@@ -48,7 +52,7 @@ import org.apache.river.api.security.Per
  * access to the same file, a check for read,write access would still
  * fail.
  */
-public class MergedPolicyProvider extends Policy implements ConcurrentPolicy{
+public class MergedPolicyProvider extends AbstractPolicy implements ScalableNestedPolicy{
 
     /** class state */
 //    private static final Lock lock = new ReentrantLock();; // protects first
@@ -87,7 +91,7 @@ public class MergedPolicyProvider extend
         Collection<Policy> policies = new ArrayList<Policy>();
 	try {
 	    if (p1 != null) {
-		policies.add(new PolicyFileProvider());
+		policies.add(new ConcurrentPolicyFile());
 	    }
 	    if (p2 != null) {
 		StringTokenizer tok = new StringTokenizer(p2, ", ");
@@ -116,7 +120,7 @@ public class MergedPolicyProvider extend
      */
     public PermissionCollection getPermissions(CodeSource source) {
         if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
-        PermissionCollection pc = new ConcurrentPermissions();
+        PermissionCollection pc = new Permissions();
         Iterator<Policy> it = policies.iterator();
         while (it.hasNext()){
             Policy policy = it.next();
@@ -127,25 +131,6 @@ public class MergedPolicyProvider extend
             }
         }
         return pc;
-//	Iterator it = policies.iterator();
-//	if (it.hasNext()) {
-//	    PermissionCollection pc = 
-//		((Policy) it.next()).getPermissions(source);
-//	    while (it.hasNext()) {
-//		PermissionCollection pc2 = 
-//		    ((Policy) it.next()).getPermissions(source);
-//		Enumeration en = pc2.elements();
-//		while (en.hasMoreElements()) {
-//		    Permission perm = (Permission) en.nextElement();
-//		    if (!pc.implies(perm)) {
-//			pc.add(perm);
-//		    }
-//		}
-//	    }
-//	    return  pc;
-//	} else {
-//	    throw new IllegalStateException("No policies in provider");
-//	}
     }
 
     /**
@@ -155,76 +140,23 @@ public class MergedPolicyProvider extend
      *
      * @param domain the <code>ProtectionDomain</code>
      */
-//    public PermissionCollection getPermissions(ProtectionDomain domain) {
-//	Iterator it = policies.iterator();
-//	ArrayList list = new ArrayList(64);
-//        boolean first = false;
-////        lock.lock();
-////        try {
-//            if (it.hasNext()) {
-//                PermissionCollection pc = 
-//                    ((Policy) it.next()).getPermissions(domain);
-//                    if (first) {
-//                        first = false;
-//                        Enumeration en = pc.elements();
-//                        list.add("BASE PERMISSIONS for domain " + domain);
-//                        while (en.hasMoreElements()) {
-//                            Permission perm = (Permission) en.nextElement();
-//                            list.add(perm.toString());
-//                        }
-//                        first = true;
-//                    }
-//                while (it.hasNext()) {
-//                    PermissionCollection pc2 = 
-//                        ((Policy) it.next()).getPermissions(domain);
-//                    Enumeration en = pc2.elements();
-//                    while (en.hasMoreElements()) {
-//                        Permission perm = (Permission) en.nextElement();
-//                        if (!pc.implies(perm)) {
-//                            if (first) {
-//                                first = false;
-//                                list.add("checking " + perm + " and adding");
-//                                first = true;
-//                            }
-//                            pc.add(perm);
-//                        } else {
-//                            if (first) {
-//                                first = false;
-//                                list.add("checking " + perm + " and not adding");
-//                                first = true;
-//                            }
-//                        }
-//                    }
-//                }
-//                if (first) {
-//                    first = false;
-//                    for (int i = 0; i < list.size(); i++) {
-//                        System.out.println((String) list.get(i));
-//                    }
-//                    first = true;
-//                }
-//                return pc;
-//            } else {
-//                throw new IllegalStateException("No policies in provider");
-//            }
-////        }finally{
-////            lock.unlock();
-////        }
-//    }
-    
     public PermissionCollection getPermissions(ProtectionDomain domain) {
         if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
-        PermissionCollection pc = new ConcurrentPermissions();
-        Iterator<Policy> it = policies.iterator();
-        while (it.hasNext()){
-            Policy policy = it.next();
-            PermissionCollection col = policy.getPermissions(domain);
-            Enumeration<Permission> e = col.elements();
-            while(e.hasMoreElements()){
-                pc.add(e.nextElement());
-            }
-        }
-        return pc;
+        Collection<PermissionGrant> grants = getPermissionGrants(domain);
+        NavigableSet<Permission> perms = new TreeSet<Permission>(comparator);
+        processGrants(grants, null, true, perms);
+        return convert(perms, 32, 0.75F, 1, 8);
+//        PermissionCollection pc = new ConcurrentPermissions();
+//        Iterator<Policy> it = policies.iterator();
+//        while (it.hasNext()){
+//            Policy policy = it.next();
+//            PermissionCollection col = policy.getPermissions(domain);
+//            Enumeration<Permission> e = col.elements();
+//            while(e.hasMoreElements()){
+//                pc.add(e.nextElement());
+//            }
+//        }
+//        return pc;
     }
 
     /**
@@ -260,69 +192,42 @@ public class MergedPolicyProvider extend
 	}
     }
 
-    public boolean isConcurrent() {
+    public Collection<PermissionGrant> getPermissionGrants(ProtectionDomain domain) {
         if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
+        Collection<PermissionGrant> perms = null;
         Iterator<Policy> it = policies.iterator();
         while (it.hasNext()){
             Policy p = it.next();
-            if (p instanceof ConcurrentPolicy){
-                if (!((ConcurrentPolicy)p).isConcurrent()) return false;
+            if (p instanceof ScalableNestedPolicy){
+                Collection<PermissionGrant> g = ((ScalableNestedPolicy)p).getPermissionGrants(domain);
+                if (perms == null) {
+                    perms = g;
+                } else {
+                    perms.addAll(g);
+                }
             } else {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    public PermissionGrant[] getPermissionGrants(ProtectionDomain domain) {
-        if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
-        List<PermissionGrant[]> perms = new ArrayList<PermissionGrant[]>(policies.size());
-        Iterator<Policy> it = policies.iterator();
-        int arrayLength = 0;
-        while (it.hasNext()){
-            Policy p = it.next();
-            if (p instanceof ConcurrentPolicy){
-                PermissionGrant [] g = ((ConcurrentPolicy)p).getPermissionGrants(domain);
-                arrayLength = arrayLength + g.length;
-                perms.add(g);
+                if (perms == null ) perms = new LinkedList<PermissionGrant>();
+                perms.add(extractGrantFromPolicy(p, domain));
             }
         }
-        PermissionGrant [] result = new PermissionGrant[arrayLength];
-        int index = 0;
-        Iterator<PermissionGrant[]> grants = perms.iterator();
-        while (grants.hasNext()){
-            PermissionGrant [] g = grants.next();
-            int l = g.length;
-            for (int i = 0; i < l; i++, index++){
-                result[index] = g[i];
-            }
-        }
-        return result;
+        return perms;
     }
     
-    public PermissionGrant[] getPermissionGrants() {
-        if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
-        List<PermissionGrant[]> perms = new ArrayList<PermissionGrant[]>(policies.size());
-        Iterator<Policy> it = policies.iterator();
-        int arrayLength = 0;
-        while (it.hasNext()){
-            Policy p = it.next();
-            if (p instanceof ConcurrentPolicy){
-                PermissionGrant [] g = ((ConcurrentPolicy)p).getPermissionGrants();
-                arrayLength = arrayLength + g.length;
-                perms.add(g);
-            }
-        }
-        PermissionGrant [] result = new PermissionGrant[arrayLength];
-        int index = 0;
-        Iterator<PermissionGrant[]> grants = perms.iterator();
-        while (grants.hasNext()){
-            PermissionGrant [] g = grants.next();
-            int l = g.length;
-            for (int i = 0; i < l; i++, index++){
-                result[index] = g[i];
-            }
-        }
-        return result;
-    }
+//    public Collection<PermissionGrant> getPermissionGrants(boolean descend) {
+//        if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
+//        Collection<PermissionGrant> perms = null;
+//        Iterator<Policy> it = policies.iterator();
+//        while (it.hasNext()){
+//            Policy p = it.next();
+//            if (p instanceof ScalableNestedPolicy){
+//                Collection<PermissionGrant> g = ((ScalableNestedPolicy)p).getPermissionGrants(descend);
+//                if (perms == null) {
+//                    perms = g;
+//                    continue;
+//                }
+//                perms.addAll(g);
+//            }
+//        }
+//        return perms;
+//    }
 }

Modified: river/jtsk/trunk/qa/src/com/sun/jini/test/spec/security/basicproxypreparer/PrepareProxy_Test.td
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/test/spec/security/basicproxypreparer/PrepareProxy_Test.td?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/test/spec/security/basicproxypreparer/PrepareProxy_Test.td (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/test/spec/security/basicproxypreparer/PrepareProxy_Test.td Fri Jun 29 13:01:32 2012
@@ -6,4 +6,4 @@ com.sun.jini.qa.harness.runkitserver=fal
 com.sun.jini.qa.harness.shared=false
 #testjvmargs=-Xdebug,\
 #-Xrunjdwp:transport=dt_socket+,address=8000+,server=y+,suspend=y,\
-#${testjvmargs}
\ No newline at end of file
+#${testjvmargs}

Modified: river/jtsk/trunk/src/com/sun/jini/start/AggregatePolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/com/sun/jini/start/AggregatePolicyProvider.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/com/sun/jini/start/AggregatePolicyProvider.java (original)
+++ river/jtsk/trunk/src/com/sun/jini/start/AggregatePolicyProvider.java Fri Jun 29 13:01:32 2012
@@ -40,7 +40,7 @@ import java.util.concurrent.ConcurrentMa
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 import net.jini.security.SecurityContext;
-import org.apache.river.api.security.ConcurrentPolicy;
+import org.apache.river.api.security.ScalableNestedPolicy;
 import net.jini.security.policy.DynamicPolicy;
 import net.jini.security.policy.PolicyInitializationException;
 import net.jini.security.policy.SecurityContextSource;
@@ -48,6 +48,9 @@ import org.apache.river.api.security.Per
 import au.net.zeus.collection.RC;
 import au.net.zeus.collection.Ref;
 import au.net.zeus.collection.Referrer;
+import java.util.Collection;
+import java.util.LinkedList;
+import org.apache.river.api.security.AbstractPolicy;
 
 /**
  * Security policy provider which supports associating security sub-policies
@@ -77,7 +80,7 @@ import au.net.zeus.collection.Referrer;
  * @since 2.0
  */
 public class AggregatePolicyProvider 
-    extends Policy implements DynamicPolicy, SecurityContextSource, ConcurrentPolicy
+    extends AbstractPolicy implements DynamicPolicy, SecurityContextSource, ScalableNestedPolicy
 {
     private static final String mainPolicyClassProperty =
 	"com.sun.jini.start.AggregatePolicyProvider.mainPolicyClass";
@@ -231,30 +234,24 @@ public class AggregatePolicyProvider 
     public void refresh() {
 	getCurrentSubPolicy().refresh();
     }
-    
-    public boolean isConcurrent() {
-        Policy p = getCurrentSubPolicy();
-        if (p instanceof ConcurrentPolicy){
-            return ((ConcurrentPolicy)p).isConcurrent();
-        }
-        return false;
-    }
 
-    public PermissionGrant[] getPermissionGrants(ProtectionDomain domain) {
+    public Collection<PermissionGrant> getPermissionGrants(ProtectionDomain domain) {
         Policy p = getCurrentSubPolicy();
-        if (p instanceof ConcurrentPolicy){
-            return ((ConcurrentPolicy)p).getPermissionGrants(domain);
-        }
-        return new PermissionGrant[0];
+        if (p instanceof ScalableNestedPolicy){
+            return ((ScalableNestedPolicy)p).getPermissionGrants(domain);
+        } 
+        Collection<PermissionGrant> c = new LinkedList<PermissionGrant>();
+        c.add(extractGrantFromPolicy(p,domain));
+        return c;
     }
     
-    public PermissionGrant[] getPermissionGrants() {
-        Policy p = getCurrentSubPolicy();
-        if (p instanceof ConcurrentPolicy){
-            return ((ConcurrentPolicy)p).getPermissionGrants();
-        }
-        return new PermissionGrant[0];
-    }
+//    public Collection<PermissionGrant> getPermissionGrants(boolean recursive) {
+//        Policy p = getCurrentSubPolicy();
+//        if (p instanceof ScalableNestedPolicy){
+//            return ((ScalableNestedPolicy)p).getPermissionGrants(recursive);
+//        }
+//        throw new UnsupportedOperationException("sub policy doesn't implement ScalableNestedPolicy");
+//    }
 
     /**
      * Changes sub-policy association with given class loader.  If

Modified: river/jtsk/trunk/src/com/sun/jini/start/LoaderSplitPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/com/sun/jini/start/LoaderSplitPolicyProvider.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/com/sun/jini/start/LoaderSplitPolicyProvider.java (original)
+++ river/jtsk/trunk/src/com/sun/jini/start/LoaderSplitPolicyProvider.java Fri Jun 29 13:01:32 2012
@@ -18,7 +18,6 @@
 
 package com.sun.jini.start;
 
-import com.sun.jini.collection.WeakIdentityMap;
 import net.jini.security.policy.DynamicPolicy;
 import java.security.AccessController;
 import java.security.AllPermission;
@@ -30,10 +29,9 @@ import java.security.Policy;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
-import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
-import org.apache.river.api.security.ConcurrentPolicy;
+import org.apache.river.api.security.ScalableNestedPolicy;
 import org.apache.river.api.security.PermissionGrant;
 import au.net.zeus.collection.RC;
 import au.net.zeus.collection.Ref;

Modified: river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java (original)
+++ river/jtsk/trunk/src/net/jini/security/policy/DynamicPolicyProvider.java Fri Jun 29 13:01:32 2012
@@ -18,10 +18,10 @@
 
 package net.jini.security.policy;
 
-import org.apache.river.api.security.ConcurrentPolicy;
+import java.lang.ref.WeakReference;
+import org.apache.river.api.security.AbstractPolicy;
+import org.apache.river.api.security.ScalableNestedPolicy;
 import org.apache.river.api.security.ConcurrentPolicyFile;
-import java.io.IOException;
-import java.rmi.RemoteException;
 import org.apache.river.api.security.CachingSecurityManager;
 import java.security.AccessController;
 import java.security.AllPermission;
@@ -29,7 +29,6 @@ import java.security.CodeSource;
 import java.security.Guard;
 import java.security.Permission;
 import java.security.PermissionCollection;
-import java.security.Permissions;
 import java.security.Policy;
 import java.security.Principal;
 import java.security.PrivilegedAction;
@@ -37,22 +36,19 @@ import java.security.ProtectionDomain;
 import java.security.Security;
 import java.security.UnresolvedPermission;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collection;
-import java.util.Comparator;
+import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.Iterator;
-import java.util.List;
+import java.util.LinkedList;
 import java.util.NavigableSet;
-import java.util.Set;
 import java.util.TreeSet;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import org.apache.river.api.security.ConcurrentPermissions;
 import net.jini.security.GrantPermission;
-import org.apache.river.api.security.PermissionComparator;
 import org.apache.river.api.security.PermissionGrant;
 import org.apache.river.api.security.PermissionGrantBuilder;
 import org.apache.river.api.security.RemotePolicy;
@@ -142,19 +138,18 @@ import org.apache.river.api.security.Rev
  * @see RemotePolicy
  */
 
-public class DynamicPolicyProvider extends Policy implements RemotePolicy, 
-        RevocablePolicy {
-    private static final Permission ALL_PERMISSION = new AllPermission();
+public class DynamicPolicyProvider extends AbstractPolicy implements 
+        RevocablePolicy, ScalableNestedPolicy {
     private static final String basePolicyClassProperty =
 	"net.jini.security.policy.DynamicPolicyProvider.basePolicyClass";
     private static final String defaultBasePolicyClass =
             "org.apache.river.api.security.ConcurrentPolicyFile";
 //	"net.jini.security.policy.PolicyFileProvider";
-    private static final ProtectionDomain sysDomain = 
-	AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
-        
-	    public ProtectionDomain run() { return Object.class.getProtectionDomain(); }
-	});
+//    private static final ProtectionDomain sysDomain = 
+//	AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
+//        
+//	    public ProtectionDomain run() { return Object.class.getProtectionDomain(); }
+//	});
     private static final String revocationSupported = 
             "net.jini.security.policy.DynamicPolicyProvider.revocation";
     private static final Logger logger = Logger.getLogger("net.jini.security.policy");
@@ -166,36 +161,19 @@ public class DynamicPolicyProvider exten
                 return DynamicPolicyProvider.class.getProtectionDomain();
             }
         });
-    
-    /* 
-     * Copy referent before use.
-     * 
-     * Reference update Protected by grantLock, this array reference must only 
-     * be copied or replaced, it must never be read directly or operated on 
-     * unless holding grantLock.
-     * Local methods must first copy the reference before using the array in
-     * loops etc in case the reference is updated.
-     * This is important, to prevent the update of the remotePolicyGrant's from
-     * causing executing threads from being blocked.
-     */
-    private volatile PermissionGrant[] remotePolicyGrants; // Write protected by grantLock.
-    /* This lock protects write updating of remotePolicyGrants reference */
-    private final Object grantLock;
+   
     private final Policy basePolicy; // refresh protected by transactionWriteLock
     // DynamicPolicy grant's for Proxy's.
     private final Collection<PermissionGrant> dynamicPolicyGrants;
     private final boolean basePolicyIsDynamic; // Don't use cache if true.
     private final boolean revokeable;
     private final boolean basePolicyIsRemote;
-    private final boolean basePolicyIsConcurrent;
-    private final Comparator<Permission> comparator = new PermissionComparator();
     
     private final boolean loggable;
     // do something about some domain permissions for this domain so we can 
     // avoid dead locks due to bug 4911907
 
     private final Guard revokePermission;
-    private final Permission implementsPermissionGrant;
     private final Guard protectionDomainPermission;
     
     
@@ -250,13 +228,9 @@ public class DynamicPolicyProvider exten
 	    throw new PolicyInitializationException(
 		"unable to construct base policy", e);
 	}
-        dynamicPolicyGrants = new CopyOnWriteArrayList<PermissionGrant>();
-        
-	remotePolicyGrants = new PermissionGrant[0];
+        dynamicPolicyGrants = Collections.newSetFromMap(new ConcurrentHashMap<PermissionGrant,Boolean>(64));
         loggable = logger.isLoggable(Level.FINEST);
-	grantLock = new Object();
 	revokePermission = new PolicyPermission("REVOKE");
-        implementsPermissionGrant = new PolicyPermission("implementPermissionGrant");
         protectionDomainPermission = new RuntimePermission("getProtectionDomain");
         if (basePolicy instanceof DynamicPolicy) {
             DynamicPolicy dp = (DynamicPolicy) basePolicy;
@@ -272,8 +246,6 @@ public class DynamicPolicyProvider exten
             revokeable = revoke.equals(tRue);
         }
         basePolicyIsRemote = basePolicy instanceof RemotePolicy ?true: false;
-        basePolicyIsConcurrent = basePolicy instanceof ConcurrentPolicy 
-                ? ((ConcurrentPolicy) basePolicy).isConcurrent() : false;
         policyPermissions = basePolicy.getPermissions(policyDomain);
         policyPermissions.setReadOnly();
     }
@@ -288,13 +260,11 @@ public class DynamicPolicyProvider exten
      * 		<code>null</code>
      */
     public DynamicPolicyProvider(Policy basePolicy){
+        if (basePolicy == null) throw new NullPointerException("null basePolicy prohibited");
         this.basePolicy = basePolicy;
-        dynamicPolicyGrants = new CopyOnWriteArrayList<PermissionGrant>();
-	remotePolicyGrants = new PermissionGrant[0];
+        dynamicPolicyGrants = Collections.newSetFromMap(new ConcurrentHashMap<PermissionGrant,Boolean>(64));
         loggable = logger.isLoggable(Level.FINEST);
-	grantLock = new Object();
 	revokePermission = new PolicyPermission("REVOKE");
-        implementsPermissionGrant = new PolicyPermission("implementPermissionGrant");
         protectionDomainPermission = new RuntimePermission("getProtectionDomain");
          if (basePolicy instanceof DynamicPolicy) {
             DynamicPolicy dp = (DynamicPolicy) basePolicy;
@@ -310,8 +280,6 @@ public class DynamicPolicyProvider exten
             revokeable = true;
         }
         basePolicyIsRemote = basePolicy instanceof RemotePolicy ?true: false;
-        basePolicyIsConcurrent = basePolicy instanceof ConcurrentPolicy 
-                ? ((ConcurrentPolicy) basePolicy).isConcurrent() : false;
         policyPermissions = basePolicy.getPermissions(policyDomain);
         policyPermissions.setReadOnly();
     }
@@ -374,60 +342,6 @@ Put the policy providers and all referen
     public boolean revokeSupported() {
         return revokeable;
     }
-    
-    private PermissionCollection convert(NavigableSet<Permission> permissions, int initialCapacity, float loadFactor, int concurrencyLevel, int unresolvedCapacity){
-        PermissionCollection pc = 
-                new ConcurrentPermissions(initialCapacity, loadFactor, 
-                                        concurrencyLevel, unresolvedCapacity);
-        // The descending iterator is for SocketPermission.
-        Iterator<Permission> it = permissions.descendingIterator();
-        while (it.hasNext()) {
-            pc.add(it.next());
-        }
-        return pc;
-    }
-    
-    private NavigableSet<Permission> processGrants(PermissionGrant[] grant, Class permClass, boolean stopIfAll)
-    {
-        NavigableSet<Permission> set = new TreeSet<Permission>(comparator);
-        int l = grant.length;
-        if (permClass == null)
-        {
-            for (int i = 0; i < l; i++)
-            {
-                if ( stopIfAll && grant[i].isPrivileged()){
-                    set.add(ALL_PERMISSION);
-                    return set;
-                }
-                Iterator<Permission> it = grant[i].getPermissions().iterator();
-                while (it.hasNext())
-                {
-                    Permission p = it.next();
-                    set.add(p);
-                }
-            }
-        } 
-        else 
-        {
-            for (int i = 0; i < l; i++)
-            {
-                if ( stopIfAll && grant[i].isPrivileged()){
-                    set.add(ALL_PERMISSION);
-                    return set;
-                }
-                Iterator<Permission> it = grant[i].getPermissions().iterator();
-                while (it.hasNext())
-                {
-                    Permission p = it.next();
-                    if (permClass.isInstance(p)|| p instanceof UnresolvedPermission) 
-                    {
-                        set.add(p);
-                    }
-                }
-            }
-        }
-        return set;
-    }
 
     @Override
     public PermissionCollection getPermissions(CodeSource codesource) {
@@ -436,85 +350,83 @@ Put the policy providers and all referen
 	 * by a ProtectionDomain.  In this case during construction of a
 	 * ProtectionDomain.  Static Permissions are irrevocable.
 	 */ 
-        NavigableSet<Permission> permissions = null;
-        if (!basePolicyIsConcurrent || codesource == null) {
-            permissions = new TreeSet<Permission>(comparator);
-            PermissionCollection pc = basePolicy.getPermissions(codesource);
-            Enumeration<Permission> enu = pc.elements();
-            while (enu.hasMoreElements()){
-                permissions.add(enu.nextElement());
-            }
-        }else{
-            ProtectionDomain pd = new ProtectionDomain(codesource, null);
-            PermissionGrant [] grants = ((ConcurrentPolicy) basePolicy).getPermissionGrants(pd);
-            permissions = processGrants(grants, null, true);
-        }
-//        if (revokeable == true) return convert(permissions);
+        return basePolicy.getPermissions(codesource);
+//        NavigableSet<Permission> permissions = new TreeSet<Permission>(comparator);
+//        if (!(basePolicy instanceof ScalableNestedPolicy) || codesource == null) {
+//            PermissionCollection pc = basePolicy.getPermissions(codesource);
+//            Enumeration<Permission> enu = pc.elements();
+//            while (enu.hasMoreElements()){
+//                permissions.add(enu.nextElement());
+//            }
+//        }else{
+//            ProtectionDomain pd = new ProtectionDomain(codesource, null);
+//            Collection<PermissionGrant> grants = ((ScalableNestedPolicy) basePolicy).getPermissionGrants(pd, true);
+//            processGrants(grants, null, true, permissions);
+//        }
+////        if (revokeable == true) return convert(permissions);
+////        Iterator<PermissionGrant> dynamicGrants = dynamicPolicyGrants.iterator();
+////        while (dynamicGrants.hasNext()){
+////            PermissionGrant p = dynamicGrants.next();
+////            if ( p.implies(codesource, null) ){
+////		// Only use the trusted grantCache.
+////		Collection<Permission> perms = p.getPermissions();
+////                Iterator<Permission> it = perms.iterator();
+////                while (it.hasNext()){
+////                    permissions.add(it.next());
+////                }
+////	    }
+////        }
+//	return convert(permissions, 16, 0.75F, 16, 16);
+    }
+    
+    @Override
+    public PermissionCollection getPermissions(ProtectionDomain domain) {
+//        if (domain == policyDomain) return policyPermissions;
+	/* Note: we can return revokeable permissions, the  ProtectionDomain
+         * only temporarily merges the permissions for toString(), for debugging.
+	 */
+        Collection<PermissionGrant> pgc = getPermissionGrants(domain);  
+        NavigableSet<Permission> permissions = new TreeSet<Permission>(comparator);
+        processGrants(pgc, null, true, permissions);
+//        if (!(basePolicy instanceof ScalableNestedPolicy)) {
+//            permissions = new TreeSet<Permission>(comparator);
+//            PermissionCollection pc = basePolicy.getPermissions(domain);
+//            Enumeration<Permission> enu = pc.elements();
+//            while (enu.hasMoreElements()){
+//                permissions.add(enu.nextElement());
+//            }
+//        }else{
+//            Collection<PermissionGrant> grants = 
+//                    ((ScalableNestedPolicy) basePolicy).getPermissionGrants(domain, true);
+//            permissions = new TreeSet<Permission>(comparator);
+//            processGrants(grants, null, false, permissions);
+//        }
+////	PermissionGrant [] grantsRefCopy = remotePolicyGrants; // Interim updates not seen.
+////	int l = grantsRefCopy.length;
+////	for ( int i = 0; i < l; i++ ){
+////	    if ( grantsRefCopy[i].implies(domain) ){
+////		Collection<Permission> perms = grantsRefCopy[i].getPermissions();
+////		Iterator<Permission> it = perms.iterator();
+////                while (it.hasNext()){
+////                    permissions.add(it.next());
+////                }
+////	    }
+////	}
 //        Iterator<PermissionGrant> dynamicGrants = dynamicPolicyGrants.iterator();
 //        while (dynamicGrants.hasNext()){
 //            PermissionGrant p = dynamicGrants.next();
-//            if ( p.implies(codesource, null) ){
+//            if ( p.implies(domain) ){
 //		// Only use the trusted grantCache.
-//		Collection<Permission> perms = p.getPermissions();
+//                Collection<Permission> perms = p.getPermissions();
 //                Iterator<Permission> it = perms.iterator();
 //                while (it.hasNext()){
 //                    permissions.add(it.next());
 //                }
 //	    }
 //        }
-	return convert(permissions, 16, 0.75F, 16, 16);
-    }
-
-    @Override
-    public PermissionCollection getPermissions(ProtectionDomain domain) {
-        if (domain == policyDomain) return policyPermissions;
-	/* Note: we can return revokeable permissions, the  ProtectionDomain
-         * only temporarily merges the permissions for toString(), for debugging.
-	 */
-        NavigableSet<Permission> permissions = null;
-        if (!basePolicyIsConcurrent) {
-            permissions = new TreeSet<Permission>(comparator);
-            PermissionCollection pc = basePolicy.getPermissions(domain);
-            Enumeration<Permission> enu = pc.elements();
-            while (enu.hasMoreElements()){
-                permissions.add(enu.nextElement());
-            }
-        }else{
-            PermissionGrant [] grants = 
-                    ((ConcurrentPolicy) basePolicy).getPermissionGrants(domain);
-            permissions = processGrants(grants, null, false);
-        }
-	PermissionGrant [] grantsRefCopy = remotePolicyGrants; // Interim updates not seen.
-	int l = grantsRefCopy.length;
-	for ( int i = 0; i < l; i++ ){
-	    if ( grantsRefCopy[i].implies(domain) ){
-		Collection<Permission> perms = grantsRefCopy[i].getPermissions();
-		Iterator<Permission> it = perms.iterator();
-                while (it.hasNext()){
-                    permissions.add(it.next());
-                }
-	    }
-	}
-        Iterator<PermissionGrant> dynamicGrants = dynamicPolicyGrants.iterator();
-        while (dynamicGrants.hasNext()){
-            PermissionGrant p = dynamicGrants.next();
-            if ( p.implies(domain) ){
-		// Only use the trusted grantCache.
-                Collection<Permission> perms = p.getPermissions();
-                Iterator<Permission> it = perms.iterator();
-                while (it.hasNext()){
-                    permissions.add(it.next());
-                }
-	    }
-        }
-	return convert(permissions, 16, 0.75F, 16, 16);	
-    }
-    
-    /* River-26 Mark Brouwer suggested making UmbrellaPermission's expandable
-     * from Dynamic Grants.
-     */ 
-    private void expandUmbrella(PermissionCollection pc) {
-	PolicyFileProvider.expandUmbrella(pc);
+        PermissionCollection pc = convert(permissions, 32, 0.75F, 1, 8);
+	expandUmbrella(pc);
+        return pc;
     }
 
     @Override
@@ -551,14 +463,13 @@ Put the policy providers and all referen
         * this could then be inadvertantly cached and passed to a ProtectionDomain
         * constructor, preventing Revocation.
         */
-        NavigableSet<Permission> permissions = null; // Keep as small as possible.
+        NavigableSet<Permission> permissions = new TreeSet<Permission>(comparator); // Keep as small as possible.
         /* If GrantPermission is being requested, we must get all Permission objects
          * and add them to the underlying collection.
          * 
          */
         Class permClass = permission instanceof GrantPermission ? null : permission.getClass();
-        if (!basePolicyIsConcurrent) {
-            permissions = new TreeSet<Permission>(comparator);
+        if (!(basePolicy instanceof ScalableNestedPolicy)) {
             PermissionCollection pc = basePolicy.getPermissions(domain);
             Enumeration<Permission> enu = pc.elements();
             while (enu.hasMoreElements()){
@@ -571,27 +482,27 @@ Put the policy providers and all referen
                 }
             }
         }else{
-            PermissionGrant [] grants = ((ConcurrentPolicy) basePolicy).getPermissionGrants(domain);
-            permissions = processGrants(grants, permClass, true);
+            Collection<PermissionGrant> grants = ((ScalableNestedPolicy) basePolicy).getPermissionGrants(domain);
+            processGrants(grants, permClass, true, permissions);
             if (permissions.contains(ALL_PERMISSION)) return true;
         }
-	PermissionGrant[] grantsRefCopy = remotePolicyGrants; // In case the grants volatile reference is updated.       
-//        if (thread.isInterrupted()) return false;
-	int l = grantsRefCopy.length;
-	for ( int i = 0; i < l; i++){
-	    if (grantsRefCopy[i].implies(domain)) {
-		Collection<Permission> perms = grantsRefCopy[i].getPermissions();
-		Iterator<Permission> it = perms.iterator();
-                while (it.hasNext()){
-                    Permission p = it.next();
-                    if ( permClass == null){
-                        permissions.add(p);
-                    } else if ( permClass.isInstance(permission) || permission instanceof UnresolvedPermission){
-                        permissions.add(p);
-                    }
-                }
-	    }
-	}
+//	PermissionGrant[] grantsRefCopy = remotePolicyGrants; // In case the grants volatile reference is updated.       
+////        if (thread.isInterrupted()) return false;
+//	int l = grantsRefCopy.length;
+//	for ( int i = 0; i < l; i++){
+//	    if (grantsRefCopy[i].implies(domain)) {
+//		Collection<Permission> perms = grantsRefCopy[i].getPermissions();
+//		Iterator<Permission> it = perms.iterator();
+//                while (it.hasNext()){
+//                    Permission p = it.next();
+//                    if ( permClass == null){
+//                        permissions.add(p);
+//                    } else if ( permClass.isInstance(permission) || permission instanceof UnresolvedPermission){
+//                        permissions.add(p);
+//                    }
+//                }
+//	    }
+//	}
 //        if (thread.isInterrupted()) return false;
         Iterator<PermissionGrant> grants = dynamicPolicyGrants.iterator();
         while (grants.hasNext()){
@@ -613,10 +524,10 @@ Put the policy providers and all referen
         
         PermissionCollection pc = null;
         if (permClass != null){
-            pc =convert(permissions, 1, 0.75F, 1, 16);
+            pc =convert(permissions, 4, 0.75F, 1, 2);
         } else {
             // GrantPermission
-            pc = convert(permissions, 24, 0.75F, 1, 16);
+            pc = convert(permissions, 4, 0.75F, 1, 2);
             expandUmbrella(pc);
         }
         return pc.implies(permission);
@@ -627,8 +538,8 @@ Put the policy providers and all referen
      * the cache and refreshes the underlying Policy, it also removes any
      * grants for ProtectionDomains that no longer exist.
      * 
-     * If a CachingSecurityManager has been set, this method will clear it's 
-     * checked cache.
+     * If a CachingSecurityManager has been set, this method will clear its 
+     * cache.
      * 
      */
     
@@ -744,138 +655,54 @@ Put the policy providers and all referen
         }
        return removed.toArray(new Permission[removed.size()]);
     }
-    
-    private static void checkNullElements(Object[] array) {
-        int l = array.length;
-	for (int i = 0; i < l; i++) {
-	    if (array[i] == null) {
-		throw new NullPointerException();
-	    }
-	}
-    }
 
-    public void replace(PermissionGrant[] grants) throws IOException {
-        /* If the base policy is also remote, each will manage their own
-         * permissions independantly, so we do not delegate to the underlying policy.  
-         * Any underlying local policy file permissions should be propagated up
-         * into each policy, which means there will be duplication of some 
-         * policy information.
-         * It seems logical in the case of multiple remote policies that each
-         * could be the responsiblity of a different administrator.  If these
-         * separate policy's were to be combined, there may be some cases
-         * where two permissions combined also implied a third permission, that
-         * neither administrator intended to grant.
-         */ 
-        // because PermissionGrant's are given references to ProtectionDomain's
-        // we must check the caller has this permission.
-        try {
-        protectionDomainPermission.checkGuard(null); 
-        // Delegating to the underlying policy is not supported.
-	processRemotePolicyGrants(grants);
-        // If we get to here, the caller has permission.
-        } catch (SecurityException e){
-            throw new RemoteException("Policy update failed", (Throwable) e);
-        } catch (NullPointerException e) {
-            throw new RemoteException("Policy update failed", (Throwable) e);
-        }
-    }
-    
-    /**
-     * This method checks that the PermissionGrant's are authorised to be
-     * granted by it's caller, if it Fails, it will throw a SecurityException
-     * or AccessControlException.
-     * 
-     * 
-     * 
-     * The PermissionGrant should not be requested for it's Permission's 
-     * again, since doing so would risk an escallation of privelege attack if the
-     * PermissionGrant implementation was mutable.
-     * 
-     * @param grants
-     * @return map of checked grants.
-     */
-    private void 
-	    checkCallerHasGrants(Collection<PermissionGrant> grants) throws SecurityException {
-        Iterator<PermissionGrant> grantsItr = grants.iterator();
-        while (grantsItr.hasNext()){
-            PermissionGrant grant = grantsItr.next();
-	    Collection<Permission> permCol = grant.getPermissions();
-            Permission[] perms = permCol.toArray(new Permission [permCol.size()]);
-	    checkNullElements(perms);
-            Guard g = new GrantPermission(perms);
-	    g.checkGuard(this);
-        }
-    }
-    
-    /**
-     * Any grants must first be checked for PermissionGrants, checkCallerHasGrants has
-     * been provided for this purpose, then prior to calling this method,
-     * the PermissionGrant's must be added to the grantsCache.
-     * 
-     * processRemotePolicyGrants places the PermissionGrant's in the remotePolicyGrants array. It is
-     * recommended that only this method be used to update the remotePolicyGrants
-     * reference.
-     * 
-     * @param grants
-     */
-    private void processRemotePolicyGrants(PermissionGrant[] grants) {
-	// This is slightly naughty calling a remotePolicyGrants method, however if it
-	// changes between now and gaining the lock, only the length of the
-	// HashSet is potentially not optimal, keeping the HashSet creation
-	// outside of the lock reduces the lock held duration.
-        Set<ProtectionDomain> domains = new HashSet<ProtectionDomain>();
-        int l = grants.length;
-        for (int i = 0; i < l; i++ ){
-            if (grants[i] == null ) throw new NullPointerException("null PermissionGrant prohibited");
-            // This causes a ProtectionDomain security check.
-            final Class c = grants[i].getClass();
-            List<ProtectionDomain> doms = AccessController.doPrivileged(
-                new PrivilegedAction<List<ProtectionDomain>>() {
-                    public List<ProtectionDomain> run() {
-                        Class[] classes = c.getDeclaredClasses();
-                        List<ProtectionDomain> domains = new ArrayList<ProtectionDomain>();
-                        int l = classes.length;
-                        for ( int i = 0; i < l; i++ ){
-                            domains.add(classes[i].getProtectionDomain());
-                        }
-                        return domains;
-                    }
-                });
-            domains.addAll(doms);
+    @Override
+    public Collection<PermissionGrant> getPermissionGrants(ProtectionDomain domain) {
+        Collection<PermissionGrant> grants = null;
+        if (basePolicy instanceof ScalableNestedPolicy){
+            grants = ((ScalableNestedPolicy)basePolicy).getPermissionGrants(domain);
+        } else {
+            grants = new LinkedList<PermissionGrant>();
+            grants.add(extractGrantFromPolicy(basePolicy, domain));
         }
-        Iterator<ProtectionDomain> it = domains.iterator();
+        Iterator<PermissionGrant> it = dynamicPolicyGrants.iterator();
         while (it.hasNext()){
-            if ( ! it.next().implies(implementsPermissionGrant)) {
-                throw new SecurityException("Missing permission: " 
-                        + implementsPermissionGrant.toString());
-            }
-        }
-	HashSet<PermissionGrant> holder 
-		    = new HashSet<PermissionGrant>(grants.length);
-	    holder.addAll(Arrays.asList(grants));
-            checkCallerHasGrants(holder);
-        PermissionGrant[] old = null;
-	synchronized (grantLock) {
-            old = remotePolicyGrants;
-	    PermissionGrant[] updated = new PermissionGrant[holder.size()];
-	    remotePolicyGrants = holder.toArray(updated);
-	}
-        Collection<PermissionGrant> oldGrants = new HashSet<PermissionGrant>(old.length);
-        oldGrants.addAll(Arrays.asList(old));
-        oldGrants.removeAll(holder);
-        // Collect removed Permission's to notify CachingSecurityManager.
-        Set<Permission> removed = new HashSet<Permission>(120);
-        Iterator<PermissionGrant> rgi = oldGrants.iterator();
-        while (rgi.hasNext()){
-            PermissionGrant g = rgi.next();
-                    removed.addAll(g.getPermissions());
+            grants.add(it.next());
         }
-        
-        SecurityManager sm = System.getSecurityManager();
-        if (sm instanceof CachingSecurityManager) {
-            ((CachingSecurityManager) sm).clearCache();
-        }
-        // oldGrants now only has the grants which have been removed.
+        return grants;
+    }
+
+//    @Override
+//    public Collection<PermissionGrant> getPermissionGrants(boolean recursive) {
+//        Collection<PermissionGrant> grants = null;
+//        if ( recursive ){ 
+//            if (!(basePolicy instanceof ScalableNestedPolicy)){
+//                throw new UnsupportedOperationException
+//                        ("base policy doesn't implement ScalableNestedPolicy");
+//            }
+//            grants = ((ScalableNestedPolicy)basePolicy).getPermissionGrants(recursive);
+//        } else {
+//            grants = new LinkedList<PermissionGrant>();
+//        }
+//        grants.addAll(dynamicPolicyGrants);
+//        return grants;
+//    }
+
+    @Override
+    public boolean revoke(PermissionGrant p) {
+        revokePermission.checkGuard(null);
+        return dynamicPolicyGrants.remove(p);
+    }
+
+    @Override
+    public boolean grant(PermissionGrant p) {
+        Collection<Permission> perms = p.getPermissions();
+        GrantPermission guard = new GrantPermission(perms.toArray(new Permission [perms.size()]));
+        guard.checkGuard(null);
+        // Since PermissionGrant receives a ProtectionDomain instance, we
+        // must check if the caller has that permission.
+        protectionDomainPermission.checkGuard(null);
+        return dynamicPolicyGrants.add(p);
     }
 
 }

Modified: river/jtsk/trunk/src/net/jini/security/policy/PolicyFileProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/net/jini/security/policy/PolicyFileProvider.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/net/jini/security/policy/PolicyFileProvider.java (original)
+++ river/jtsk/trunk/src/net/jini/security/policy/PolicyFileProvider.java Fri Jun 29 13:01:32 2012
@@ -18,6 +18,7 @@
 
 package net.jini.security.policy;
 
+import org.apache.river.api.security.AbstractPolicy;
 import java.security.AccessController;
 import java.security.CodeSource;
 import java.security.Permission;
@@ -57,7 +58,7 @@ import net.jini.security.GrantPermission
  * <code>net.jini.security.policy.PolicyFileProvider.basePolicyClass</code>
  * security property is not set.
  */
-public class PolicyFileProvider extends Policy {
+public class PolicyFileProvider extends AbstractPolicy {
 
     private static final String basePolicyClassProperty =
 	"net.jini.security.policy.PolicyFileProvider.basePolicyClass";
@@ -67,7 +68,6 @@ public class PolicyFileProvider extends 
 //	"sun.security.provider.PolicyFile";
     private static final String policyProperty = "java.security.policy";
     private static final Object propertyLock = new Object();
-    private static final Permission umbrella = new UmbrellaGrantPermission();
 
     private final String policyFile;
     private final Policy basePolicy;
@@ -277,25 +277,6 @@ public class PolicyFileProvider extends 
 	// force resolution of GrantPermission and UmbrellaGrantPermission
 	new GrantPermission(umbrella);
     }
-
-    static void expandUmbrella(PermissionCollection pc) {
-	if (pc.implies(umbrella)) {
-            // Don't use Set, avoid calling equals and hashCode on SocketPermission.
-            Collection<Permission> perms = new ArrayList<Permission>(120);
-            Enumeration<Permission> e = pc.elements();
-            while (e.hasMoreElements()){
-                Permission p = e.nextElement();
-                // Avoid unintended granting of GrantPermission 
-                // and recursive UmbrellaGrantPermission
-                if ( p instanceof GrantPermission || 
-                        p instanceof UmbrellaGrantPermission){
-                    continue;
-                }
-                perms.add(p);
-            }
-            pc.add(new GrantPermission(perms.toArray(new Permission[perms.size()])));
-	}
-    }
     
     /** Resets policyProperty system property, removing it if the value to set
      * is null. We do this in a privileged block to make sure that the operation

Added: river/jtsk/trunk/src/org/apache/river/api/security/AbstractPolicy.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/AbstractPolicy.java?rev=1355351&view=auto
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/AbstractPolicy.java (added)
+++ river/jtsk/trunk/src/org/apache/river/api/security/AbstractPolicy.java Fri Jun 29 13:01:32 2012
@@ -0,0 +1,249 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.river.api.security;
+
+import java.lang.ref.WeakReference;
+import java.security.AllPermission;
+import java.security.Guard;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.security.UnresolvedPermission;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Comparator;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.NavigableSet;
+import java.util.Set;
+import java.util.TreeSet;
+import net.jini.security.GrantPermission;
+import net.jini.security.policy.UmbrellaGrantPermission;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * A common superclass with utility methods for policy providers.
+ * 
+ * @author Peter Firmstone.
+ */
+public abstract class AbstractPolicy extends Policy {
+    protected final Permission umbrella = new UmbrellaGrantPermission();
+    protected final Permission ALL_PERMISSION = new AllPermission();
+    protected final Comparator<Permission> comparator = new PermissionComparator();
+
+    protected AbstractPolicy() {
+    }
+
+    /**
+     * This method checks that the PermissionGrant's are authorised to be
+     * granted by it's caller, if it Fails, it will throw a SecurityException
+     * or AccessControlException.
+     *
+     * The PermissionGrant should not be requested for it's Permissions
+     * again, since doing so would risk an escalation of privilege attack if the
+     * PermissionGrant implementation was mutable.
+     *
+     * @param grants
+     * @return map of checked grants.
+     */
+    protected final void checkCallerHasGrants(Collection<PermissionGrant> grants) throws SecurityException {
+        Iterator<PermissionGrant> grantsItr = grants.iterator();
+        while (grantsItr.hasNext()) {
+            PermissionGrant grant = grantsItr.next();
+            Collection<Permission> permCol = grant.getPermissions();
+            Permission[] perms = permCol.toArray(new Permission[permCol.size()]);
+            checkNullElements(perms);
+            Guard g = new GrantPermission(perms);
+            g.checkGuard(this);
+        }
+    }
+
+    /**
+     * Checks array for null elements
+     * @param array
+     * @throws NullPointerException  
+     */
+    protected final void checkNullElements(Object[] array) throws NullPointerException {
+        int l = array.length;
+        for (int i = 0; i < l; i++) {
+            if (array[i] == null) {
+                throw new NullPointerException();
+            }
+        }
+    }
+
+    /**
+     * Creates an optimised PermissionCollection, firstly all permissions should
+     * be sorted using {@link PermissionComparator}, this ensures that any
+     * SocketPermission will be ordered to avoid reverse DNS calls if possible.
+     * 
+     * Other parameters enable the underlying {@link ConcurrentHashMap}
+     * to be optimised, these parameters use identical names.
+     * 
+     * @param permissions
+     * @param initialCapacity
+     * @param loadFactor
+     * @param concurrencyLevel
+     * @param unresolvedCapacity  Capacity of Map used to store 
+     * UnresolvedPermission instances
+     * @return
+     * @throws IllegalArgumentException if the initial capacity is
+     * negative or the load factor or concurrencyLevel are
+     * nonpositive.
+     */
+    protected final PermissionCollection convert(NavigableSet<Permission> permissions, 
+                                                 int initialCapacity, 
+                                                 float loadFactor, 
+                                                 int concurrencyLevel, 
+                                                 int unresolvedCapacity)
+                                            throws IllegalArgumentException {
+        PermissionCollection pc = new ConcurrentPermissions(initialCapacity, loadFactor, concurrencyLevel, unresolvedCapacity);
+        // The descending iterator is for SocketPermission.
+        Iterator<Permission> it = permissions.descendingIterator();
+        while (it.hasNext()) {
+            pc.add(it.next());
+        }
+        return pc;
+    }
+
+    /** River-26 Mark Brouwer suggested making UmbrellaPermission's expandable
+     * from Dynamic Grants.
+     * @param pc  PermissionCollection containing UmbrellaPermission's to be
+     * expanded.
+     */
+    protected final void expandUmbrella(PermissionCollection pc) {
+        if (pc.implies(umbrella)) {
+            // Don't use Set, avoid calling equals and hashCode on SocketPermission.
+            Collection<Permission> perms = new ArrayList<Permission>(120);
+            Enumeration<Permission> e = pc.elements();
+            while (e.hasMoreElements()){
+                Permission p = e.nextElement();
+                // Avoid unintended granting of GrantPermission 
+                // and recursive UmbrellaGrantPermission
+                if ( p instanceof GrantPermission || 
+                        p instanceof UmbrellaGrantPermission){
+                    continue;
+                }
+                perms.add(p);
+            }
+            pc.add(new GrantPermission(perms.toArray(new Permission[perms.size()])));
+	}
+    }
+    
+    /** River-26 Mark Brouwer suggested making UmbrellaPermission's expandable
+     * from Dynamic Grants.
+     * @param perms  Collection containing UmbrellaPermission's to be
+     * expanded.  Note a Set will prevent duplicate GrantPermission objects,
+     * caveat emptor, a TreeSet using a PermissionComparator should
+     * be used to avoid calling equals on Permission objects with broken
+     * equals implementations like SocketPermission.
+     * 
+     * A policy administrator would usually expect that an 
+     * UmbrellaGrantPermission only grant Permissions for a specific 
+     * Policy and not expanded to merged or aggregate policies, which 
+     * may cause unforseen or unexpected Permission grants.  For that reason
+     * this method removes UmbrellaGrantPermission.
+     * 
+     * This expansion would probably be best performed in a PermissionGrant.
+     */
+//    protected final void expandUmbrella(Set<Permission> perms){
+//        if (perms.remove(umbrella)){
+//            Collection<Permission> grantPerms = new ArrayList<Permission>(perms.size()-1);
+//            Iterator<Permission> it = perms.iterator();
+//            while (it.hasNext()){
+//                Permission p = it.next();
+//                if ( p instanceof GrantPermission || 
+//                        p instanceof UmbrellaGrantPermission){
+//                    continue;
+//                }
+//                grantPerms.add(p);
+//            }
+//            perms.addAll(grantPerms);
+//        }
+//    }
+
+    /**
+     * Adds Permission objects contained in PermissionGrant's to a NavigableSet
+     * that is sorted using a PermissionComparator.
+     * 
+     * This method doesn't perform any checks on the conditions of the
+     * PermissionGrant's, it simply collects their Permission objects.
+     * 
+     * @param grant  array of PermissionGrants.
+     * @param permClass  optionally only add Permission objects that use this 
+     * class or UnresolvedPermission.
+     * @param stopIfAll  if true returns immediately when AllPermission is 
+     * found.
+     * @param setToAddPerms  Permission objects extracted from grant will be
+     * added to this set.
+     */
+    protected final void processGrants(Collection<PermissionGrant> grant, 
+                                       Class permClass, 
+                                       boolean stopIfAll, 
+                                       NavigableSet<Permission> setToAddPerms) {   
+//        if (grant == null) return;
+        Iterator<PermissionGrant> grants = grant.iterator();
+        if (permClass == null) {
+            while (grants.hasNext()) {
+                PermissionGrant g = grants.next();
+                if (stopIfAll && g.isPrivileged()) {
+                    setToAddPerms.add(ALL_PERMISSION);
+                    return;
+                }
+                Iterator<Permission> it = g.getPermissions().iterator();
+                while (it.hasNext()) {
+                    Permission p = it.next();
+                    setToAddPerms.add(p);
+                }
+            }
+        } else {
+            while (grants.hasNext()) {
+                PermissionGrant g = grants.next();
+                if (stopIfAll && g.isPrivileged()) {
+                    setToAddPerms.add(ALL_PERMISSION);
+                    return;
+                }
+                Iterator<Permission> it = g.getPermissions().iterator();
+                while (it.hasNext()) {
+                    Permission p = it.next();
+                    if (permClass.isInstance(p) || p instanceof UnresolvedPermission) {
+                        setToAddPerms.add(p);
+                    }
+                }
+            }
+        }
+    }
+    
+    protected PermissionGrant extractGrantFromPolicy(Policy p, ProtectionDomain domain){
+        Collection<Permission> perms = new LinkedList<Permission>();
+        PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
+        pgb.setDomain(new WeakReference<ProtectionDomain>(domain));
+        PermissionCollection pc = p.getPermissions(domain);
+        Enumeration<Permission> en = pc.elements();
+        while (en.hasMoreElements()){
+            perms.add(en.nextElement());
+        }
+        pgb.permissions(perms.toArray(new Permission[perms.size()]));
+        pgb.context(PermissionGrantBuilder.PROTECTIONDOMAIN);
+        return pgb.build();
+    }
+    
+}

Propchange: river/jtsk/trunk/src/org/apache/river/api/security/AbstractPolicy.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: river/jtsk/trunk/src/org/apache/river/api/security/CachingSecurityManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/CachingSecurityManager.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/CachingSecurityManager.java (original)
+++ river/jtsk/trunk/src/org/apache/river/api/security/CachingSecurityManager.java Fri Jun 29 13:01:32 2012
@@ -18,18 +18,9 @@
 
 package org.apache.river.api.security;
 
-import java.security.Permission;
-import java.util.Set;
-
 /**
- * The CachingSecurityManager is designed to enable the use of DelegatePermission
- * for Delegate Objects to encapsulate security sensitive objects using
- * Li Gong's method guard pattern.
- * 
- * In this manner we can prevent references to security sensitive object's from 
- * escaping.
- * 
- * See "Inside Java 2 Platform Security" 2nd Edition, ISBN:0-201-78791-1, page 176.
+ * A CachingSecurityManager caches the result of check permission calls for
+ * AccessControlContexts.
  * 
  * @author Peter Firmstone.
  * @since 2.2.1
@@ -37,13 +28,9 @@ import java.util.Set;
 public interface CachingSecurityManager {
 
     /**
-     * This method clears permissions from the checked cache, it should be
-     * called after calling Policy.refresh();
-     * 
-     * If the Set provided contains permissions, only those of the same
-     * class will be removed from the checked cache.
-     * 
-     * If the Set is null, the checked cache is cleared completely.
+     * Clears permissions from the checked cache, it must be
+     * called after calling Policy.refresh();  It is recommended that it
+     * be called by a Policy provider, rather than application code.
      *
      * @throws java.lang.InterruptedException
      * @throws java.util.concurrent.ExecutionException

Modified: river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java (original)
+++ river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java Fri Jun 29 13:01:32 2012
@@ -489,7 +489,7 @@ extends SecurityManager implements Cachi
             /* Unfortunately we don't know exactly which domain has failed
              * in fact, multiple domains may fail the permission check since
              * they are executed concurrently, for that reason, we'll print
-             * all failed domains on the stack.
+             * all domains on the stack.
              */
             StringBuilder sb = new StringBuilder(800);
             sb.append("DomainCombinerSecurityManager full stack: \n");
@@ -552,13 +552,7 @@ extends SecurityManager implements Cachi
      * @return
      */
     protected boolean checkPermission(ProtectionDomain pd, Permission p){
-        boolean result = pd.implies(p);
-        //TODO: Enable support for Delegates in a subclass.
-//        if (!result && p instanceof DelegatePermission ){
-//            Permission candidate = ((DelegatePermission)p).getPermission();
-//            result = pd.implies(candidate);
-//        }
-        return result;
+        return pd.implies(p);
     }
     
 }

Modified: river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPermissions.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPermissions.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPermissions.java (original)
+++ river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPermissions.java Fri Jun 29 13:01:32 2012
@@ -40,24 +40,24 @@ import java.util.concurrent.atomic.Atomi
 
 
 /**
- * ConcurrentPermissions is a replacement for java.security.Permissions.
+ * ConcurrentPermissions is a drop in replacement for java.security.Permissions
  * 
- * This was originally intended to be used as a policy cache, it turns out
- * that a policy cache is not needed, due to the efficiency of package private
+ * ConcurrentPermissions was originally intended to be used as a policy cache, it turns out
+ * that a policy cache was not needed, due to the efficiency of package private
  * URIGrant.implies(ProtectionDomain pd).  Scalability is better without
  * a policy cache because PermissionGrant's are immutable, have no mutable shared 
- * state and are therefore not likely to causing cache misses.
+ * state and are therefore not likely to cause cache misses.
  * 
- * The only reason this class still exists is due to an unknown bug in
+ * The first reason this class exists is due to an unknown bug in
  * java.security.Permissions not resolving 
  * permission com.sun.jini.phoenix.ExecOptionPermission "*";
  * in UnresolvedPermission. This occurs in start tests using Phoenix and
- * defaultphoenix.policy in the qa suite.
+ * defaultphoenix.policy in the qa suite.  The second reason is performance
+ * tuning for concurrency or to avoid unnecessary collection resizing, 
+ * a method in AbstractPolicy is provided so external policy providers can 
+ * take advantage, without this class being public.
  * 
- * This class may be removed in a future version of River, it is only public
- * because it is required by DynamicPolicyProvider and resides in this 
- * package because it is also used by ConcurrentPolicyFile and requires access
- * to package private utility classes as well.
+ * This class may be removed in a future version of River.
  * 
  * If there is heavy contention for one Permission class
  * type, concurrency may suffer due to internal synchronization.
@@ -78,7 +78,7 @@ import java.util.concurrent.atomic.Atomi
  * @since 2.2.1
  * @serial permsMap
  */
-public final class ConcurrentPermissions extends PermissionCollection 
+final class ConcurrentPermissions extends PermissionCollection 
 implements Serializable {
 
     private static final long serialVersionUID=1L;
@@ -101,14 +101,14 @@ implements Serializable {
      * a Permissions object instance to handle all UnresolvedPermissions.
      */    
     
-    public ConcurrentPermissions(){
+    ConcurrentPermissions(){
         permsMap = new ConcurrentHashMap<Class<?>, PermissionCollection>();
         // Bite the bullet, get the pain out of the way in the beginning!
         unresolved = new PermissionPendingResolutionCollection();
         allPermission = false;      
     }
     
-    public ConcurrentPermissions(int initialCapacity, float loadFactor, int concurrencyLevel, int unresolvedClassCount){
+    ConcurrentPermissions(int initialCapacity, float loadFactor, int concurrencyLevel, int unresolvedClassCount){
         permsMap = new ConcurrentHashMap<Class<?>, PermissionCollection>
                 (initialCapacity, loadFactor, concurrencyLevel);
         // Bite the bullet, get the pain out of the way in the beginning!

Modified: river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPolicyFile.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPolicyFile.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPolicyFile.java (original)
+++ river/jtsk/trunk/src/org/apache/river/api/security/ConcurrentPolicyFile.java Fri Jun 29 13:01:32 2012
@@ -27,6 +27,7 @@
 package org.apache.river.api.security;
 
 import java.io.File;
+import java.lang.ref.WeakReference;
 import java.net.URL;
 import java.security.AccessController;
 import java.security.AllPermission;
@@ -43,17 +44,17 @@ import java.security.ProtectionDomain;
 import java.security.SecurityPermission;
 import java.security.UnresolvedPermission;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Comparator;
 import java.util.Enumeration;
 import java.util.Iterator;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.NavigableSet;
 import java.util.Properties;
 import java.util.TreeSet;
-import org.apache.river.api.security.PermissionComparator;
 import net.jini.security.policy.PolicyInitializationException;
-import org.apache.river.api.security.PermissionGrant;
 
 
 /**
@@ -162,7 +163,7 @@ import org.apache.river.api.security.Per
  * @since 2.2.1
  */
 
-public class ConcurrentPolicyFile extends Policy implements ConcurrentPolicy {
+public class ConcurrentPolicyFile extends Policy implements ScalableNestedPolicy {
 
     /**
      * System property for dynamically added policy location.
@@ -441,25 +442,35 @@ public class ConcurrentPolicyFile extend
         }
     }
 
-    public boolean isConcurrent() {
-        return true;
-    }
-    
-    public PermissionGrant[] getPermissionGrants(ProtectionDomain pd) {
+    public Collection<PermissionGrant> getPermissionGrants(ProtectionDomain pd) {
         PermissionGrant [] grants = grantArray; // copy volatile reference target.
         int l = grants.length;
-        List<PermissionGrant> applicable = new ArrayList<PermissionGrant>(l); // Always too large, never too small.
+        List<PermissionGrant> applicable = new LinkedList<PermissionGrant>();
         for (int i =0; i < l; i++){
             if (grants[i].implies(pd)){
                 applicable.add(grants[i]);
             }
         }
-        return applicable.toArray(new PermissionGrant[applicable.size()]);
+        // Merge any static permissions.
+        PermissionCollection pc = pd != null ? pd.getPermissions() : null;
+        if (pc != null){
+            PermissionGrantBuilder pgb = PermissionGrantBuilder.newBuilder();
+            pgb.setDomain(new WeakReference<ProtectionDomain>(pd));
+            pgb.context(PermissionGrantBuilder.PROTECTIONDOMAIN);
+            Collection<Permission> perms = new LinkedList<Permission>();
+            Enumeration<Permission> en = pc.elements();
+            while (en.hasMoreElements()){
+                perms.add(en.nextElement());
+            }
+            pgb.permissions(perms.toArray(new Permission[perms.size()]));
+            applicable.add(pgb.build());
+        }
+        return applicable;
     }
     
-    public PermissionGrant[] getPermissionGrants() {
-        PermissionGrant [] grants = grantArray; // copy volatile reference target.
-        return grants.clone();
-    }
+//    public Collection<PermissionGrant> getPermissionGrants(boolean recursive) {
+//        PermissionGrant [] grants = grantArray; // copy volatile reference target.
+//        return new LinkedList<PermissionGrant>(Arrays.asList(grants));
+//    }
 
 }

Modified: river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyParser.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyParser.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyParser.java (original)
+++ river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyParser.java Fri Jun 29 13:01:32 2012
@@ -84,7 +84,7 @@ class DefaultPolicyParser implements Pol
      * {@link org.apache.river.imp.security.policy.util.DefaultPolicyScanner DefaultPolicyScanner} 
      * is used. 
      */
-    public DefaultPolicyParser() {
+    DefaultPolicyParser() {
         scanner = new DefaultPolicyScanner();
     }
 
@@ -182,7 +182,7 @@ class DefaultPolicyParser implements Pol
      * @see DefaultPolicyScanner.PermissionEntry
      * @see org.apache.river.imp.security.policy.util.PolicyUtils
      */
-    protected PermissionGrant resolveGrant(DefaultPolicyScanner.GrantEntry ge,
+    PermissionGrant resolveGrant(DefaultPolicyScanner.GrantEntry ge,
             KeyStore ks, Properties system, boolean resolve) throws Exception {
         if ( ge == null ) return null;
         /*
@@ -308,7 +308,7 @@ class DefaultPolicyParser implements Pol
      * or to get a Certificate, 
      * or to newBuilder an instance of a successfully found class 
      */
-    protected Permission resolvePermission(
+    Permission resolvePermission(
             DefaultPolicyScanner.PermissionEntry pe,
             DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system,
             boolean resolve) throws Exception {
@@ -355,7 +355,7 @@ class DefaultPolicyParser implements Pol
         /** 
          * Combined setter of all required fields. 
          */
-        public PermissionExpander(DefaultPolicyScanner.GrantEntry ge,
+        PermissionExpander(DefaultPolicyScanner.GrantEntry ge,
                 KeyStore ks) {
             this.ge = ge;
             this.ks = ks;

Modified: river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyScanner.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyScanner.java?rev=1355351&r1=1355350&r2=1355351&view=diff
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyScanner.java (original)
+++ river/jtsk/trunk/src/org/apache/river/api/security/DefaultPolicyScanner.java Fri Jun 29 13:01:32 2012
@@ -25,6 +25,7 @@ package org.apache.river.api.security;
 import java.io.IOException;
 import java.io.Reader;
 import java.io.StreamTokenizer;
+import java.io.StringReader;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
@@ -95,12 +96,12 @@ class DefaultPolicyScanner {
     /**
      * Configures passed tokenizer accordingly to supported syntax.
      */
-    protected StreamTokenizer configure(StreamTokenizer st) {
+    StreamTokenizer configure(StreamTokenizer st) {
         st.slashSlashComments(true);
         st.slashStarComments(true);
-        st.wordChars('_', '_');
-        st.wordChars('$', '$');
-        return st;
+	st.wordChars('_', '_');
+	st.wordChars('$', '$');
+	return st;
     }
 
     /**
@@ -120,7 +121,7 @@ class DefaultPolicyScanner {
      * @throws InvalidFormatException
      *             if unexpected or unknown token encountered
      */
-    public void scanStream(Reader r, Collection<GrantEntry> grantEntries,
+    void scanStream(Reader r, Collection<GrantEntry> grantEntries,
             List<KeystoreEntry> keystoreEntries) throws IOException,
             InvalidFormatException {
         StreamTokenizer st = configure(new StreamTokenizer(r));
@@ -165,7 +166,7 @@ class DefaultPolicyScanner {
      * @throws InvalidFormatException
      *             if unexpected or unknown token encountered
      */
-    protected KeystoreEntry readKeystoreEntry(StreamTokenizer st)
+    KeystoreEntry readKeystoreEntry(StreamTokenizer st)
             throws IOException, InvalidFormatException {
         String url = null, type = null;
         if (st.nextToken() == '"') {
@@ -205,7 +206,7 @@ class DefaultPolicyScanner {
      * @throws InvalidFormatException
      *             if unexpected or unknown token encountered
      */
-    protected GrantEntry readGrantEntry(StreamTokenizer st) throws IOException,
+    GrantEntry readGrantEntry(StreamTokenizer st) throws IOException,
             InvalidFormatException {
         String signer = null, codebase = null;
         Collection<PrincipalEntry> principals = new ArrayList<PrincipalEntry>();
@@ -268,7 +269,7 @@ class DefaultPolicyScanner {
      * @throws InvalidFormatException
      *             if unexpected or unknown token encountered
      */
-    protected PrincipalEntry readPrincipalEntry(StreamTokenizer st)
+    PrincipalEntry readPrincipalEntry(StreamTokenizer st)
             throws IOException, InvalidFormatException {
         String classname = null, name = null;
         if (st.nextToken() == StreamTokenizer.TT_WORD) {
@@ -308,7 +309,7 @@ class DefaultPolicyScanner {
      * @throws InvalidFormatException
      *             if unexpected or unknown token encountered
      */
-    protected Collection<PermissionEntry> readPermissionEntries(
+    Collection<PermissionEntry> readPermissionEntries(
             StreamTokenizer st) throws IOException, InvalidFormatException {
         Collection<PermissionEntry> permissions = new HashSet<PermissionEntry>();
         parsing: while (true) {
@@ -365,12 +366,12 @@ class DefaultPolicyScanner {
 
         return permissions;
     }
-
+    
     /**
      * Formats a detailed description of tokenizer status: current token,
      * current line number, etc.
      */
-    protected String composeStatus(StreamTokenizer st) {
+    String composeStatus(StreamTokenizer st) {
         return st.toString();
     }
 
@@ -384,7 +385,7 @@ class DefaultPolicyScanner {
      *            Should not be <code>null</code>- use the overloaded
      *            single-parameter method instead.
      */
-    protected final void handleUnexpectedToken(StreamTokenizer st,
+    final void handleUnexpectedToken(StreamTokenizer st,
             String message) throws InvalidFormatException {
         throw new InvalidFormatException(Messages.getString("security.8F", //$NON-NLS-1$
                 composeStatus(st), message));
@@ -397,7 +398,7 @@ class DefaultPolicyScanner {
      * @param st
      *            a tokenizer holding the erroneous token
      */
-    protected final void handleUnexpectedToken(StreamTokenizer st)
+    final void handleUnexpectedToken(StreamTokenizer st)
             throws InvalidFormatException {
         throw new InvalidFormatException(Messages.getString("security.90", //$NON-NLS-1$
                 composeStatus(st)));
@@ -417,7 +418,7 @@ class DefaultPolicyScanner {
      * @see org.apache.river.imp.security.policy.util.DefaultPolicyParser
      * @see org.apache.river.imp.security.policy.util.DefaultPolicyScanner
      */
-    public static class KeystoreEntry {
+    static class KeystoreEntry {
 
         /**
          * The URL part of keystore clause.
@@ -448,14 +449,14 @@ class DefaultPolicyScanner {
         /**
          * @return the url
          */
-        public String getUrl() {
+        String getUrl() {
             return url;
         }
 
         /**
          * @return the type
          */
-        public String getType() {
+        String getType() {
             return type;
         }
     }
@@ -467,7 +468,7 @@ class DefaultPolicyScanner {
      * @see org.apache.river.imp.security.policy.util.DefaultPolicyParser
      * @see org.apache.river.imp.security.policy.util.DefaultPolicyScanner
      */
-    public static class GrantEntry {
+    static class GrantEntry {
 
         /**
          * The signers part of grant clause. This is a comma-separated list of
@@ -513,14 +514,14 @@ class DefaultPolicyScanner {
         /**
          * @return the signers
          */
-        public String getSigners() {
+        String getSigners() {
             return signers;
         }
 
         /**
          * @return the codebase
          */
-        public String getCodebase(Properties system) {
+        String getCodebase(Properties system) {
             if (system == null) return codebase;
             try {
                 return PolicyUtils.expand(codebase, system);
@@ -534,14 +535,14 @@ class DefaultPolicyScanner {
         /**
          * @return the principals
          */
-        public Collection<PrincipalEntry> getPrincipals(Properties system) {
+        Collection<PrincipalEntry> getPrincipals(Properties system) {
             return principals;
         }
 
         /**
          * @return the permissions
          */
-        public Collection<PermissionEntry> getPermissions() {
+        Collection<PermissionEntry> getPermissions() {
             return permissions;
         }
 
@@ -555,7 +556,7 @@ class DefaultPolicyScanner {
      * @see org.apache.river.imp.security.policy.util.DefaultPolicyParser
      * @see org.apache.river.imp.security.policy.util.DefaultPolicyScanner
      */
-    public static class PrincipalEntry {
+    static class PrincipalEntry {
 
         /**
          * Wildcard value denotes any class and/or any name.
@@ -593,14 +594,14 @@ class DefaultPolicyScanner {
         /**
          * @return the klass
          */
-        public String getKlass() {
+        String getKlass() {
             return klass;
         }
 
         /**
          * @return the name
          */
-        public String getName() {
+        String getName() {
             return name;
         }
     }
@@ -613,7 +614,7 @@ class DefaultPolicyScanner {
      * @see org.apache.river.imp.security.policy.util.DefaultPolicyParser
      * @see org.apache.river.imp.security.policy.util.DefaultPolicyScanner
      */
-    public static class PermissionEntry {
+    static class PermissionEntry {
 
         /**
          * The classname part of permission clause.
@@ -662,28 +663,28 @@ class DefaultPolicyScanner {
         /**
          * @return the klass
          */
-        public String getKlass() {
+        String getKlass() {
             return klass;
         }
 
         /**
          * @return the name
          */
-        public String getName() {
+        String getName() {
             return name;
         }
 
         /**
          * @return the actions
          */
-        public String getActions() {
+        String getActions() {
             return actions;
         }
 
         /**
          * @return the signers
          */
-        public String getSigners() {
+        String getSigners() {
             return signers;
         }
     }



Mime
View raw message