river-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter_firmst...@apache.org
Subject svn commit: r1464924 - in /river/jtsk/skunk/qa_refactor/trunk: qa/src/com/sun/jini/test/impl/outrigger/leasing/ qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/ qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/ qa/src/com/sun/j...
Date Fri, 05 Apr 2013 11:12:44 GMT
Author: peter_firmstone
Date: Fri Apr  5 11:12:44 2013
New Revision: 1464924

URL: http://svn.apache.org/r1464924
Log:
Refactoring of URIGrant to utilise new Uri class instead of UriString.

Changes to CombinerSecurityManager to better handle misbehaving policy or PermissionGrant
implementations.

Re-enable tests recently disabled.

Added:
    river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CodeSourceRequiredPermissions.java
Removed:
    river/jtsk/skunk/qa_refactor/trunk/src/net/jini/loader/pref/CodeSourceWithPermissionsRequired.java
Modified:
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseNotifyLeaseTestRenewShutdown.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTest.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestCancel.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenewCancel.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/GetContextTest.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/NullCasesTest.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/SubPoliciesTest.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/UntrustedGetContextClassLoader.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/ExpirationNotifyTest.td
    river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotExpirationNotifyTest.td
    river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/net/Uri.java
    river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
    river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/URIGrant.java

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseNotifyLeaseTestRenewShutdown.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseNotifyLeaseTestRenewShutdown.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseNotifyLeaseTestRenewShutdown.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseNotifyLeaseTestRenewShutdown.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 #Test fails randomly, temporarily suspended pending release 2.3.0
-com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
+#com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
 testClass=UseNotifyLeaseTest
 testCategories=javaspace,javaspace_impl,javaspace_impl_leasing
 include0=../outrigger.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTest.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTest.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTest.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 #Test fails randomly, temporarily suspended pending release 2.3.0
-com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
+#com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
 testClass=UseTxnMgrSpaceLeaseTest
 testCategories=javaspace,javaspace_impl,javaspace_impl_leasing
 include0=../outrigger.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestCancel.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestCancel.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestCancel.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestCancel.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 #Test fails randomly, temporarily suspended pending release 2.3.0
-com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
+#com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
 testClass=UseTxnMgrSpaceLeaseTest
 testCategories=javaspace,javaspace_impl,javaspace_impl_leasing
 include0=../outrigger.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenew.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 #Test fails randomly, temporarily suspended pending release 2.3.0
-com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
+#com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
 testClass=UseTxnMgrSpaceLeaseTest
 testCategories=javaspace,javaspace_impl,javaspace_impl_leasing
 include0=../outrigger.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenewCancel.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenewCancel.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenewCancel.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/outrigger/leasing/UseTxnMgrSpaceLeaseTestRenewCancel.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 #Test fails randomly, temporarily suspended pending release 2.3.0
-com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
+#com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
 testClass=UseTxnMgrSpaceLeaseTest
 testCategories=javaspace,javaspace_impl,javaspace_impl_leasing
 include0=../outrigger.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/GetContextTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/GetContextTest.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/GetContextTest.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/GetContextTest.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 testClass=GetContextTest
-testCategories=start,start_impl
+testCategories=start,start_impl,policyprovider
 #testClasspath=<harnessJar>$:${com.sun.jini.qa.home}$/lib$/qa1-start-tests.jar$:${com.sun.jini.qa.home}$/lib$/$qajinidep$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar
 
 testClasspath=${altClasspath}$:${com.sun.jini.qa.home}/lib/qa1-start-tests.jar

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/NullCasesTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/NullCasesTest.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/NullCasesTest.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/NullCasesTest.td
Fri Apr  5 11:12:44 2013
@@ -1,3 +1,3 @@
 testClass=NullCasesTest
-testCategories=start,start_impl
+testCategories=start,start_impl,policyprovider
 include0=../start.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/SubPoliciesTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/SubPoliciesTest.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/SubPoliciesTest.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/SubPoliciesTest.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 testClass=SubPoliciesTest
-testCategories=start,start_impl
+testCategories=start,start_impl,policyprovider
 #testClasspath=${com.sun.jini.qa.home}$/lib$/harness.jar$:${com.sun.jini.qa.home}$/lib$/qa1-start-tests.jar$:${com.sun.jini.qa.home}$/lib$/$qajinidep$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar
 
 testClasspath=${altClasspath}$:<file:lib/qa1-start-tests.jar>

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/UntrustedGetContextClassLoader.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/UntrustedGetContextClassLoader.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/UntrustedGetContextClassLoader.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/aggregatepolicyprovider/UntrustedGetContextClassLoader.td
Fri Apr  5 11:12:44 2013
@@ -1,3 +1,3 @@
 testClass=UntrustedGetContextClassLoader
-testCategories=start,start_impl
+testCategories=start,start_impl,policyprovider
 include0=../start.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/impl/start/loadersplitpolicyprovider/LoaderSplitPolicyProviderTest.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 testClass=LoaderSplitPolicyProviderTest
-testCategories=start,start_impl
+testCategories=start,start_impl,policyprovider
 testClasspath=${altClasspath}$:<file:lib/qa1-start-tests.jar>
 testPolicyfile=<url:harness/policy/defaulttest.policy>
 ldrPolicyfile=<url:LoaderSplitPolicyProviderTest.loader.policy>

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/ExpirationNotifyTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/ExpirationNotifyTest.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/ExpirationNotifyTest.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/ExpirationNotifyTest.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 #Test fails randomly, temporarily suspended pending release 2.3.0
-com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
+#com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
 testClass=ExpirationNotifyTest
 testCategories=javaspace,javaspace_spec,javaspace_conformance
 include0=javaspace.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotExpirationNotifyTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotExpirationNotifyTest.td?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotExpirationNotifyTest.td
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/qa/src/com/sun/jini/test/spec/javaspace/conformance/snapshot/SnapshotExpirationNotifyTest.td
Fri Apr  5 11:12:44 2013
@@ -1,5 +1,5 @@
 #Test fails randomly, temporarily suspended pending release 2.3.0
-com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
+#com.sun.jini.qa.harness.verifier=com.sun.jini.qa.harness.SkipTestVerifier
 testClass=SnapshotExpirationNotifyTest
 testCategories=javaspace,javaspace_spec,javaspace_conformance,snapshot
 include0=../javaspace.properties

Modified: river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/net/Uri.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/net/Uri.java?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/net/Uri.java (original)
+++ river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/net/Uri.java Fri Apr  5 11:12:44
2013
@@ -250,7 +250,7 @@ public final class Uri implements Compar
     }
     
     public static Uri urlToUri(URL url) throws URISyntaxException{
-        return Uri.parseAndCreate(url.toString());
+        return Uri.parseAndCreate(fixWindowsURI(url.toString()));
     }
     
     public static File uriToFile(Uri uri){
@@ -262,7 +262,8 @@ public final class Uri implements Compar
         if (File.separatorChar == '\\') {
             path = path.replace(File.separatorChar, '/');
         }
-        return new Uri("file", null, path, null, null); //$NON-NLS-1$
+        path = fixWindowsURI("file:" + path);
+        return Uri.escapeAndCreate(path); //$NON-NLS-1$
     }
     
     public static Uri filePathToUri(String path) throws URISyntaxException{
@@ -284,7 +285,8 @@ public final class Uri implements Compar
         if (File.separatorChar == '\\') {
             path = path.replace(File.separatorChar, '/');
         }
-        return new Uri("file", null, path, null, null); //$NON-NLS-1$
+        path = fixWindowsURI("file:" + path);
+        return Uri.escapeAndCreate(path); //$NON-NLS-1$
     }
     
     /* Begin Object Implementation */
@@ -935,6 +937,7 @@ public final class Uri implements Compar
         if (!(o instanceof Uri)) {
             return false;
         }
+        if (hash != o.hashCode()) return false;
         Uri uri = (Uri) o;
 
         if (uri.fragment == null && fragment != null || uri.fragment != null
@@ -1016,6 +1019,269 @@ public final class Uri implements Compar
             return false;
         }
     }
+    
+    /** 
+     * Indicates whether the specified Uri is implied by this {@link
+     * Uri}. Returns {@code true} if all of the following conditions are
+     * {@code true}, otherwise {@code false}:
+     * <p>
+     * <ul>
+     * <li>this scheme is not {@code null}
+     * <li>this scheme is equal to {@code implied}'s scheme.
+     * <li>if this host is not {@code null}, the
+     * following conditions are checked
+     * <ul>
+     * <li>{@code cs}'s host is not {@code null}
+     * <li>the wildcard or partial wildcard of this {@code Uri}'s
+     * host matches {@code implied}'s host.
+     * </ul>
+     * <li>if this {@code Uri}'s port != -1 the port of {@code
+     * implied}'s location is equal to this {@code Uri}'s port
+     * <li>this {@code Uri}'s path matches {@code implied}'s path
+     * whereas special wildcard matching applies as described below.
+     * </ul>
+     * Matching rules for path:
+     * <ul>
+     * <li>if this {@code Uri}'s path ends with {@code "/-"},
+     * then {@code implied}'s path must start with {@code Uri}'s path
+     * (exclusive the trailing '-')
+     * <li>if this {@code Uri}'s path ends with {@code "/*"},
+     * then {@code implied}'s path must start with {@code Uri}'s path
+     * (exclusive the trailing '*') and must not have any further '/'
+     * <li>if this {@code Uri}'s path ends with {@code "/"},
+     * then {@code implied}'s path must start with {@code Uri}'s path
+     * <li>if this {@code Uri}'s path does not end with {@code
+     * "/"}, then {@code implied}'s path must start with {@code Uri}'s
+     * path with the '/' appended to it.
+     * </ul>
+     * Examples for Uri that imply the Uri
+     * "http://harmony.apache.org/milestones/M9/apache-harmony.jar":
+     *
+     * <pre>
+     * http:
+     * http://&#42;/milestones/M9/*
+     * http://*.apache.org/milestones/M9/*
+     * http://harmony.apache.org/milestones/-
+     * http://harmony.apache.org/milestones/M9/apache-harmony.jar
+     * </pre>
+     *
+     * @param implied
+     *            the Uri to check.
+     * @return {@code true} if the argument is implied by this
+     *         {@code Uri}, otherwise {@code false}.
+     */
+    public boolean implies(Uri implied) { // package private for junit
+        //.This section of code was copied from Apache Harmony's CodeSource
+        // SVN Revision 929252
+        //
+        // Here, javadoc:N refers to the appropriate item in the API spec for 
+        // the CodeSource.implies()
+        // The info was taken from the 1.5 final API spec
+
+        // javadoc:1
+//        if (cs == null) {
+//            return false;
+//        }
+
+        /* Certificates can safely be ignored, they're checked by CertificateGrant */
+        
+        // javadoc:2
+        // with a comment: the javadoc says only about certificates and does 
+        // not explicitly mention CodeSigners' certs.
+        // It seems more convenient to use getCerts() to get the real 
+        // certificates - with a certificates got form the signers
+//        Certificate[] thizCerts = getCertificatesNoClone();
+//        if (thizCerts != null) {
+//            Certificate[] thatCerts = cs.getCertificatesNoClone();
+//            if (thatCerts == null
+//                    || !PolicyUtils.matchSubset(thizCerts, thatCerts)) {
+//                return false;
+//            }
+//        }
+
+        // javadoc:3
+        
+            
+            //javadoc:3.1
+//            URL otherURL = cs.getLocation();
+//            if ( otherURL == null) {
+//                return false;
+//            }
+//            URI otherURI;
+//            try {
+//                otherURI = otherURL.toURI();
+//            } catch (URISyntaxException ex) {
+//                return false;
+//            }
+            //javadoc:3.2
+            if (hash == implied.hash){
+                if (this.equals(implied)) {
+                    return true;
+                }
+            }
+            //javadoc:3.3
+            if ( scheme != null){
+                if (!scheme.equalsIgnoreCase(implied.scheme)) {
+                    return false;
+                }
+            }
+            //javadoc:3.4
+            if (host != null) {
+                if (implied.host == null) {
+                    return false;
+                }
+
+                // 1. According to the spec, an empty string will be considered 
+                // as "localhost" in the SocketPermission
+                // 2. 'file://' URLs will have an empty getHost()
+                // so, let's make a special processing of localhost-s, I do 
+                // believe this'll improve performance of file:// code sources 
+
+                //
+                // Don't have to evaluate both the boolean-s each time.
+                // It's better to evaluate them directly under if() statement.
+                // 
+                // boolean thisIsLocalHost = thisHost.length() == 0 || "localhost".equals(thisHost);
+                // boolean thatIsLocalHost = thatHost.length() == 0 || "localhost".equals(thatHost);
+                // 
+                // if( !(thisIsLocalHost && thatIsLocalHost) &&
+                // !thisHost.equals(thatHost)) {
+
+                if (!((host.length() == 0 || "localhost".equals(host)) && (implied.host
//$NON-NLS-1$
+                        .length() == 0 || "localhost".equals(implied.host))) //$NON-NLS-1$
+                        && !host.equals(implied.host)) {
+                    
+                    // Do wildcard matching here to replace SocketPermission functionality.
+                    // This section was copied from Apache Harmony SocketPermission
+                    boolean hostNameMatches = false;
+                    boolean isPartialWild = (host.charAt(0) == '*');
+                    if (isPartialWild) {
+                        boolean isWild = (host.length() == 1);
+                        if (isWild) {
+                            hostNameMatches = true;
+                        } else {
+                            // Check if thisHost matches the end of thatHost after the wildcard
+                            int length = host.length() - 1;
+                            hostNameMatches = implied.host.regionMatches(implied.host.length()
- length,
+                                    host, 1, length);
+                        }
+                    }
+                    if (!hostNameMatches) return false; // else continue.
+                    
+                    /* Don't want to try resolving URIGrant, it either has a
+                     * matching host or it doesn't.
+                     * 
+                     * The following section is for resolving hosts, it is
+                     * not relevant here, but has been preserved for information
+                     * purposes only.
+                     * 
+                     * Not only is it expensive to perform DNS resolution, hence
+                     * the creation of URIGrant, but a CodeSource.implies
+                     * may also require another SocketPermission which may 
+                     * cause the policy to get stuck in an endless loop, since it
+                     * doesn't perform the implies in priviledged mode, it might
+                     * also allow an attacker to substitute one codebase for
+                     * another using a dns cache poisioning attack.  In any case
+                     * the DNS cannot be assumed trustworthy enough to supply
+                     * the policy with information at this level. The implications
+                     * are greater than the threat posed by SocketPermission
+                     * which simply allows a network connection, as this may
+                     * apply to any Permission, even AllPermission.
+                     * 
+                     * Typically the URI of the codebase will be a match for
+                     * the codebase annotation string that is stored as a URL
+                     * in CodeSource, then converted to a URI for comparison.
+                     */
+
+                    // Obvious, but very slow way....
+                    // 
+                    // SocketPermission thisPerm = new SocketPermission(
+                    //          this.location.getHost(), "resolve");
+                    // SocketPermission thatPerm = new SocketPermission(
+                    //          cs.location.getHost(), "resolve");
+                    // if (!thisPerm.implies(thatPerm)) { 
+                    //      return false;
+                    // }
+                    //
+                    // let's cache it: 
+
+//                    if (this.sp == null) {
+//                        this.sp = new SocketPermission(thisHost, "resolve"); //$NON-NLS-1$
+//                    }
+//
+//                    if (cs.sp == null) {
+//                        cs.sp = new SocketPermission(thatHost, "resolve"); //$NON-NLS-1$
+//                    } 
+//
+//                    if (!this.sp.implies(cs.sp)) {
+//                        return false;
+//                    }
+                    
+                } // if( ! this.location.getHost().equals(cs.location.getHost())
+            } // if (this.location.getHost() != null)
+
+            //javadoc:3.5
+            if (port != -1) {
+                if (port != implied.port) {
+                    return false;
+                }
+            }
+
+            //javadoc:3.6
+            // compatbility with URL.getFile
+            String thisFile;
+            String thatFile;
+            if (fileSchemeCaseInsensitiveOS){
+                thisFile = path == null ? null: path.toUpperCase(Locale.ENGLISH);
+                thatFile = implied.path == null ? null: implied.path.toUpperCase(Locale.ENGLISH);
+            } else {
+                thisFile = path;
+                thatFile = implied.path;
+            }
+            if (thatFile == null || thisFile == null) return false;
+            if (thisFile.endsWith("/-")) { //javadoc:3.6."/-" //$NON-NLS-1$
+                if (!thatFile.startsWith(thisFile.substring(0, thisFile
+                        .length() - 2))) {
+                    return false;
+                }
+            } else if (thisFile.endsWith("/*")) { //javadoc:3.6."/*" //$NON-NLS-1$
+                if (!thatFile.startsWith(thisFile.substring(0, thisFile
+                        .length() - 2))) {
+                    return false;
+                }
+                // no further separators(s) allowed
+                if (thatFile.indexOf("/", thisFile.length() - 1) != -1) { //$NON-NLS-1$
+                    return false;
+                }
+            } else {
+                // javadoc:3.6."/"
+                if (!thisFile.equals(thatFile)) {
+                    if (!thisFile.endsWith("/")) { //$NON-NLS-1$
+                        if (!thatFile.equals(thisFile + "/")) { //$NON-NLS-1$
+                            return false;
+                        }
+                    } else {
+                        return false;
+                    }
+                }
+            }
+            
+            // Fragment and path are ignored.
+            //javadoc:3.7
+            // A URL Anchor is a URI Fragment.
+//            if (thiss.getFragment() != null) {
+//                if (!thiss.getFragment().equals(implied.getFragment())) {
+//                    return false;
+//                }
+//            }
+            // ok, every check was made, and they all were successful. 
+            // it's ok to return true.
+        
+
+        // javadoc: a note about CodeSource with null location and null Certs 
+        // is applicable here 
+        return true;
+    }
 
     /**
      * Gets the decoded authority part of this URI.

Added: river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CodeSourceRequiredPermissions.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CodeSourceRequiredPermissions.java?rev=1464924&view=auto
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CodeSourceRequiredPermissions.java
(added)
+++ river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CodeSourceRequiredPermissions.java
Fri Apr  5 11:12:44 2013
@@ -0,0 +1,26 @@
+
+package org.apache.river.api.security;
+
+import java.security.Permission;
+import org.apache.river.api.common.Beta;
+
+/**
+ * Jar files that specify a META-INF/permissions.perm file as per the OSGi
+ * syntax, allow a ProxyVerifier to grant these permissions dynamically.
+ * 
+ * @author peter
+ */
+@Beta
+public interface CodeSourceRequiredPermissions {
+    /* TODO: Override and create our own CodeSource
+     * implementation that contains permissions.perm
+     * After we retrieve the manifest, class bytes and
+     * certificates, create the CodeSource we call
+     * defineClass(String name, byte[]b, int off, int len, CodeSource cs)
+     * 
+     * This will be utilised by a class that overrides 
+     * BasicProxyPreparer.getPermissions()
+     * to retrieve the advisory permissions.
+     */
+    public Permission [] getPermissions();
+}

Modified: river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
(original)
+++ river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
Fri Apr  5 11:12:44 2013
@@ -451,7 +451,7 @@ extends SecurityManager implements Cachi
             }
             try {
                 // We can change either call to add a timeout.
-                latch.await(); // Throws InterruptedException
+                if (!latch.await(180L, TimeUnit.SECONDS)) return false; // Throws InterruptedException
                 it = resultList.iterator();
                 try {
                     while (it.hasNext()){
@@ -521,26 +521,31 @@ extends SecurityManager implements Cachi
         }
 
         public Boolean call() throws Exception {
-            // Required for AggregatePolicyProvider.
-            Boolean result = AccessController.doPrivileged( 
-                securityContext != null ?
-                    securityContext.wrap(
-                        new PrivilegedAction<Boolean>(){
-                            public Boolean run() {
-                                boolean result = checkPermission(pd, p);
-                                return Boolean.valueOf(result);
+            try {
+                // Required for AggregatePolicyProvider.
+                Boolean result = AccessController.doPrivileged( 
+                    securityContext != null ?
+                        securityContext.wrap(
+                            new PrivilegedAction<Boolean>(){
+                                public Boolean run() {
+                                    boolean result = checkPermission(pd, p);
+                                    return Boolean.valueOf(result);
+                                }
                             }
+                        ) 
+                    :new PrivilegedAction<Boolean>(){
+                        public Boolean run() {
+                            boolean result = checkPermission(pd, p);
+                            return Boolean.valueOf(result);
                         }
-                    ) 
-                :new PrivilegedAction<Boolean>(){
-                    public Boolean run() {
-                        boolean result = checkPermission(pd, p);
-                        return Boolean.valueOf(result);
-                    }
-                }  
-            );
-            latch.countDown();
-            return result;
+                    }  
+                );
+                return result;
+            } finally {
+                // In case we exit with a runtime exception, ensure threads
+                // aren't left waiting.
+                latch.countDown();
+            }
         }
         
     }

Modified: river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/URIGrant.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/URIGrant.java?rev=1464924&r1=1464923&r2=1464924&view=diff
==============================================================================
--- river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/URIGrant.java (original)
+++ river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/URIGrant.java Fri
Apr  5 11:12:44 2013
@@ -142,7 +142,7 @@ class URIGrant extends CertificateGrant 
             return false;
         }
         for (int i = 0; i<l ; i++){
-            if (implies(uris[i], implied)) return true;
+            if (uris[i].implies(implied)) return true;
         }
         return false;
     }



Mime
View raw message