[kaffe] PATCH: implement AccessController.getContext

Dalibor Topic robilad at kaffe.org
Mon May 31 14:39:23 PDT 2004 

Casey Marshall wrote:
> Hi.
> 
> Attached is a patch that attempts to implement AccessController, and
> fixes a few inconsistencies in other classes along the way.
> 
> The relevant details of this patch include:
> 
>   * The stack inspection is implemented in VMAccessController, which
>     simply has to provide three methods: pushing a privileged action
>     context, popping it off, and getting an AccessControlContext.
>     Fetching the actual stack is done in native code that works nearly
>     identically to ThreadStack.getClassStack, but returns the method
>     names alongside the classes. I couldn't find any existing code
>     that did what I wanted (and believe this class needs), so I had to
>     end up with some code duplication.
> 
>     This VM* split seems somewhat superfluous to me, but maybe it is
>     worth it. A similar implementation for libgcj should be trivial to
>     write, and maybe for other VMs too.
> 
>   * PrimordialClassLoader will set the default ProtectionDomain to one
>     that contains a single AllPermission object. I think this is the
>     right behavior, to allow "system" classes full permissions.
> 
>   * Permission checking (with a PolicyFile enabled) will work for some
>     permission types, but other Permission objects have some clear
>     bugs that prevent proper checks. So far PropertyPermission and
>     RuntimePermission seem to work ok.
> 
>   * There are some bugs in Classpath's security classes, some of which
>     are fixed here. I will propagate these back to Classpath.
> 
>   * I wasn't entirely sure how to update the build system properly, so
>     the Makefile diffs may be wrong.
> 
> Comments welcome. Clearly this isn't a complete implementation of the
> security architecture, but hopefully this is a start.

Hi Casey,

Nice! Thanks a lot, I've checked it in.

I also like that you've replaced Kaffe's own implementation of 
java.security classes by Classpath's, if you've got some time to look 
over the remaining ones, I'd love seeing kaffe getting closer to 
classpath in that area, too.

cheers,
dalibor topic

More information about the kaffe mailing list