Gregg Wonderly wrote:
Craig L Russell wrote:
Hi Gregg,
On May 13, 2010, at 8:23 AM, Gregg Wonderly wrote:
If you use System.load(), then you can use a static initialization
block to copy the jni bits from the jar into a temp directory and
then load it from that path.
My understanding is that you need to start the VM with the knowledge
of where all the jni libraries are. You can either put them into the
"standard" place (varies by platform) or in a special place and name
that special directory using the -Djava.library.path system property
when you start the VM. It doesn't work to set the system property
after you start the VM.
System.loadLibrary() does behave this way. System.load() does not,
and can load from anywhere providing permissions are granted
appropriately.
Gregg Wonderly
Hmm, some ideas, or am I barking up the wrong tree?
Could we not use a smart proxy that utilised System.load() to copy the
PAM JNI pieces locally as Gregg suggests, we could, as part of the next
release sign our jar files, then the code could be trusted and filtered
and permissions granted based on the signer principal.
The interfaces for interacting with the proxy could also be downloadable
and be loaded safely into a top level ClassLoader, all clients can
utilise a PAM Service Interface. Entry's could be used to identify the
platform each PAM service is specific to.
Perhaps PAM at the clients could be dynamically updated, work on
existing Jini clients and be specific to each platform.
Or is this just too complicated? Is there something similar that might
work? Sorry just thinking about cross platform issues.
I'm working on an new interface to perform dynamic permission grants
based on a CodeSource and Principal's, similar to static grants and in
addition to class (ProtectionDomain) and Principal grants for proxy's.
It's also revokeable, so that if a CodeSource becomes compromised the
Permission can be removed dynamically too. A CodeSource can have
multiple ProtectionDomain's.
The trick to making a Permission revokeable is to not allow the
PermissionCollection to become merged with the static
PermissionCollection in the ProtectionDomain. This means alway's
utilising the Java 1.4 + non static constructor in PermissionDomain.
Regards,
Peter.
Associated permissions need to be granted of course.
Of course.
Craig
Gregg Wonderly
Sent from my iPad
On May 13, 2010, at 9:59 AM, Dennis Reedy <[email protected]>
wrote:
On May 12, 2010, at 714PM, Peter Firmstone wrote:
I like the sound of that.
We can have an Authentication Service, we could place the
constraint of a key signature on that particular service (don't
want untrusted parties providing authentication), but once loaded,
the smart proxy could contain the JNI code required to perform the
authentication?
I'm not really sure if (and how) a smart proxy that once download
can (or should be given permission to) load a native library. From
what I have seen, the native library needs to be loaded from a
location that the JVM knows about (a priori). Would that native
library need to be installed onto the machine to the location where
the JVM has been configured to load native libraries from before
that native library was loaded?
Would the native library need to be loaded by a class loader that
is hierarchically a parent of class loaders that load services?
This is because the same JNI native library cannot be loaded into
more than one class loader, but different child class loaders of a
class loader that loaded the JNI library can gain access to the
loaded library such that System.loadLibrary will succeed (this
naturally assumes that other class loaders in the JVM would want
the capability to load the native library).
Dennis
Craig L Russell
Architect, Oracle
http://db.apache.org/jdo
408 276-5638 mailto:[email protected]
P.S. A good JDO? O, Gasp!
