Peter Firmstone wrote:
What I discovered when implementing a Concurrent version of
RevokeableDynamicPolicy:
* PermissionCollection.elements() returned an
Enumeration<Permission> that would throw a
ConcurrentModificationException, when Permission's were added to
the backing PermissionCollection.
* java.security.Permissions is a heterogeneous PermissionCollection
implementation, it's a point of contention for threads. It needed
a concurrent replacement.
* The replacement,
org.apache.river.imp.security.policy.ConcurrentPermissions
implements a threadsafe alternative for Permissions that prevents
Enumeration<Permission> from throwing
ConcurrentModificationException by caching.
* Now it is possible for Policy.implies(ProtectionDomain,
Permission) calls to occur concurrently during adding or removal
of PermissionGrant's. Policy.elements() Enumeration<Permission>
can also be enumerated during adding or removal of
PermissionGrant's or implies() calls.
Policy.elements() - correction this should be
PermissionCollection.elements() as shown earlier, this is the method
that returns the Enumeration<Permission>, Enumerating a standard
PermissionCollection causes a ConcurrentModificationException, if the
PermissionCollection is mutated (add(Permission) is called) at the same
time.
* UmbrellaGrantPermission's have been added to
org.apache.river.imp.security.policy.DynamicConcurrentPolicyProvider,
so you can minimise the size of Policy files for GrantPermission's.
* This implementation passes all the existing qa harness and jtreg
tests for DynamicPolicy.
* Please feel free to assist by creating new tests for Concurrency
(many threads, hammer all methods).
