It looks like permissions can only be managed or revoked by class. If a domain has been granted more than one SocketPermission (e.g. to grant permission to use two ports or communicate with two hosts, etc.), can I revoke one of them?
If I have a delegate for a complex object (say Socket) to which sets of permissions may apply, how would the delegate handle the sets? If one SocketPermission were revoked, does the delegate need deep knowledge of the object it protects to determine if that revoked permission applies? Can a delegate always obtain the complete set of permissions which apply to it to reevaluate more fully? Should Controller maintain static maps of its own instances? If that map were contained by instances of RevokeableDynamicPolicy, then there could be multiple policy objects in use at one time. PrincipalGrant extends PermissionGrant and contains two Collections which are both used in the hash value and equals method. I would be inclined to enforce their immutability with Collections.unmodifiableCollection(). In the equals method, you might return false if the stored hash values are different before comparing the collections. PermissionGrant.getPermissions() is documented as returning an immutable Collection, but the method returns a mutable array instead? Fred On Wed, Aug 11, 2010 at 2:56 AM, Peter Firmstone <[email protected]> wrote: > Fred, > > Any thoughts? The ExecutionContextManager interface and implementation > (Controller) are shown below, the RevokeableDynamicPolicy and > PermissionGrant interfaces have implementations available on svn. > > The ExecutionContextManager is based around our discussion. > > Note that no Security Delegate is provided here, just a tool, which a > delegate or any other object may use, > ExecutionContextManager.checkPermission() and another method > addAction(Runnable r), to accept a Runnable to perform any clean up tasks > for complete revocation such as closing Socket's etc. The delegate need not > implement any interface other than the object it encapsulates. > > Cheers, > > Peter.
