After passing some 1400 + qa tests, then running the Jtreg tests, I
found a jtreg test that failed due to my misinterpreting the
implementation of nested DynamicPolicy's.
Just show's you can't ignore the jtreg tests, they're important.
For some reason my system has expired certificates, I
/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/JTlib-tmp
[delete] Deleting:
/opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/jtreg/test.props
BUILD FAILED
/opt/src/River_Fixed_2nd_Try/peterConcurrentPolicy/qa/build.xml:243:
if=jtreg.fail
Total time: 35 minutes 2 seconds
Peter
I've committed the Jini TCK, at least that's what I think it used to be
called ;)
I've preserved the license headers as mentioned on River-32.
If someone's got some time, I set it up as a netbeans project, so it
compiles, it needs a proper ant build script.
Have a look in River-32 for the
These are integration tests already written for River users to run
against their service code, to check sensible network behaviour etc.
It does require the user to write some Admin adapter code, but not much.
Cheers,
Peter.
Peter wrote:
Thanks Sim,
It's just a default netbeans ant script,
[java] -
[java]
[java] # of tests started = 1412
[java] # of tests completed = 1412
[java] # of tests skipped = 46
[java] # of tests passed= 1412
[java] # of tests failed= 0
[java]
[java]
Greg,
Are there any areas where you could use some help with the Surrogate
implementation?
This year, we could make an impact with fresh releases for River,
Surrogate and the LDJ Kit.
Cheers,
Peter.
Discovery V1:
1. I don't want new users using Discovery V1 by mistake.
2. No support for security.
3. No migration path to Discovery V2.
4. Problem for existing deployed environments.
5. Removal would simplify understanding of Discovery API's for new
developers.
Peter.
/%3c77f1e32f67c8d5479858c0c7e93eb465072d9...@wal-mail.global.avidww.com%3E
http://mail-archives.apache.org/mod_mbox/river-dev/201108.mbox/%3c4e5a2c7d.2080...@zeus.net.au%3E
Chris
-Original Message-
From: Peter Firmstone [mailto:j...@zeus.net.au]
Sent: Friday, January 20, 2012 2:18 PM
To: dev
Simon IJskes - QCG wrote:
On 18-01-12 11:15, Peter Firmstone wrote:
This would include adding net.jini.security.Security to that jar file as
well and removing it from jsk-platform.jar
If it is so decided, shall i do the build.xml?
Gr. Sim
Sure, I could use some help.
Cheers,
Peter.
Unlike the Policy Provider, the SecurityManager doesn't need to be
loaded by the extension ClassLoader.
Anyway while designing the new SecurityManager, I've added support for
net.jini.security.SecurityContext and overridden the
SecurityManager.getContext() method, to return a SecurityContext,
Simon IJskes - QCG wrote:
I would like to integrate mdns discovery into the reggie. I've done
some work with jmdns, and i'm thinking about forking it into our own
codebase. Like org.apache.river.jmdns for instance. There are some
methods in the jmdns implementation i would like to deprecated
Ok, thanks.
Simon IJskes - QCG wrote:
On 18-01-12 02:45, Peter Firmstone wrote:
Thank u both.
modify_appgroups.pl hudson-jobadmin --add=peter_firmstone
Now that you have access, i'm going to convert the skunk build to
manual start. I have a lot of problems with getting the QA build
Sim,
Could you try running skunk on FreeBSD?
Cheers,
Peter.
Apache Jenkins Server wrote:
See https://builds.apache.org/job/River-trunk-QA-bsd/6/
--
[...truncated 15501 lines...]
[java]
Simon IJskes - QCG wrote:
On 16-01-12 13:19, Peter Firmstone wrote:
Sim,
Could you try running skunk on FreeBSD?
Cheers,
Peter.
Apache Jenkins Server wrote:
Done. But there are some issues with hanging jobs, so its not clear
that it will run soon.
Gr. Sim
Thanks Sim
Oddly enough all the tests pass, I think it's looking in trunk, instead
of skunk for the output, not sure...
Peter.
Apache Jenkins Server wrote:
See https://builds.apache.org/job/River-trunk-QA-ubuntu-jdk7-skunk/3/changes
Changes:
[peter_firmstone] Ensure DelegateCombinerSecurityManager
Simon IJskes - QCG wrote:
Shall we adapt our compatibility policy?
http://www.oracle.com/technetwork/java/eol-135779.html
Gr. Sim
+1
Might as well, we don't have the resources at present to support Java 5
properly and we can't compile the build on it due to dependencies and
aren't testing
the following property? Is it still valid?
-Dsun.rmi.transport.tcp.connectionPool=true
Thanks,
Bryan
-Original Message-
From: Peter Firmstone [mailto:j...@zeus.net.au]
Sent: Friday, January 13, 2012 8:41 AM
To: Bryan Thompson
Cc: dev@river.apache.org; u...@river.apache.org
Subject
Simon IJskes - QCG wrote:
I've disabled jira commenting for River-trunk, the jira commenting for
River-trunk-jdk7 is still enabled.
Also the skunk build is polling every 15 minutes. I've handstarted it
again, because it does not restart when the build fails.
Gr. Sim
Thanks Sim, The
Bryan Thompson wrote:
Peter,
Rather than testing against the trunk, I would prefer to test the change
against the 2.2 release. That will allow me to avoid validating the entire
state of the trunk and let me focus on whether the change fixes the specific
DGC problem.
It looks like [1] is
for access (ThreadPoolPermission
and GetThreadPoolAction)
- common logging of uncaught exceptions
-- Peter
On Jan 12, 2012, at 7:53 PM, Peter Firmstone wrote:
ThreadPool implements the com.sun.jini.thread.Executor interface.
Because the interface states it should not block, I think the calling
directions on how to
rebuild the necessary jar(s)?
Did you already file an issue for this? If not, I will
file an issue and then update it when I test out this fix.
Thanks,
Bryan
-Original Message-
From: Peter Firmstone [mailto:j...@zeus.net.au]
Sent: Friday
Tom Hobbs wrote:
Hi guys,
We've been a TLP for nearly a year now - well done us!
Six months ago I offered to let someone else have a go chairing the
PMC. So, I'm offering again. I'm happy to continue doing it if no
one else has any pressing wish to do it, has a better vision for the
project
Hi Peter,
I was wondering if you had any thoughts on this post from Bryan on River
users?
Hope you don't mind me asking ;)
Best Regards,
Peter Firmstone.
---BeginMessage---
Hi Bryan,
Sorry that no one got back to you about this. I'm afraid that I don't
know the answer to your question
of threads
created based on available CPU's and a scaling factor and place the
tasks in a BlockingQueue, so if the queue is filled, it blocks.
Can you report the issue as a Bug on Jira for me, I'll fix this before
the next release.
Regards,
Peter.
Peter Firmstone wrote:
Hi Peter,
I
;
}
@Override
public Thread newThread(Runnable r) {
return new Thread(threadGroup, r);
}
}
}
Peter Firmstone wrote:
ThreadPool implements the com.sun.jini.thread.Executor interface.
Because the interface states it should not block, I think the calling
thread
This is my result after replacing Permissions with ConcurrentPermissions
(only change)
[java] -
[java]
[java] # of tests started = 1412
[java] # of tests completed = 1412
[java] # of tests skipped = 46
[java] # of tests passed
, at 4:53 PM, Peter Firmstone wrote:
Hi Peter,
I was wondering if you had any thoughts on this post from Bryan on
River users?
Hope you don't mind me asking ;)
Best Regards,
Peter Firmstone.
*From: *Tom Hobbs tvho...@googlemail.com
mailto:tvho...@googlemail.com
*Date: *January 12, 2012 3:45
Is there another way to create an Endpoint per exported object? I'm
just thinking, it seems unlikely that Brian's implemented his own
Endpoint, but are there any other error conditions or incorrect use
scenarios that could produce the same problem?
Cheers,
Peter.
Peter Jones wrote:
Bryan,
Peter Firmstone wrote:
Looks like I've had some regressions.
These tests were passing yesterday, so it must have something to do
with some very recent changes, something to do with null CodeSource in
ProtectionDomain's, I suspect.
Regards,
Peter.
com/sun/jini/test/impl/start
Thanks Sim.
Simon IJskes - QCG wrote:
On 11-01-12 00:34, Peter Firmstone wrote:
Simon IJskes - QCG wrote:
On 10-01-12 12:54, Peter Firmstone wrote:
At this point, the code's only been tested on sparc.
If you give the SVN url, then i will run a QA on the apache build
server.
https
Hey Sim,
Can you fire that test up for me? I don't seem to have a valid login on
Jenkins.
Thanks,
Peter.
Peter Firmstone wrote:
Thanks Sim.
Simon IJskes - QCG wrote:
On 11-01-12 00:34, Peter Firmstone wrote:
Simon IJskes - QCG wrote:
On 10-01-12 12:54, Peter Firmstone wrote
Tom Dan, thanks for the support, we're probably looking at a dry run
by the weekend, right now I'm running the tests again, this run is
expected to pass, I'm just checking for any regressions (same code in
svn). I'll clean out all the redundant code, followed by some
refactoring to move new
Dan Creswell wrote:
On 8 January 2012 22:48, Peter Firmstone j...@zeus.net.au wrote:
Dan Creswell wrote:
On 8 January 2012 11:40, Peter Firmstone peter.firmst...@zeus.net.au
wrote:
How much can this one synchronized method spoil scalability?
Not much as far as I
Dan Creswell wrote:
I'd also observe that running multiple processes gets you out of this
predicament.
Yes that's true too.
Since it's a global class lock on Policy, it does make it a possible
avenue to perform denial of service. I might just raise a bug report
and suggest it be changed
Dan Creswell wrote:
On 9 January 2012 10:03, Peter Firmstone j...@zeus.net.au wrote:
The really odd part is, I've removed the policy caches, instead of slowing
down like I expected, the policies run faster, I've stripped the cache from
DynamicPolicyProvider too, making it far simpler
workload out there that won't scale due to this method?
Nathan Reynolds | Consulting Member of Technical Staff | 602.333.9091
Oracle PSR Engineering | Server Technology
On 1/8/2012 4:40 AM, Peter Firmstone wrote:
Appended is a new java.security.Policy implementation, it fully supports
express or
implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Default Policy implementation taken from Apache Harmony, refactored
for
* concurrency.
*
* @author Alexey V. Varlamov
* @author Peter Firmstone
Does anyone rely on static ProtectionDomain's?
new ProtectionDomain(codeSource, permissions)
Static domains do not consult the Policy, ever.
Does anyone rely on a ProtectionDomain that doesn't consult the
installed policy for security decisions?
Regards,
Peter.
Dan Creswell wrote:
On 8 January 2012 11:40, Peter Firmstone peter.firmst...@zeus.net.au wrote:
How much can this one synchronized method spoil scalability?
Not much as far as I can see - there's going to be a one off
initialisation cost and after that it's a fast path with a single
,
Peter.
Dan Creswell wrote:
Can you explain a bit more of the motivation for asking the questions below?
On 8 January 2012 11:49, Peter Firmstone j...@zeus.net.au wrote:
Does anyone rely on static ProtectionDomain's?
new ProtectionDomain(codeSource, permissions)
Static domains do not consult
- Peter.
Dan Creswell wrote:
Mmmm, trouble is the debugger itself (or at least its agent) could be
the problem - they aren't perfect devices, typically.
Considering I have trouble printing the ProtectionDomain in the debugger,
could this be a stale reference, or is there no relation?
Simon IJskes - QCG wrote:
Hoi,
I'm going to remove the jenkins jobs for freebsd. If jdk availability
improves, jobs can be easily copied from other jobs to reinstate them.
Gr. Simon
Ok, doesn't look like it'll be passing any time soon (Due to sun jvm
implementation dependencies?), although
The failures look like they were caused by an open socket, perhaps from
a stale process, think I'll take a wait and see approach.
Caused by: java.net.BindException: Address already in use
Apache Jenkins Server wrote:
See https://builds.apache.org/job/River-trunk-QA-ubuntu-jdk7/1/
- listen,resolve)
)
main[1]
Peter Firmstone wrote:
Dan Creswell wrote:
On 24 December 2011 11:36, Peter Firmstone j...@zeus.net.au wrote:
I'm experiencing some failing tests:
run.tests=com/sun/jini/test/spec/lookupservice/test_set00/MultipleEvntLeaseRenewals.td,\
com/sun/jini/test/spec
but it
also means the troubles they're facing with equals and hashCode are
in your face.
Happy Christmas,
Dan.
On 23 December 2011 02:06, Peter Firmstone j...@zeus.net.au wrote:
There's another way around poorly written equals() and hashCode()
implementations.
In my reference collection
?
Peter Firmstone wrote:
Thoughts?
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under
that implements a sensible equals
and has it's own PermissionCollection, that uses a tryLock and skips
SocketPermission's it can't obtain the lock and try again later.
Cheers,
Peter.
On 19 December 2011 05:59, Peter Firmstone j...@zeus.net.au wrote:
Thoughts?
/*
* Licensed to the Apache
Gregg Wonderly wrote:
On 12/18/2011 11:59 PM, Peter Firmstone wrote:
@Override
public boolean implies(Permission permission) {
if ( ! cl.isInstance(permission)) return false;
Permission [] p = perms.toArray(new Permission[0]);
//perms.size() may change
I not sure why you
net.jini.security.policy.ConcurrentPolicyFile is a concurrent
replacement for sun.security.provider.PolicyFile and combined with
DynamicPolicyProvider is passing all policy provider and security tests
for Apache River, except for one appended below.
The good news is this test checks for the
The current policy parser implementation still generates CodeSource
based grant's, these can cause dns lookups when CodeSource.implies is
called. For this reason, as soon as all tests are confirmed passing,
I'll be switching it over to utilise URI based grants.
Peter.
Peter Firmstone wrote
Thoughts?
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version
SocketPermission elements in the default
Policy's PermissionCollection), but still only about 50 LOC.
Chris
-Original Message-
From: Peter Firmstone [mailto:j...@zeus.net.au]
Sent: Friday, December 09, 2011 9:28 PM
To: dev@river.apache.org
Subject: Implications for Security Checks - SocketPermission
the SocketPermission check, 2) the
RIVER-396 patch and 3) switching JERI to NIO to save some threads.
Chris
-Original Message-
From: Gregg Wonderly [mailto:gr...@wonderly.org]
Sent: Tuesday, December 13, 2011 8:19 AM
To: dev@river.apache.org
Cc: Peter Firmstone
Subject: Re: Implications
?
Cheers,
Peter.
Dennis Reedy wrote:
Hi Peter,
The URICLassLoader I use has been released into the public domain as explained
here:
http://creativecommons.org/licenses/publicdomain
Does that still mean that you cant use it with River?
Dennis
On Dec 10, 2011, at 1012PM, Peter Firmstone
Dennis,
You utilise URIClassLoader which uses URI instead of URL, I've noticed
that it's MPL, GPL or LGPL licensed so we can't distribute it with River.
I've been looking into a subtle performance issue with
PreferredClassProvider and PreferredClassLoader, an array of URL's are
used as keys
DNS lookups and reverse lookups caused by URL and SocketPermission,
equals, hashCode and implies methods create some serious performance
problems for distributed programs.
The concurrent policy implementation I've been working on reduces lock
contention between threads performing security
Dan is right, these issues are Jvm issues, perhaps we should take a wait
and see approach?
Could a service API annotation be of use to assist preferred list
generation? @Service
1. Developer annotates the Service Interface.
2. Modify classdep to identify Service API (the dependencies of
With River, we execute separately compiled bytecodes at runtime by
taking advantage of discovery and lookup services - distributed
dependency injection. Service API, Java and Jini Platforms provide
compatibility, for separately compiled components, these are the parent
classes and interfaces
Sim IJskes - QCG wrote:
On 08-11-11 00:44, Peter Firmstone wrote:
I think a cooperatively maintained spec is good, providing motivation
for ongoing compatibility among different implementations, without the
burden of a standards body.
Yes, and what at stake is here, is: are the PMC members
Sim IJskes - QCG wrote:
On 02-11-11 21:11, Tom Hobbs wrote:
It's that time again.
Comments always welcome, due date is 16th November.
Below is the November board report for River
Apache River is a distributed computing architecture, based on the JSK
Starter Kit Source code donated by Sun
Well I've had a little play, simple to learn, powerful and good at
simulating corner case thread situations. The only drawback is you have
to be careful about event names in your schedule syntax, it's easy for a
typo to ruin a test, although in this case it's obvious because the test
doesn't
I've just realised the code probably isn't a good fit with commons
collections, primarily because it utilises Generics.
On 29/09/2011 9:07 AM, Peter Firmstone wrote:
These reference collection utilities don't really belong in our
project, but they do assist to solve some fundamental problems
* @see Collection
* @see Comparable
* @author Peter Firmstone.
*/
public enum Ref {
/**
* SOFT References implement equals based on equality of the referent
* objects, while the referent is still reachable. The hashCode
* implementation is based on the referent
, Peter Firmstone wrote:
On 29/08/2011 6:23 PM, Peter Firmstone wrote:
On 28 August 2011 09:18, Peter Firmstonepeter.firmst...@zeus.net.au
wrote:
Then we stop using the preferred classes mechanism by default.
Why?
This will allow us to prevent codebase annotation loss
Jini has the behavior that clients dynamically discover the code
that they will use. OSGi has the attribute that clients load packages for the
code that they use. In both cases, the deployment mechanism has established
the content that is the code. OSGi includes more literal dependency
I think a number of the usability issues relate to our not having defined the
platform and recognising how this relates to deployment.
Practically, there is, in fact, a platform. It is the classes in
jsk-platform.jar. Now, is that specified formally, in a way that people can
also draw
.10800 IN A 82.165.118.152
;; Query time: 52 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Fri Aug 19 06:54:41 2011
;; MSG SIZE rcvd: 49
So the record is there and registered but there's no IP address -
looks like an admin error...
On 19 August 2011 01:26, Peter
I've attached PCodeSource, it extends CodeSource and overrides
toString() and has a getRequiredPerms() method for retrieving the
Permissions the CodeSource requires to execute. These can be added to
any AuthPermission's required and granted dynamically by clients.
PCodeSource will contain
is don't write any documentation,
right? ;-)
Nah, it just highlights we need to pay more attention to docs.
Cheers,
Peter.
Grammar and spelling have been sacrificed on the altar of messaging via
mobile device.
On 17 Aug 2011 04:00, Peter Firmstone j...@zeus.net.au wrote:
Having a closer
that holds
credentials, or the Subject, then you could use your own domain combiner
to retrieve them.
Maybe there's a better solution, anyone have any ideas?
Cheers,
Peter.
Gregg Wonderly wrote:
On 8/16/2011 1:10 AM, Peter Firmstone wrote:
Gregg,
I'm wondering if you might like to donate
Gregg,
I'm wondering if you might like to donate the code to River, perhaps
under an new Jira?
Regards,
Peter.
Gregg Wonderly wrote:
On 8/11/2011 9:34 PM, Peter Firmstone wrote:
Gregg Wonderly wrote:
I've done this a couple of different ways. I do have a server side
invocation
handler
What are the challenges writing secure java policy files?
1. Determining a set of minimal permissions that code requires to
execute, not only for local code but for proxy's too.
2. Figuring out which Principal / CodeSource / Certificate,
permission grant combinations to add to
Would you be interested in setting up a subproject on River?
Gregg Wonderly wrote:
On 8/16/2011 1:10 AM, Peter Firmstone wrote:
Gregg,
I'm wondering if you might like to donate the code to River, perhaps
under an
new Jira?
Much of this code is visible on java.net under the authlib
Gregg Wonderly wrote:
On 8/11/2011 9:34 PM, Peter Firmstone wrote:
Gregg Wonderly wrote:
I've done this a couple of different ways. I do have a server side
invocation
handler that can extract a Principal from the calling context to
find an
identity, and then use JAAS to login to check your
Not being critical, just curious.
Cheers,
Peter.
Peter Firmstone wrote:
Gregg Wonderly wrote:
I've done this a couple of different ways. I do have a server side
invocation handler that can extract a Principal from the calling
context to find an identity, and then use JAAS to login to check
Greg Trasuk wrote:
I don't see separate releases solving anything. The security setup
should just be a matter of selecting a different Configuration file,
depending on what level and type of transport security and
confidentiality you want. I'd picture supplying a minimal-security
configuration
I like this approach, it sounds elegant.
Cheers,
Peter.
Patricia Shanahan wrote:
I've thought of a significant simplification, based on the idea that I
only need samples of the task count.
I was going to try to use a concurrent queue and deal with observations
getting out of order. I just
Since JAAS only provides a framework, ( policy files etc are only
designed for small deployments, they don't scale) I've often wondered if
we should be providing a default framework.
Apache Shiro is an interesting project, it's probably worth
investigating too.
Cheers,
Peter.
Peter
---BeginMessage---
Gregg Wonderly wrote:
On 8/9/2011 7:57 PM, Peter Firmstone wrote:
I'm interested, I've been thinking about this too, what's your
current service
interface?
The service interface is the service interface. The mechanism just
uses a proxy, delegating object. Thus
and prints PermissionGrant's, so an administrator can view
changes as they occur remotely.
Any ideas?
Cheers,
Peter.
On 2 August 2011 01:52, Peter Firmstone j...@zeus.net.au wrote:
Just get some feedback on this potential remote policy service. The main
intent here is to provide a secure
with information about which Permission's may be
granted.
*
* @author Peter Firmstone
*/
public interface PermissionGrant {
/**
* A DynamicPolicy implementation can use a PermissionGrant as a
container
* for Dynamic Grant's. A PermissionGrant is first asked by the Policy
* if it applies
may be used by extending DefaultPolicyScanner.
*
* @author Peter Firmstone
* @see GrantPermission
* @see UmbrellaGrantPermission
* @see PolicyParser
* @see DefaultPolicyParser
* @see DefaultPolicyScanner
*/
public interface RemotePolicy {
/**
* Replaces the existing RemotePolicy's
Just thought I'd go over the ideas, thoughts and TODO's that come to
mind and get some feedback about what others are thinking and what tasks
they see as important. There's plenty of work for those so inclined and
generous with time.
Brief Summary:
* TaskManager - improve concurrency and
Peter Jones wrote:
On Jun 19, 2011, at 5:37 AM, Peter Firmstone wrote:
The easiest way to set DGC constraints would be via configuration.
Perhaps the reason this hasn't been implemented previously is, the constraints
would apply to all services that use DGC, so if you've set Authentication
Patricia Shanahan wrote:
On 7/31/2011 1:43 AM, Peter Firmstone wrote:
...
* TaskManager - improve concurrency and remove the dependency on
Task.runAfter() in River code.
...
I'm playing with implementing a subclass of ThreadPoolExecutor that
modifies the number of threads based on the mean
.
On Sun, 2011-07-31 at 04:43, Peter Firmstone wrote:
Just thought I'd go over the ideas, thoughts and TODO's that come to
mind and get some feedback about what others are thinking and what tasks
they see as important. There's plenty of work for those so inclined and
generous with time
Sim IJskes - QCG wrote:
On 20-07-11 14:04, Peter Firmstone wrote:
The Endpoint implementations I'm interested in are the SSLEndpoint's.
The socket in the SslConnection class is connected with a
SocketAddress (in SslConnection.connectToSocketAddress)
So if you have created your own Socket
Sim IJskes - QCG wrote:
On 19-07-11 02:35, Peter Firmstone wrote:
Uuid). The problem they ran into; the service and proxy needed to be
trust verified again after the connection was reestablished, but
permissions had already been granted. To make matters worse it was the
I think that we only
] http://www.apache.org/foundation/marks/responsibility.html
I've read the above document - Peter Firmstone.
gtra...@apache.org wrote:
Author: gtrasuk
Date: Tue Jul 19 15:23:56 2011
New Revision: 1148392
URL: http://svn.apache.org/viewvc?rev=1148392view=rev
Log:
Continuing work on classloading for surrogate modules.
Modified:
Sim IJskes - QCG wrote:
On 10-07-11 06:37, Peter wrote:
Any suggestions, ideas or assistance is welcome.
A ServerEndpoint needs to know its external contact identity. In case
of the TcpServerEndpoint the hostname where the client needs to
connect to.
Correct, that would be the publicly
Principal's or clients are allowed to
grant to proxy's.
Some food for thought.
Cheers,
Peter.
Peter Firmstone wrote:
When deploying nodes in a Djinn, how do you currently manage your
security policies? How secure is your environment?
Java can use URL based policies, but this is subject
There's an interesting thread of discussion in the Porter mail archive
that Mark has uploaded for us (see River-311), relating to the TaskManager.
Here's a very interesting comment from Bob Scheifler:
Over the years we've been slowly eliminating use of Task.runAfter, and
in any overhaul I'd
Patricia Shanahan wrote:
On 6/26/2011 1:23 PM, Peter Firmstone wrote:
There's an interesting thread of discussion in the Porter mail archive
that Mark has uploaded for us (see River-311), relating to the
TaskManager.
Here's a very interesting comment from Bob Scheifler:
Over the years we've
,
Peter.
Peter Firmstone wrote:
River doesn't currently offer constraints for DGC, it's currently
vulnerable to attacks where the attacker knows the clientID, an
attacker makes clean calls, clients are removed and the service is
garbage collected, a simple DOS attack.
Should DGC be disabled
Patricia Shanahan wrote:
I'm working on the Apache River Release Getting Started More page,
src-doc/static/info-index.html
I has several broken links. Some are easy to deal with - for example,
replacing incubator links with river.apache.org links.
How do you think we should handle
Does anyone know how to get javadoc to include .groovy files? So we can
document the Groovy config and include it in the api documentation?
Cheers,
Peter.
River doesn't currently offer constraints for DGC, it's currently
vulnerable to attacks where the attacker knows the clientID, an attacker
makes clean calls, clients are removed and the service is garbage
collected, a simple DOS attack.
Should DGC be disabled in environments where security is
Patricia Shanahan wrote:
I've started taking a look at the release notes, and found a couple of
broken links, to incubator and jini.net, in the html files.
I have other commitments tomorrow, so I probably won't be able to do
much about this until Sunday.
Will jini.net be alive again, at
401 - 500 of 522 matches
Mail list logo