GigaSpaces XAP 9.1 API

net.jini.security.proxytrust
Class ProxyTrustVerifier

java.lang.Object
  extended by net.jini.security.proxytrust.ProxyTrustVerifier
All Implemented Interfaces:
TrustVerifier

public class ProxyTrustVerifier
extends Object
implements TrustVerifier

Trust verifier for service proxies that use dynamically downloaded code. This verifier uses a recursive algorithm to obtain one or more bootstrap proxies, which must be objects that are instances of both ProxyTrust and RemoteMethodControl. If a bootstrap proxy (or a derivative of it) is known to be trusted, a remote call is made through it to obtain a trust verifier for the original service proxy. This class is intended to be specified in a resource to configure the operation of Security.verifyObjectTrust. com.sun.jini.impl - This implementation uses the Logger named net.jini.security.trust to log information at the following levels:

Level Description
FAILED no verifier is obtained from a ProxyTrustIterator
HANDLED RemoteException being passed to ProxyTrustIterator.setException
FINE ProxyTrust.getProxyVerifier remote call returns a trust verifier
FINER an object with a getProxyTrustIterator method is encountered
FINER each object produced by a ProxyTrustIterator and each derivative bootstrap proxy

Since:
2.0
Author:
Sun Microsystems, Inc.

Nested Class Summary
 
Nested classes/interfaces inherited from interface net.jini.security.TrustVerifier
TrustVerifier.Context
 
Constructor Summary
ProxyTrustVerifier()
          Creates an instance.
 
Method Summary
 boolean isTrustedObject(Object obj, TrustVerifier.Context ctx)
          Returns true if the specified object is known to be trusted to correctly implement its contract; returns false otherwise.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ProxyTrustVerifier

public ProxyTrustVerifier()
Creates an instance.

Method Detail

isTrustedObject

public boolean isTrustedObject(Object obj,
                               TrustVerifier.Context ctx)
                        throws RemoteException
Returns true if the specified object is known to be trusted to correctly implement its contract; returns false otherwise.

This method returns false if the caller context collection of the specified trust verifier context does not contain a MethodConstraints instance with non-empty constraints for the ProxyTrust.getProxyVerifier method, or if a TrustVerifier cannot be obtained from the specified object using the steps described below. Otherwise a TrustVerifier is obtained, its isTrustedObject method is called with the same arguments passed to this method, and the result of that call is returned by this method; any exception thrown by that call is thrown by this method. If a verifier cannot be obtained but one or more of the intermediate operations involved in attempting to obtain one throws a RemoteException, the last such RemoteException is thrown by this method (rather than this method returning false). If any intermediate operation throws a SecurityException exception, that exception is immediately thrown by this method.

A verifier is obtained from a candidate object as follows.

Given a bootstrap proxy, a verifier can be obtained from a trusted derivative bootstrap proxy as follows. A derivative can be produced from the bootstrap proxy if all of the following conditions are satisfied: the bootstrap proxy was not itself produced (either from an iteration or as a derivative) by the latest active invocation of ProxyTrustVerifier (not including the current one) in this thread; the bootstrap proxy is an instance of a dynamically generated Proxy class; neither the proxy's class nor the invocation handler's class has an appropriate getProxyTrustIterator method; the class loader of the proxy's class is the proper Java(TM) RMI class loader (as defined below) for its parent class loader and the class's codebase (as produced by RMIClassLoader.getClassAnnotation); and both ProxyTrust and RemoteMethodControl are loadable by the parent class loader. The derivative that is produced is an instance of a dynamically generated Proxy class defined by the parent class loader that implements both ProxyTrust and RemoteMethodControl and contains the same invocation handler as the bootstrap proxy. The derivative is a trusted derivative bootstrap proxy if calling the specified context's isTrustedObject method with the derivative returns true. If a trusted derivative bootstrap proxy can be produced, its getProxyVerifier method is called, using as the client constraints for the remote call the first MethodConstraints instance obtained from the caller context collection (of the specified trust verifier context) that has non-empty constraints for that getProxyVerifier method. The returned verifier is used as is, if the class loader of the returned verifier's class is equal to the class loader of the original bootstrap proxy's class, or if, in generating a serialization of the verifier, no class passed to ObjectOutputStream.annotateClass or ObjectOutputStream.annotateProxyClass has a class loader not equal to the class loader of the original bootstrap proxy's class but has a codebase that is equal to the codebase of the original bootstrap proxy's class. Otherwise, the verifier is remarshalled in a manner equivalent to creating a MarshalledInstance with the verifier and then calling the get method of that object with the class loader of the original bootstrap proxy's class as the default loader, with no codebase integrity verification and with an empty context collection, and the remarshalled verifier is used instead. If an IOException or ClassNotFoundException is thrown by this remarshalling, the exception is wrapped in an UnmarshalException and the resulting exception is treated as if it had been thrown by the remote call that returned the verifier.

A class loader of a class is the proper Java RMI class loader for its parent class loader and the class's codebase if the class loader is not null, the codebase for the class is a non-empty string, and calling RMIClassLoader.getClassLoader with that codebase, with the thread's context class loader set to the parent class loader, returns the class loader of the class.

Specified by:
isTrustedObject in interface TrustVerifier
Parameters:
obj - the object in which to verify trust
ctx - the trust verifier context, to aid in verification of the specified object and its components
Returns:
true if the specified object is known to be trusted to correctly implement its contract; false otherwise
Throws:
NullPointerException - if any argument is null
SecurityException - if a security exception occurs
RemoteException - if a communication-related exception occurs

GigaSpaces XAP 9.1 API

Copyright © GigaSpaces.