import org.apache.river.discovery.DiscoveryProtocolVersion; import org.apache.river.discovery.MulticastMaxPacketSize; import org.apache.river.discovery.MulticastTimeToLive; import org.apache.river.discovery.UnicastSocketTimeout; import java.util.Collections; import java.security.Permission; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.login.LoginContext; import net.jini.constraint.BasicMethodConstraints; import net.jini.constraint.BasicMethodConstraints.MethodDesc; import net.jini.core.constraint.ClientAuthentication; import net.jini.core.constraint.Integrity; import net.jini.core.constraint.InvocationConstraint; import net.jini.core.constraint.InvocationConstraints; import net.jini.core.constraint.ServerAuthentication; import net.jini.core.constraint.ServerMinPrincipal; import net.jini.jeri.BasicJeriExporter; import net.jini.jeri.ProxyTrustILFactory; import net.jini.jeri.kerberos.KerberosServerEndpoint; import net.jini.security.AccessPermission; import net.jini.security.AuthenticationPermission; import net.jini.security.BasicProxyPreparer; import net.jini.security.GrantPermission; multicast { private ttl = 1; } principal { /* * JAAS principals */ static tester = new KerberosPrincipal("${test}"); static norm = new KerberosPrincipal("${norm}"); static phoenix = new KerberosPrincipal("${phoenix}"); static reggie = new KerberosPrincipal("${reggie}"); static mercury = new KerberosPrincipal("${mercury}"); static fiddler = new KerberosPrincipal("${fiddler}"); static mahalo = new KerberosPrincipal("${mahalo}"); static outrigger = new KerberosPrincipal("${outrigger}"); } // principal test { /* * JAAS login contexts */ loginContext = new LoginContext("org.apache.river.Test"); // for discovery protocal simulator reggieLoginContext = new LoginContext("org.apache.river.Reggie"); /* for impl/mercury/InterOpTest */ private phoenixAuthenticationPermission = new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.phoenix), "connect" ); private phoenixGrantPermission = new GrantPermission( phoenixAuthenticationPermission); /* the exporter for test listeners */ integrityExporter = new BasicJeriExporter( KerberosServerEndpoint.getInstance(0), new ProxyTrustILFactory( new BasicMethodConstraints( new InvocationConstraints(Integrity.YES, null)), AccessPermission.class )); /* * Reggie defaults */ reggiePreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.reggie) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.reggie), "connect"), phoenixAuthenticationPermission, phoenixGrantPermission } ); reggieAdminPreparer = reggiePreparer; reggieEventRegistrationPreparer = new BasicProxyPreparer(); // obsolete reggieServiceRegistrationPreparer = reggiePreparer; reggieServiceLeasePreparer = reggiePreparer; reggieEventLeasePreparer = reggiePreparer; reggieListenerExporter = integrityExporter; /* * Fiddler defaults */ fiddlerPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[]{ Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.fiddler) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.fiddler), "connect"), phoenixAuthenticationPermission, phoenixGrantPermission }); fiddlerRegistrationPreparer = fiddlerPreparer; fiddlerEventRegistrationPreparer = new BasicProxyPreparer();//obsolete fiddlerLeasePreparer = fiddlerPreparer; fiddlerAdminPreparer = fiddlerPreparer; fiddlerListenerExporter = integrityExporter; /* * Norm defaults */ normPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[]{ Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.norm) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.norm), "connect"), phoenixAuthenticationPermission, phoenixGrantPermission }); normAdminPreparer = normPreparer; normRenewalSetPreparer = normPreparer; normEventRegistrationPreparer = new BasicProxyPreparer();//obsolete normLeasePreparer = normPreparer; normListenerExporter = integrityExporter; /* * Mahalo defaults */ mahaloPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.mahalo) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.mahalo), "connect"), phoenixAuthenticationPermission, phoenixGrantPermission }); mahaloLeasePreparer = mahaloPreparer; mahaloAdminPreparer = mahaloPreparer; /* * Outrigger defaults */ outriggerPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.outrigger) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.outrigger), "connect"), phoenixAuthenticationPermission, phoenixGrantPermission }); outriggerLeasePreparer = outriggerPreparer; outriggerAdminPreparer = outriggerPreparer; outriggerEventRegistrationPreparer = new BasicProxyPreparer(); //obsolete outriggerListenerExporter = integrityExporter; /* * Mercury defaults */ mercuryPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.mercury) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.mercury), "connect"), phoenixAuthenticationPermission, phoenixGrantPermission }); mercuryAdminPreparer = mercuryPreparer; mercuryListenerPreparer = mercuryPreparer; mercuryLeasePreparer = mercuryPreparer; mercuryRegistrationPreparer = mercuryPreparer; mercuryListenerExporter = integrityExporter; /* * Phoenix defaults */ phoenixPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.phoenix) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.phoenix), "connect") } ); /* * Shared group defaults */ groupPreparer = new BasicProxyPreparer( true, new BasicMethodConstraints( new InvocationConstraints( new InvocationConstraint[] { Integrity.YES, ServerAuthentication.YES, new ServerMinPrincipal(principal.tester) }, null )), new Permission[] { new AuthenticationPermission( Collections.singleton(principal.tester), Collections.singleton(principal.tester), "connect"), phoenixAuthenticationPermission, phoenixGrantPermission }); /* * Preparer for the vm killer (kerberos is special because * grants are needed) */ killerPreparer = new BasicProxyPreparer( false, new Permission[] { phoenixAuthenticationPermission, phoenixGrantPermission }); /* * Transaction defaults */ transactionParticipantExporter = integrityExporter; /* * Test lease defaults */ leaseExporter = integrityExporter; /* * Discovery constraints for discovery simulator (as reggie) */ discoveryConstraints = new BasicMethodConstraints( new MethodDesc[]{ new MethodDesc("unicastDiscovery", new InvocationConstraints( new InvocationConstraint[]{ ClientAuthentication.YES, ServerAuthentication.YES, Integrity.YES, new ServerMinPrincipal(principal.reggie), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )), new MethodDesc(new InvocationConstraints( new InvocationConstraint[]{ DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )) } ); /* * Discovery constraints for constructed locators (as tester) */ locatorConstraints = new BasicMethodConstraints( new MethodDesc[]{ new MethodDesc("unicastDiscovery", new InvocationConstraints( new InvocationConstraint[]{ ServerAuthentication.YES, Integrity.YES, new ServerMinPrincipal(principal.reggie), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )), new MethodDesc("getRegistrar", new InvocationConstraints( new InvocationConstraint[]{ new UnicastSocketTimeout(120000), // 2*60*1000 ServerAuthentication.YES, Integrity.YES, new ServerMinPrincipal(principal.reggie), DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )), new MethodDesc(new InvocationConstraints( new InvocationConstraint[]{ DiscoveryProtocolVersion.TWO, new MulticastMaxPacketSize(1024), new MulticastTimeToLive(multicast.ttl), new UnicastSocketTimeout(120000) // 2*60*1000 }, null )) } ); testLeaseVerifierExporter = integrityExporter; } // test net.jini.discovery.LookupDiscovery { registrarPreparer = test.reggiePreparer; discoveryConstraints = test.discoveryConstraints; } net.jini.discovery.LookupLocatorDiscovery { registrarPreparer = test.reggiePreparer; } net.jini.lookup.ServiceDiscoveryManager { registrarPreparer = test.reggiePreparer; eventLeasePreparer = test.reggiePreparer; eventListenerExporter = test.integrityExporter; } net.jini.lookup.JoinManager { registrarPreparer = test.reggiePreparer; }