Saturday 13 November 2004

Open source loose ends

It seems that I have a lot of OSS loose ends to tie up. Or alternatively, its scary how many things are needing a release.

Tonight I played with Joda-Primitives. This was my own breakoff from Commons-Primitives when I realised that I preferred a different design to commons. (Joda's primitive collections subclass JDK Collections, Commons' classes don't.)

Also waiting to be sorted are Commons Collections 3.2, IO 1.1 and Lang 2.1. And not forgetting the big Joda-Time 1.0. Somehow I need to get all of these done and dusted, while still keeping the day job. Sometimes I marvel at the amount of effort put in by other OSS developers, but maybe they're lucky enough to be able to work on OSS during work hours?

Tuesday 9 November 2004

Testing a security permission

Writing a JUnit test for a security permission object. That's got to be easy, right? Well it took me a while to figure out a solution so I thought I'd share.

Joda-Time has a security permission class, JodaTimePermission, that controls whether you have the rights to do things such as alter the current time. But writing a test was a pain, and what I have doesn't work on JDK1.3 or earlier.

The problem is to be able to change the security policy without manually stopping and starting the JVM and changing the policy file.

My solution was to create two classes that represented 'yes' and 'no':

  private static final Policy RESTRICT;
  private static final Policy ALLOW;
  static {
    // don't call Policy.getPolicy()
    RESTRICT = new Policy() {
      public PermissionCollection getPermissions(CodeSource codesource) {
        Permissions p = new Permissions();
        p.add(new AllPermission());  // enable everything
        return p;
      }
      public void refresh() {
      }
      public boolean implies(ProtectionDomain domain, Permission permission) {
        if (permission instanceof JodaTimePermission) {
           return false;
        }
        return true;
      }
    };
    ALLOW = new Policy() {
      public PermissionCollection getPermissions(CodeSource codesource) {
        Permissions p = new Permissions();
        p.add(new AllPermission());  // enable everything
        return p;
      }
      public void refresh() {
      }
    };
  }

These could then be used in the actual test method:

  public void testChangeCurrentTime() {
    try {
      Policy.setPolicy(RESTRICT);
      System.setSecurityManager(new SecurityManager());
      DateTimeUtils.setsetCurrentMillisFixed(0L); // disallowed by security
      fail();
    } catch (SecurityException ex) {
      // ok
    } finally {
      System.setSecurityManager(null);
      Policy.setPolicy(ALLOW);
    }
  }

I have to say that it all feels like a hack to me. So, has anyone else come up with a better solution for testing security permissions?

Saturday 6 November 2004

Joda-Time 0.98 released

Well, it took long enough, but finally its here. The new release of Joda-Time , the cleanroom replacement to JDK Date and Calendar. So whats in it?

  • DateTime - a millisecond based datetime + timezone
  • DateMidnight - a millisecond based date + timezone
  • YearMonthDay - a field based date without zone
  • TimeOfDay - a field based time without zone
  • Duration - a millisecond based length of time (23456 ms)
  • Period - a field based length of time (5 months, 2 days and 4 hours)
  • Interval - a time interval between two exact points in time

Those who've played with Joda-Time before will spot that some classes have changed. TimeOnly became TimeOfDay, DateOnly became DateMidnight or YearMonthDay depending on your requirements. This was all necessary to solve issues that only became apparant during testing. This is one project where test driven development might actually have produced a better design earlier, not just bug free code. Ah well, isn't hindsight great...

Friday 5 November 2004

General welcome

Well, perhaps its time I started blogging....