1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8027204: Revise the update of 8026204 and 8025758

Browse Source 
Rivise the update to use system class loader with null TCCL.  Also reviewed by Alexander Fomin <alexander.fomin@oracle.com>

Reviewed-by: mchung, ahgross
This commit is contained in:
Xue-Lei Andrew Fan 2013-10-24 10:02:26 -07:00
parent 623fe13d2c
commit 35e44ba4bc
3 changed files with 21 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jdk/src/share/classes/com/sun/naming/internal/FactoryEnumeration.java
View File

@ -83,7 +83,6 @@ public final class FactoryEnumeration {
try { try {
if (answer == null) { // reload class if weak ref cleared if (answer == null) { // reload class if weak ref cleared
Class<?> cls = Class.forName(className, true, loader); Class<?> cls = Class.forName(className, true, loader);
VersionHelper12.checkPackageAccess(cls);
answer = cls; answer = cls;
} }
// Instantiate Class to get factory // Instantiate Class to get factory

61
jdk/src/share/classes/com/sun/naming/internal/VersionHelper12.java
View File

@ -39,7 +39,6 @@ import java.util.NoSuchElementException;
import java.util.Properties; import java.util.Properties;
import javax.naming.*; import javax.naming.*;
import sun.reflect.misc.ReflectUtil;
/** /**
* VersionHelper was used by JNDI to accommodate differences between * VersionHelper was used by JNDI to accommodate differences between
@ -54,18 +53,6 @@ import sun.reflect.misc.ReflectUtil;
final class VersionHelper12 extends VersionHelper { final class VersionHelper12 extends VersionHelper {
// workaround to disable additional package access control with
// Thread Context Class Loader (TCCL).
private final static boolean noPackageAccessWithTCCL = "true".equals(
AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
return System.getProperty(
"com.sun.naming.untieAccessContextWithTCCL");
}
}
));
// Disallow external from creating one of these. // Disallow external from creating one of these.
VersionHelper12() { VersionHelper12() {
} }
@ -83,9 +70,6 @@ final class VersionHelper12 extends VersionHelper {
Class<?> loadClass(String className, ClassLoader cl) Class<?> loadClass(String className, ClassLoader cl)
throws ClassNotFoundException { throws ClassNotFoundException {
Class<?> cls = Class.forName(className, true, cl); Class<?> cls = Class.forName(className, true, cl);
if (!noPackageAccessWithTCCL) {
checkPackageAccess(cls);
}
return cls; return cls;
} }
@ -103,35 +87,6 @@ final class VersionHelper12 extends VersionHelper {
return loadClass(className, cl); return loadClass(className, cl);
} }
/**
* check package access of a class that is loaded with Thread Context
* Class Loader (TCCL).
*
* Similar to java.lang.ClassLoader.checkPackageAccess()
*/
static void checkPackageAccess(Class<?> cls) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (ReflectUtil.isNonPublicProxyClass(cls)) {
for (Class<?> intf: cls.getInterfaces()) {
checkPackageAccess(intf);
}
return;
}
final String name = cls.getName();
final int i = name.lastIndexOf('.');
if (i != -1) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
sm.checkPackageAccess(name.substring(0, i));
return null;
}
}, AccessController.getContext());
}
}
}
String getJndiProperty(final int i) { String getJndiProperty(final int i) {
return AccessController.doPrivileged( return AccessController.doPrivileged(
new PrivilegedAction<String>() { new PrivilegedAction<String>() {
@ -220,18 +175,24 @@ final class VersionHelper12 extends VersionHelper {
/** /**
* Package private. * Package private.
* *
* This internal method makes use of Thread Context Class Loader (TCCL), * This internal method returns Thread Context Class Loader (TCCL),
* please don't expose this method as public. * if null, returns the system Class Loader.
* *
* Please take care of package access control on the current context * Please don't expose this method as public.
* whenever using TCCL.
*/ */
ClassLoader getContextClassLoader() { ClassLoader getContextClassLoader() {
return AccessController.doPrivileged( return AccessController.doPrivileged(
new PrivilegedAction<ClassLoader>() { new PrivilegedAction<ClassLoader>() {
public ClassLoader run() { public ClassLoader run() {
return Thread.currentThread().getContextClassLoader(); ClassLoader loader =
Thread.currentThread().getContextClassLoader();
if (loader == null) {
// Don't use bootstrap class loader directly!
loader = ClassLoader.getSystemClassLoader();
}
return loader;
} }
} }
); );

62
jdk/src/share/classes/javax/security/auth/login/LoginContext.java
View File

@ -37,10 +37,8 @@ import javax.security.auth.AuthPermission;
import javax.security.auth.callback.*; import javax.security.auth.callback.*;
import java.security.AccessController; import java.security.AccessController;
import java.security.AccessControlContext; import java.security.AccessControlContext;
import java.security.PrivilegedAction;
import sun.security.util.PendingException; import sun.security.util.PendingException;
import sun.security.util.ResourcesMgr; import sun.security.util.ResourcesMgr;
import sun.reflect.misc.ReflectUtil;
/** /**
* <p> The {@code LoginContext} class describes the basic methods used * <p> The {@code LoginContext} class describes the basic methods used
@ -227,19 +225,6 @@ public class LoginContext {
private static final sun.security.util.Debug debug = private static final sun.security.util.Debug debug =
sun.security.util.Debug.getInstance("logincontext", "\t[LoginContext]"); sun.security.util.Debug.getInstance("logincontext", "\t[LoginContext]");
// workaround to disable additional package access control with
// Thread Context Class Loader (TCCL).
private static final boolean noPackageAccessWithTCCL = "true".equals(
AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
return System.getProperty(
"auth.login.untieAccessContextWithTCCL");
}
}
));
private void init(String name) throws LoginException { private void init(String name) throws LoginException {
SecurityManager sm = System.getSecurityManager(); SecurityManager sm = System.getSecurityManager();
@ -293,7 +278,15 @@ public class LoginContext {
contextClassLoader = java.security.AccessController.doPrivileged contextClassLoader = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<ClassLoader>() { (new java.security.PrivilegedAction<ClassLoader>() {
public ClassLoader run() { public ClassLoader run() {
return Thread.currentThread().getContextClassLoader(); ClassLoader loader =
Thread.currentThread().getContextClassLoader();
if (loader == null) {
// Don't use bootstrap class loader directly to ensure
// proper package access control!
loader = ClassLoader.getSystemClassLoader();
}
return loader;
} }
}); });
} }
@ -713,17 +706,11 @@ public class LoginContext {
// instantiate the LoginModule // instantiate the LoginModule
// //
// Allow any object to be a LoginModule as long as it // Allow any object to be a LoginModule as long as it
// conforms to the interface if no customized config or // conforms to the interface.
// noPackageAccessWithTCCL is true.
Class<?> c = Class.forName( Class<?> c = Class.forName(
moduleStack[i].entry.getLoginModuleName(), moduleStack[i].entry.getLoginModuleName(),
true, true,
contextClassLoader); contextClassLoader);
// check package access for customized config
if (!noPackageAccessWithTCCL && creatorAcc != null) {
c.asSubclass(javax.security.auth.spi.LoginModule.class);
checkPackageAccess(c, creatorAcc);
}
Constructor<?> constructor = c.getConstructor(PARAMS); Constructor<?> constructor = c.getConstructor(PARAMS);
Object[] args = { }; Object[] args = { };
@ -926,35 +913,6 @@ public class LoginContext {
} }
} }
/**
* check package access of a class that is loaded with Thread Context
* Class Loader (TCCL) with specified access control context.
*
* Similar to java.lang.ClassLoader.checkPackageAccess()
*/
static void checkPackageAccess(Class<?> cls, AccessControlContext context) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (ReflectUtil.isNonPublicProxyClass(cls)) {
for (Class<?> intf: cls.getInterfaces()) {
checkPackageAccess(intf, context);
}
return;
}
final String name = cls.getName();
final int i = name.lastIndexOf('.');
if (i != -1) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
sm.checkPackageAccess(name.substring(0, i));
return null;
}
}, context);
}
}
}
/** /**
* Wrap the caller-specified CallbackHandler in our own * Wrap the caller-specified CallbackHandler in our own
* and invoke it within a privileged block, constrained by * and invoke it within a privileged block, constrained by