Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 2aedf226 编写于 作者: I igerasim
浏览文件
操作

8147771: Construction of static protection domains under Javax custom policy 

Summary: Changed SubjectDomainCombiner to combine static PD as is even when custom policy is enabled.
Reviewed-by: valeriep
上级 71323e8a
隐藏空白更改
内联 并排
Showing with 73 addition and 49 deletion
src/share/classes/java/security/ProtectionDomain.java
浏览文件 @ 2aedf226
......@@ -475,6 +475,11 @@ public class ProtectionDomain {
}
};
}
@Override
public boolean getStaticPermissionsField(ProtectionDomain pd) {
return pd.staticPermissions;
}
});
}
}
src/share/classes/javax/security/auth/SubjectDomainCombiner.java
浏览文件 @ 2aedf226
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -37,6 +37,8 @@ import java.security.Security;
import java.util.Set;
import java.util.WeakHashMap;
import java.lang.ref.WeakReference;
import sun.misc.SharedSecrets;
import sun.misc.JavaSecurityProtectionDomainAccess;
/**
* A {@code SubjectDomainCombiner} updates ProtectionDomains
......@@ -65,6 +67,9 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
private static final boolean allowCaching =
(useJavaxPolicy && cachePolicy());
private static final JavaSecurityProtectionDomainAccess pdAccess =
SharedSecrets.getJavaSecurityProtectionDomainAccess();
/**
* Associate the provided {@code Subject} with this
* {@code SubjectDomainCombiner}.
......@@ -239,10 +244,16 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
subjectPd = cachedPDs.getValue(pd);
if (subjectPd == null) {
subjectPd = new ProtectionDomain(pd.getCodeSource(),
if (pdAccess.getStaticPermissionsField(pd)) {
// Need to keep static ProtectionDomain objects static
subjectPd = new ProtectionDomain(pd.getCodeSource(),
pd.getPermissions());
} else {
subjectPd = new ProtectionDomain(pd.getCodeSource(),
pd.getPermissions(),
pd.getClassLoader(),
principals);
}
cachedPDs.putValue(pd, subjectPd);
} else {
allNew = false;
......@@ -341,60 +352,63 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
ProtectionDomain subjectPd = cachedPDs.getValue(pd);
if (subjectPd == null) {
// XXX
// we must first add the original permissions.
// that way when we later add the new JAAS permissions,
// any unresolved JAAS-related permissions will
// automatically get resolved.
// get the original perms
Permissions perms = new Permissions();
PermissionCollection coll = pd.getPermissions();
java.util.Enumeration<Permission> e;
if (coll != null) {
synchronized (coll) {
e = coll.elements();
while (e.hasMoreElements()) {
Permission newPerm =
if (pdAccess.getStaticPermissionsField(pd)) {
// keep static ProtectionDomain objects static
subjectPd = new ProtectionDomain(pd.getCodeSource(),
pd.getPermissions());
} else {
// XXX
// we must first add the original permissions.
// that way when we later add the new JAAS permissions,
// any unresolved JAAS-related permissions will
// automatically get resolved.
// get the original perms
Permissions perms = new Permissions();
PermissionCollection coll = pd.getPermissions();
java.util.Enumeration<Permission> e;
if (coll != null) {
synchronized (coll) {
e = coll.elements();
while (e.hasMoreElements()) {
Permission newPerm =
e.nextElement();
perms.add(newPerm);
perms.add(newPerm);
}
}
}
}
// get perms from the policy
final java.security.CodeSource finalCs = pd.getCodeSource();
final Subject finalS = subject;
PermissionCollection newPerms =
java.security.AccessController.doPrivileged
(new PrivilegedAction<PermissionCollection>() {
@SuppressWarnings("deprecation")
public PermissionCollection run() {
return
javax.security.auth.Policy.getPolicy().getPermissions
(finalS, finalCs);
}
});
// add the newly granted perms,
// avoiding duplicates
synchronized (newPerms) {
e = newPerms.elements();
while (e.hasMoreElements()) {
Permission newPerm = e.nextElement();
if (!perms.implies(newPerm)) {
perms.add(newPerm);
if (debug != null)
debug.println (
"Adding perm " + newPerm + "\n");
// get perms from the policy
final java.security.CodeSource finalCs = pd.getCodeSource();
final Subject finalS = subject;
PermissionCollection newPerms =
java.security.AccessController.doPrivileged
(new PrivilegedAction<PermissionCollection>() {
@SuppressWarnings("deprecation")
public PermissionCollection run() {
return
javax.security.auth.Policy.getPolicy().getPermissions
(finalS, finalCs);
}
});
// add the newly granted perms,
// avoiding duplicates
synchronized (newPerms) {
e = newPerms.elements();
while (e.hasMoreElements()) {
Permission newPerm = e.nextElement();
if (!perms.implies(newPerm)) {
perms.add(newPerm);
if (debug != null)
debug.println (
"Adding perm " + newPerm + "\n");
}
}
}
subjectPd = new ProtectionDomain
(finalCs, perms, pd.getClassLoader(), principals);
}
subjectPd = new ProtectionDomain
(finalCs, perms, pd.getClassLoader(), principals);
if (allowCaching)
cachedPDs.putValue(pd, subjectPd);
}
......
src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
浏览文件 @ 2aedf226
......@@ -36,4 +36,9 @@ public interface JavaSecurityProtectionDomainAccess {
* Returns the ProtectionDomainCache.
*/
ProtectionDomainCache getProtectionDomainCache();
/**
* Returns the staticPermissions field of the specified object
*/
boolean getStaticPermissionsField(ProtectionDomain pd);
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册