Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
3b4d8ca9
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
3b4d8ca9
编写于
1月 22, 2016
作者:
S
sjiang
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8144430: Improve JMX connections
Reviewed-by: dfuchs, jbachorik, skoivu
上级
8740f3da
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
472 addition
and
43 deletion
+472
-43
src/share/classes/com/sun/jmx/remote/util/EnvHelp.java
src/share/classes/com/sun/jmx/remote/util/EnvHelp.java
+16
-1
src/share/classes/java/io/ObjectInputStream.java
src/share/classes/java/io/ObjectInputStream.java
+47
-24
src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
...lasses/javax/management/remote/rmi/RMIJRMPServerImpl.java
+83
-4
src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
.../classes/sun/management/jmxremote/ConnectorBootstrap.java
+8
-2
src/share/classes/sun/misc/JavaObjectInputStreamAccess.java
src/share/classes/sun/misc/JavaObjectInputStreamAccess.java
+41
-0
src/share/classes/sun/misc/ObjectStreamClassValidator.java
src/share/classes/sun/misc/ObjectStreamClassValidator.java
+43
-0
src/share/classes/sun/misc/SharedSecrets.java
src/share/classes/sun/misc/SharedSecrets.java
+14
-1
src/share/classes/sun/rmi/server/DeserializationChecker.java
src/share/classes/sun/rmi/server/DeserializationChecker.java
+93
-0
src/share/classes/sun/rmi/server/MarshalInputStream.java
src/share/classes/sun/rmi/server/MarshalInputStream.java
+38
-4
src/share/classes/sun/rmi/server/UnicastServerRef.java
src/share/classes/sun/rmi/server/UnicastServerRef.java
+89
-7
未找到文件。
src/share/classes/com/sun/jmx/remote/util/EnvHelp.java
浏览文件 @
3b4d8ca9
/*
/*
* Copyright (c) 2003, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -54,6 +54,21 @@ import javax.management.remote.JMXConnectorServer;
...
@@ -54,6 +54,21 @@ import javax.management.remote.JMXConnectorServer;
public
class
EnvHelp
{
public
class
EnvHelp
{
/**
* Name of the attribute that specifies a list of class names acceptable
* as parameters to the {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
* remote method call.
* <p>
* This list of classes should correspond to the transitive closure of the
* credentials class (or classes) used by the installed {@linkplain JMXAuthenticator}
* associated with the {@linkplain RMIServer} implementation.
* <p>
* If the attribute is not set, or is null, then any class is
* deemed acceptable.
*/
public
static
final
String
CREDENTIAL_TYPES
=
"jmx.remote.rmi.server.credential.types"
;
/**
/**
* <p>Name of the attribute that specifies a default class loader
* <p>Name of the attribute that specifies a default class loader
* object.
* object.
...
...
src/share/classes/java/io/ObjectInputStream.java
浏览文件 @
3b4d8ca9
/*
/*
* Copyright (c) 1996, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -39,8 +39,10 @@ import java.util.Arrays;
...
@@ -39,8 +39,10 @@ import java.util.Arrays;
import
java.util.HashMap
;
import
java.util.HashMap
;
import
java.util.concurrent.ConcurrentHashMap
;
import
java.util.concurrent.ConcurrentHashMap
;
import
java.util.concurrent.ConcurrentMap
;
import
java.util.concurrent.ConcurrentMap
;
import
java.util.concurrent.atomic.AtomicBoolean
;
import
static
java
.
io
.
ObjectStreamClass
.
processQueue
;
import
static
java
.
io
.
ObjectStreamClass
.
processQueue
;
import
sun.misc.ObjectStreamClassValidator
;
import
sun.misc.SharedSecrets
;
import
sun.misc.Unsafe
;
import
sun.reflect.misc.ReflectUtil
;
import
sun.reflect.misc.ReflectUtil
;
/**
/**
...
@@ -1504,23 +1506,28 @@ public class ObjectInputStream
...
@@ -1504,23 +1506,28 @@ public class ObjectInputStream
throws
IOException
throws
IOException
{
{
byte
tc
=
bin
.
peekByte
();
byte
tc
=
bin
.
peekByte
();
ObjectStreamClass
descriptor
;
switch
(
tc
)
{
switch
(
tc
)
{
case
TC_NULL:
case
TC_NULL:
return
(
ObjectStreamClass
)
readNull
();
descriptor
=
(
ObjectStreamClass
)
readNull
();
break
;
case
TC_REFERENCE:
case
TC_REFERENCE:
return
(
ObjectStreamClass
)
readHandle
(
unshared
);
descriptor
=
(
ObjectStreamClass
)
readHandle
(
unshared
);
break
;
case
TC_PROXYCLASSDESC:
case
TC_PROXYCLASSDESC:
return
readProxyDesc
(
unshared
);
descriptor
=
readProxyDesc
(
unshared
);
break
;
case
TC_CLASSDESC:
case
TC_CLASSDESC:
return
readNonProxyDesc
(
unshared
);
descriptor
=
readNonProxyDesc
(
unshared
);
break
;
default
:
default
:
throw
new
StreamCorruptedException
(
throw
new
StreamCorruptedException
(
String
.
format
(
"invalid type code: %02X"
,
tc
));
String
.
format
(
"invalid type code: %02X"
,
tc
));
}
}
if
(
descriptor
!=
null
)
{
validateDescriptor
(
descriptor
);
}
return
descriptor
;
}
}
private
boolean
isCustomSubclass
()
{
private
boolean
isCustomSubclass
()
{
...
@@ -1922,7 +1929,7 @@ public class ObjectInputStream
...
@@ -1922,7 +1929,7 @@ public class ObjectInputStream
defaultDataEnd
=
false
;
defaultDataEnd
=
false
;
}
else
{
}
else
{
defaultReadFields
(
obj
,
slotDesc
);
defaultReadFields
(
obj
,
slotDesc
);
}
}
if
(
slotDesc
.
hasWriteObjectData
())
{
if
(
slotDesc
.
hasWriteObjectData
())
{
skipCustomData
();
skipCustomData
();
...
@@ -1938,7 +1945,7 @@ public class ObjectInputStream
...
@@ -1938,7 +1945,7 @@ public class ObjectInputStream
}
}
}
}
}
}
}
}
/**
/**
* Skips over all block data and objects until TC_ENDBLOCKDATA is
* Skips over all block data and objects until TC_ENDBLOCKDATA is
...
@@ -1986,27 +1993,27 @@ public class ObjectInputStream
...
@@ -1986,27 +1993,27 @@ public class ObjectInputStream
if
(
primVals
==
null
||
primVals
.
length
<
primDataSize
)
{
if
(
primVals
==
null
||
primVals
.
length
<
primDataSize
)
{
primVals
=
new
byte
[
primDataSize
];
primVals
=
new
byte
[
primDataSize
];
}
}
bin
.
readFully
(
primVals
,
0
,
primDataSize
,
false
);
bin
.
readFully
(
primVals
,
0
,
primDataSize
,
false
);
if
(
obj
!=
null
)
{
if
(
obj
!=
null
)
{
desc
.
setPrimFieldValues
(
obj
,
primVals
);
desc
.
setPrimFieldValues
(
obj
,
primVals
);
}
}
int
objHandle
=
passHandle
;
int
objHandle
=
passHandle
;
ObjectStreamField
[]
fields
=
desc
.
getFields
(
false
);
ObjectStreamField
[]
fields
=
desc
.
getFields
(
false
);
Object
[]
objVals
=
new
Object
[
desc
.
getNumObjFields
()];
Object
[]
objVals
=
new
Object
[
desc
.
getNumObjFields
()];
int
numPrimFields
=
fields
.
length
-
objVals
.
length
;
int
numPrimFields
=
fields
.
length
-
objVals
.
length
;
for
(
int
i
=
0
;
i
<
objVals
.
length
;
i
++)
{
for
(
int
i
=
0
;
i
<
objVals
.
length
;
i
++)
{
ObjectStreamField
f
=
fields
[
numPrimFields
+
i
];
ObjectStreamField
f
=
fields
[
numPrimFields
+
i
];
objVals
[
i
]
=
readObject0
(
f
.
isUnshared
());
objVals
[
i
]
=
readObject0
(
f
.
isUnshared
());
if
(
f
.
getField
()
!=
null
)
{
if
(
f
.
getField
()
!=
null
)
{
handles
.
markDependency
(
objHandle
,
passHandle
);
handles
.
markDependency
(
objHandle
,
passHandle
);
}
}
}
}
if
(
obj
!=
null
)
{
if
(
obj
!=
null
)
{
desc
.
setObjFieldValues
(
obj
,
objVals
);
desc
.
setObjFieldValues
(
obj
,
objVals
);
}
}
passHandle
=
objHandle
;
passHandle
=
objHandle
;
}
}
/**
/**
* Reads in and returns IOException that caused serialization to abort.
* Reads in and returns IOException that caused serialization to abort.
...
@@ -3543,4 +3550,20 @@ public class ObjectInputStream
...
@@ -3543,4 +3550,20 @@ public class ObjectInputStream
}
}
}
}
private
void
validateDescriptor
(
ObjectStreamClass
descriptor
)
{
ObjectStreamClassValidator
validating
=
validator
;
if
(
validating
!=
null
)
{
validating
.
validateDescriptor
(
descriptor
);
}
}
// controlled access to ObjectStreamClassValidator
private
volatile
ObjectStreamClassValidator
validator
;
private
static
void
setValidator
(
ObjectInputStream
ois
,
ObjectStreamClassValidator
validator
)
{
ois
.
validator
=
validator
;
}
static
{
SharedSecrets
.
setJavaObjectInputStreamAccess
(
ObjectInputStream:
:
setValidator
);
}
}
}
src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
浏览文件 @
3b4d8ca9
/*
/*
* Copyright (c) 2002, 20
07
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 20
16
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -39,6 +39,12 @@ import javax.security.auth.Subject;
...
@@ -39,6 +39,12 @@ import javax.security.auth.Subject;
import
com.sun.jmx.remote.internal.RMIExporter
;
import
com.sun.jmx.remote.internal.RMIExporter
;
import
com.sun.jmx.remote.util.EnvHelp
;
import
com.sun.jmx.remote.util.EnvHelp
;
import
java.io.ObjectStreamClass
;
import
java.lang.reflect.Method
;
import
java.util.ArrayList
;
import
java.util.List
;
import
sun.reflect.misc.ReflectUtil
;
import
sun.rmi.server.DeserializationChecker
;
import
sun.rmi.server.UnicastServerRef
;
import
sun.rmi.server.UnicastServerRef
;
import
sun.rmi.server.UnicastServerRef2
;
import
sun.rmi.server.UnicastServerRef2
;
...
@@ -52,6 +58,9 @@ import sun.rmi.server.UnicastServerRef2;
...
@@ -52,6 +58,9 @@ import sun.rmi.server.UnicastServerRef2;
* @since 1.5
* @since 1.5
*/
*/
public
class
RMIJRMPServerImpl
extends
RMIServerImpl
{
public
class
RMIJRMPServerImpl
extends
RMIServerImpl
{
private
final
ExportedWrapper
exportedWrapper
;
/**
/**
* <p>Creates a new {@link RMIServer} object that will be exported
* <p>Creates a new {@link RMIServer} object that will be exported
* on the given port using the given socket factories.</p>
* on the given port using the given socket factories.</p>
...
@@ -89,10 +98,31 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
...
@@ -89,10 +98,31 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
this
.
csf
=
csf
;
this
.
csf
=
csf
;
this
.
ssf
=
ssf
;
this
.
ssf
=
ssf
;
this
.
env
=
(
env
==
null
)
?
Collections
.<
String
,
Object
>
emptyMap
()
:
env
;
this
.
env
=
(
env
==
null
)
?
Collections
.<
String
,
Object
>
emptyMap
()
:
env
;
String
[]
credentialsTypes
=
(
String
[])
this
.
env
.
get
(
EnvHelp
.
CREDENTIAL_TYPES
);
List
<
String
>
types
=
null
;
if
(
credentialsTypes
!=
null
)
{
types
=
new
ArrayList
<>();
for
(
String
type
:
credentialsTypes
)
{
if
(
type
==
null
)
{
throw
new
IllegalArgumentException
(
"A credential type is null."
);
}
ReflectUtil
.
checkPackageAccess
(
type
);
types
.
add
(
type
);
}
}
exportedWrapper
=
types
!=
null
?
new
ExportedWrapper
(
this
,
types
)
:
null
;
}
}
protected
void
export
()
throws
IOException
{
protected
void
export
()
throws
IOException
{
export
(
this
);
if
(
exportedWrapper
!=
null
)
{
export
(
exportedWrapper
);
}
else
{
export
(
this
);
}
}
}
private
void
export
(
Remote
obj
)
throws
RemoteException
{
private
void
export
(
Remote
obj
)
throws
RemoteException
{
...
@@ -142,7 +172,11 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
...
@@ -142,7 +172,11 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
* RMIJRMPServerImpl has not been exported yet.
* RMIJRMPServerImpl has not been exported yet.
*/
*/
public
Remote
toStub
()
throws
IOException
{
public
Remote
toStub
()
throws
IOException
{
return
RemoteObject
.
toStub
(
this
);
if
(
exportedWrapper
!=
null
)
{
return
RemoteObject
.
toStub
(
exportedWrapper
);
}
else
{
return
RemoteObject
.
toStub
(
this
);
}
}
}
/**
/**
...
@@ -189,11 +223,56 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
...
@@ -189,11 +223,56 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
* server failed.
* server failed.
*/
*/
protected
void
closeServer
()
throws
IOException
{
protected
void
closeServer
()
throws
IOException
{
unexport
(
this
,
true
);
if
(
exportedWrapper
!=
null
)
{
unexport
(
exportedWrapper
,
true
);
}
else
{
unexport
(
this
,
true
);
}
}
}
private
final
int
port
;
private
final
int
port
;
private
final
RMIClientSocketFactory
csf
;
private
final
RMIClientSocketFactory
csf
;
private
final
RMIServerSocketFactory
ssf
;
private
final
RMIServerSocketFactory
ssf
;
private
final
Map
<
String
,
?>
env
;
private
final
Map
<
String
,
?>
env
;
private
static
class
ExportedWrapper
implements
RMIServer
,
DeserializationChecker
{
private
final
RMIServer
impl
;
private
final
List
<
String
>
allowedTypes
;
private
ExportedWrapper
(
RMIServer
impl
,
List
<
String
>
credentialsTypes
)
{
this
.
impl
=
impl
;
allowedTypes
=
credentialsTypes
;
}
@Override
public
String
getVersion
()
throws
RemoteException
{
return
impl
.
getVersion
();
}
@Override
public
RMIConnection
newClient
(
Object
credentials
)
throws
IOException
{
return
impl
.
newClient
(
credentials
);
}
@Override
public
void
check
(
Method
method
,
ObjectStreamClass
descriptor
,
int
paramIndex
,
int
callID
)
{
String
type
=
descriptor
.
getName
();
if
(!
allowedTypes
.
contains
(
type
))
{
throw
new
ClassCastException
(
"Unsupported type: "
+
type
);
}
}
@Override
public
void
checkProxyClass
(
Method
method
,
String
[]
ifaces
,
int
paramIndex
,
int
callID
)
{
if
(
ifaces
!=
null
&&
ifaces
.
length
>
0
)
{
for
(
String
iface
:
ifaces
)
{
if
(!
allowedTypes
.
contains
(
iface
))
{
throw
new
ClassCastException
(
"Unsupported type: "
+
iface
);
}
}
}
}
}
}
}
src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
浏览文件 @
3b4d8ca9
/*
/*
* Copyright (c) 2003, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -46,7 +46,6 @@ import java.security.KeyStore;
...
@@ -46,7 +46,6 @@ import java.security.KeyStore;
import
java.security.Principal
;
import
java.security.Principal
;
import
java.util.HashMap
;
import
java.util.HashMap
;
import
java.util.HashSet
;
import
java.util.HashSet
;
import
java.util.Iterator
;
import
java.util.Map
;
import
java.util.Map
;
import
java.util.Properties
;
import
java.util.Properties
;
import
java.util.Set
;
import
java.util.Set
;
...
@@ -68,6 +67,7 @@ import javax.security.auth.Subject;
...
@@ -68,6 +67,7 @@ import javax.security.auth.Subject;
import
com.sun.jmx.remote.internal.RMIExporter
;
import
com.sun.jmx.remote.internal.RMIExporter
;
import
com.sun.jmx.remote.security.JMXPluggableAuthenticator
;
import
com.sun.jmx.remote.security.JMXPluggableAuthenticator
;
import
com.sun.jmx.remote.util.ClassLogger
;
import
com.sun.jmx.remote.util.ClassLogger
;
import
com.sun.jmx.remote.util.EnvHelp
;
import
sun.management.Agent
;
import
sun.management.Agent
;
import
sun.management.AgentConfigurationError
;
import
sun.management.AgentConfigurationError
;
...
@@ -498,6 +498,9 @@ public final class ConnectorBootstrap {
...
@@ -498,6 +498,9 @@ public final class ConnectorBootstrap {
// This RMI server should not keep the VM alive
// This RMI server should not keep the VM alive
Map
<
String
,
Object
>
env
=
new
HashMap
<>();
Map
<
String
,
Object
>
env
=
new
HashMap
<>();
env
.
put
(
RMIExporter
.
EXPORTER_ATTRIBUTE
,
new
PermanentExporter
());
env
.
put
(
RMIExporter
.
EXPORTER_ATTRIBUTE
,
new
PermanentExporter
());
env
.
put
(
EnvHelp
.
CREDENTIAL_TYPES
,
new
String
[]{
String
[].
class
.
getName
(),
String
.
class
.
getName
()
});
// The local connector server need only be available via the
// The local connector server need only be available via the
// loopback connection.
// loopback connection.
...
@@ -726,6 +729,9 @@ public final class ConnectorBootstrap {
...
@@ -726,6 +729,9 @@ public final class ConnectorBootstrap {
PermanentExporter
exporter
=
new
PermanentExporter
();
PermanentExporter
exporter
=
new
PermanentExporter
();
env
.
put
(
RMIExporter
.
EXPORTER_ATTRIBUTE
,
exporter
);
env
.
put
(
RMIExporter
.
EXPORTER_ATTRIBUTE
,
exporter
);
env
.
put
(
EnvHelp
.
CREDENTIAL_TYPES
,
new
String
[]{
String
[].
class
.
getName
(),
String
.
class
.
getName
()
});
if
(
useAuthentication
)
{
if
(
useAuthentication
)
{
if
(
loginConfigName
!=
null
)
{
if
(
loginConfigName
!=
null
)
{
...
...
src/share/classes/sun/misc/JavaObjectInputStreamAccess.java
0 → 100644
浏览文件 @
3b4d8ca9
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
sun.misc
;
import
java.io.ObjectInputStream
;
/**
* The interface to specify methods for accessing {@code ObjectInputStream}
* @author sjiang
*/
public
interface
JavaObjectInputStreamAccess
{
/**
* Sets a descriptor validating.
* @param ois stream to have the descriptors validated
* @param validator validator used to validate a descriptor.
*/
public
void
setValidator
(
ObjectInputStream
ois
,
ObjectStreamClassValidator
validator
);
}
src/share/classes/sun/misc/ObjectStreamClassValidator.java
0 → 100644
浏览文件 @
3b4d8ca9
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
sun.misc
;
import
java.io.ObjectStreamClass
;
/**
* A callback used by {@code ObjectInputStream} to do descriptor validation.
*
* @author sjiang
*/
public
interface
ObjectStreamClassValidator
{
/**
* This method will be called by ObjectInputStream to
* check a descriptor just before creating an object described by this descriptor.
* The object will not be created if this method throws a {@code RuntimeException}.
* @param descriptor descriptor to be checked.
*/
public
void
validateDescriptor
(
ObjectStreamClass
descriptor
);
}
src/share/classes/sun/misc/SharedSecrets.java
浏览文件 @
3b4d8ca9
/*
/*
* Copyright (c) 2002, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -28,6 +28,7 @@ package sun.misc;
...
@@ -28,6 +28,7 @@ package sun.misc;
import
java.util.jar.JarFile
;
import
java.util.jar.JarFile
;
import
java.io.Console
;
import
java.io.Console
;
import
java.io.FileDescriptor
;
import
java.io.FileDescriptor
;
import
java.io.ObjectInputStream
;
import
java.security.ProtectionDomain
;
import
java.security.ProtectionDomain
;
import
java.security.AccessController
;
import
java.security.AccessController
;
...
@@ -55,6 +56,7 @@ public class SharedSecrets {
...
@@ -55,6 +56,7 @@ public class SharedSecrets {
private
static
JavaSecurityAccess
javaSecurityAccess
;
private
static
JavaSecurityAccess
javaSecurityAccess
;
private
static
JavaUtilZipFileAccess
javaUtilZipFileAccess
;
private
static
JavaUtilZipFileAccess
javaUtilZipFileAccess
;
private
static
JavaAWTAccess
javaAWTAccess
;
private
static
JavaAWTAccess
javaAWTAccess
;
private
static
JavaObjectInputStreamAccess
javaObjectInputStreamAccess
;
public
static
JavaUtilJarAccess
javaUtilJarAccess
()
{
public
static
JavaUtilJarAccess
javaUtilJarAccess
()
{
if
(
javaUtilJarAccess
==
null
)
{
if
(
javaUtilJarAccess
==
null
)
{
...
@@ -184,4 +186,15 @@ public class SharedSecrets {
...
@@ -184,4 +186,15 @@ public class SharedSecrets {
}
}
return
javaAWTAccess
;
return
javaAWTAccess
;
}
}
public
static
JavaObjectInputStreamAccess
getJavaObjectInputStreamAccess
()
{
if
(
javaObjectInputStreamAccess
==
null
)
{
unsafe
.
ensureClassInitialized
(
ObjectInputStream
.
class
);
}
return
javaObjectInputStreamAccess
;
}
public
static
void
setJavaObjectInputStreamAccess
(
JavaObjectInputStreamAccess
access
)
{
javaObjectInputStreamAccess
=
access
;
}
}
}
src/share/classes/sun/rmi/server/DeserializationChecker.java
0 → 100644
浏览文件 @
3b4d8ca9
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
sun.rmi.server
;
import
java.io.ObjectStreamClass
;
import
java.lang.reflect.Method
;
/**
* Implementing this interface to have a deserialization control when RMI
* dispatches a remote request. If an exported object implements this interface,
* RMI dispatching mechanism will call the method {@code check} every time
* deserialising a remote object for invoking a method of the exported object.
*
* @author sjiang
*/
public
interface
DeserializationChecker
{
/**
* Will be called to check a descriptor.
* This method may be called 2 times, the first time is when a descriptor is read
* from the stream, the second is just before creating an object described
* by this descriptor.
*
* @param method the method invoked from a remote request.
* @param descriptor The descriptor of the class of any object deserialised
* while deserialising the parameter. The first descriptor will be that of
* the top level object (the concrete class of the parameter itself);
* Subsequent calls with the same {@code method}, {@code paramIndex} and
* {@code callID} will correspond to objects contained in the parameter.
* @param paramIndex an index indicates the position of a parameter in the
* method. This index will be reused for deserialising all
* objects contained in the parameter object. For example, the parameter
* being deserialised is a {@code List}, all deserialisation calls for its
* elements will have same index.
* @param callID a unique ID identifying one
* time method invocation, the same ID is used for deserialization call of
* all parameters within the method.
*/
public
void
check
(
Method
method
,
ObjectStreamClass
descriptor
,
int
paramIndex
,
int
callID
);
/**
* Will be called to validate a Proxy interfaces from a remote user before loading it.
* @param method the method invoked from a remote request.
* @param ifaces a string table of all interfaces implemented by the proxy to be checked.
* @param paramIndex an index indicates the position of a parameter in the
* method. This index will be reused for deserialising all
* objects contained in the parameter object. For example, the parameter
* being deserialised is a {@code List}, all deserialisation calls for its
* elements will have same index.
* @param callID a unique ID identifying one
* time method invocation, the same ID is used for deserialization call of
* all parameters within the method.
*/
public
void
checkProxyClass
(
Method
method
,
String
[]
ifaces
,
int
paramIndex
,
int
callID
);
/**
* Inform of the completion of parameter deserialisation for a method invocation.
* This is useful if the last parameter is a complex object, like a {@code List}
* which elements are complex object too.
*
* The default implementation does nothing.
* @param callID the ID identifying a method invocation.
*/
public
default
void
end
(
int
callID
)
{}
}
src/share/classes/sun/rmi/server/MarshalInputStream.java
浏览文件 @
3b4d8ca9
/*
/*
* Copyright (c) 1996, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -30,12 +30,12 @@ import java.io.InputStream;
...
@@ -30,12 +30,12 @@ import java.io.InputStream;
import
java.io.ObjectInputStream
;
import
java.io.ObjectInputStream
;
import
java.io.ObjectStreamClass
;
import
java.io.ObjectStreamClass
;
import
java.io.StreamCorruptedException
;
import
java.io.StreamCorruptedException
;
import
java.net.URL
;
import
java.util.*
;
import
java.util.*
;
import
java.security.AccessControlException
;
import
java.security.AccessControlException
;
import
java.security.Permission
;
import
java.security.Permission
;
import
java.rmi.server.RMIClassLoader
;
import
java.rmi.server.RMIClassLoader
;
import
sun.misc.ObjectStreamClassValidator
;
import
sun.misc.SharedSecrets
;
/**
/**
* MarshalInputStream is an extension of ObjectInputStream. When resolving
* MarshalInputStream is an extension of ObjectInputStream. When resolving
...
@@ -53,6 +53,11 @@ import java.rmi.server.RMIClassLoader;
...
@@ -53,6 +53,11 @@ import java.rmi.server.RMIClassLoader;
* @author Peter Jones
* @author Peter Jones
*/
*/
public
class
MarshalInputStream
extends
ObjectInputStream
{
public
class
MarshalInputStream
extends
ObjectInputStream
{
interface
StreamChecker
extends
ObjectStreamClassValidator
{
void
checkProxyInterfaceNames
(
String
[]
ifaces
);
}
private
volatile
StreamChecker
streamChecker
=
null
;
/**
/**
* Value of "java.rmi.server.useCodebaseOnly" property,
* Value of "java.rmi.server.useCodebaseOnly" property,
...
@@ -122,7 +127,7 @@ public class MarshalInputStream extends ObjectInputStream {
...
@@ -122,7 +127,7 @@ public class MarshalInputStream extends ObjectInputStream {
throws
IOException
,
StreamCorruptedException
throws
IOException
,
StreamCorruptedException
{
{
super
(
in
);
super
(
in
);
}
}
/**
/**
* Returns a callback previously registered via the setDoneCallback
* Returns a callback previously registered via the setDoneCallback
...
@@ -239,6 +244,11 @@ public class MarshalInputStream extends ObjectInputStream {
...
@@ -239,6 +244,11 @@ public class MarshalInputStream extends ObjectInputStream {
protected
Class
<?>
resolveProxyClass
(
String
[]
interfaces
)
protected
Class
<?>
resolveProxyClass
(
String
[]
interfaces
)
throws
IOException
,
ClassNotFoundException
throws
IOException
,
ClassNotFoundException
{
{
StreamChecker
checker
=
streamChecker
;
if
(
checker
!=
null
)
{
checker
.
checkProxyInterfaceNames
(
interfaces
);
}
/*
/*
* Always read annotation written by MarshalOutputStream.
* Always read annotation written by MarshalOutputStream.
*/
*/
...
@@ -318,4 +328,28 @@ public class MarshalInputStream extends ObjectInputStream {
...
@@ -318,4 +328,28 @@ public class MarshalInputStream extends ObjectInputStream {
void
useCodebaseOnly
()
{
void
useCodebaseOnly
()
{
useCodebaseOnly
=
true
;
useCodebaseOnly
=
true
;
}
}
synchronized
void
setStreamChecker
(
StreamChecker
checker
)
{
streamChecker
=
checker
;
SharedSecrets
.
getJavaObjectInputStreamAccess
().
setValidator
(
this
,
checker
);
}
@Override
protected
ObjectStreamClass
readClassDescriptor
()
throws
IOException
,
ClassNotFoundException
{
ObjectStreamClass
descriptor
=
super
.
readClassDescriptor
();
validateDesc
(
descriptor
);
return
descriptor
;
}
private
void
validateDesc
(
ObjectStreamClass
descriptor
)
{
StreamChecker
checker
;
synchronized
(
this
)
{
checker
=
streamChecker
;
}
if
(
checker
!=
null
)
{
checker
.
validateDescriptor
(
descriptor
);
}
}
}
}
src/share/classes/sun/rmi/server/UnicastServerRef.java
浏览文件 @
3b4d8ca9
/*
/*
* Copyright (c) 1996, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -28,7 +28,7 @@ package sun.rmi.server;
...
@@ -28,7 +28,7 @@ package sun.rmi.server;
import
java.io.IOException
;
import
java.io.IOException
;
import
java.io.ObjectInput
;
import
java.io.ObjectInput
;
import
java.io.ObjectOutput
;
import
java.io.ObjectOutput
;
import
java.io.
PrintStream
;
import
java.io.
ObjectStreamClass
;
import
java.lang.reflect.InvocationTargetException
;
import
java.lang.reflect.InvocationTargetException
;
import
java.lang.reflect.Method
;
import
java.lang.reflect.Method
;
import
java.rmi.MarshalException
;
import
java.rmi.MarshalException
;
...
@@ -52,7 +52,9 @@ import java.util.Date;
...
@@ -52,7 +52,9 @@ import java.util.Date;
import
java.util.HashMap
;
import
java.util.HashMap
;
import
java.util.Map
;
import
java.util.Map
;
import
java.util.WeakHashMap
;
import
java.util.WeakHashMap
;
import
java.util.concurrent.atomic.AtomicInteger
;
import
sun.rmi.runtime.Log
;
import
sun.rmi.runtime.Log
;
import
static
sun
.
rmi
.
server
.
UnicastRef
.
marshalValue
;
import
sun.rmi.transport.LiveRef
;
import
sun.rmi.transport.LiveRef
;
import
sun.rmi.transport.Target
;
import
sun.rmi.transport.Target
;
import
sun.rmi.transport.tcp.TCPTransport
;
import
sun.rmi.transport.tcp.TCPTransport
;
...
@@ -118,6 +120,8 @@ public class UnicastServerRef extends UnicastRef
...
@@ -118,6 +120,8 @@ public class UnicastServerRef extends UnicastRef
private
static
final
Map
<
Class
<?>,?>
withoutSkeletons
=
private
static
final
Map
<
Class
<?>,?>
withoutSkeletons
=
Collections
.
synchronizedMap
(
new
WeakHashMap
<
Class
<?>,
Void
>());
Collections
.
synchronizedMap
(
new
WeakHashMap
<
Class
<?>,
Void
>());
private
final
AtomicInteger
methodCallIDCount
=
new
AtomicInteger
(
0
);
/**
/**
* Create a new (empty) Unicast server remote reference.
* Create a new (empty) Unicast server remote reference.
*/
*/
...
@@ -299,14 +303,11 @@ public class UnicastServerRef extends UnicastRef
...
@@ -299,14 +303,11 @@ public class UnicastServerRef extends UnicastRef
logCall
(
obj
,
method
);
logCall
(
obj
,
method
);
// unmarshal parameters
// unmarshal parameters
Class
<?>[]
types
=
method
.
getParameterTypes
();
Object
[]
params
=
null
;
Object
[]
params
=
new
Object
[
types
.
length
];
try
{
try
{
unmarshalCustomCallData
(
in
);
unmarshalCustomCallData
(
in
);
for
(
int
i
=
0
;
i
<
types
.
length
;
i
++)
{
params
=
unmarshalParameters
(
obj
,
method
,
marshalStream
);
params
[
i
]
=
unmarshalValue
(
types
[
i
],
in
);
}
}
catch
(
java
.
io
.
IOException
e
)
{
}
catch
(
java
.
io
.
IOException
e
)
{
throw
new
UnmarshalException
(
throw
new
UnmarshalException
(
"error unmarshalling arguments"
,
e
);
"error unmarshalling arguments"
,
e
);
...
@@ -567,4 +568,85 @@ public class UnicastServerRef extends UnicastRef
...
@@ -567,4 +568,85 @@ public class UnicastServerRef extends UnicastRef
return
map
;
return
map
;
}
}
}
}
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Perform any necessary checks.
*/
private
Object
[]
unmarshalParameters
(
Object
obj
,
Method
method
,
MarshalInputStream
in
)
throws
IOException
,
ClassNotFoundException
{
return
(
obj
instanceof
DeserializationChecker
)
?
unmarshalParametersChecked
((
DeserializationChecker
)
obj
,
method
,
in
)
:
unmarshalParametersUnchecked
(
method
,
in
);
}
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Do not perform any additional checks.
*/
private
Object
[]
unmarshalParametersUnchecked
(
Method
method
,
ObjectInput
in
)
throws
IOException
,
ClassNotFoundException
{
Class
<?>[]
types
=
method
.
getParameterTypes
();
Object
[]
params
=
new
Object
[
types
.
length
];
for
(
int
i
=
0
;
i
<
types
.
length
;
i
++)
{
params
[
i
]
=
unmarshalValue
(
types
[
i
],
in
);
}
return
params
;
}
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Do perform all additional checks.
*/
private
Object
[]
unmarshalParametersChecked
(
DeserializationChecker
checker
,
Method
method
,
MarshalInputStream
in
)
throws
IOException
,
ClassNotFoundException
{
int
callID
=
methodCallIDCount
.
getAndIncrement
();
MyChecker
myChecker
=
new
MyChecker
(
checker
,
method
,
callID
);
in
.
setStreamChecker
(
myChecker
);
try
{
Class
<?>[]
types
=
method
.
getParameterTypes
();
Object
[]
values
=
new
Object
[
types
.
length
];
for
(
int
i
=
0
;
i
<
types
.
length
;
i
++)
{
myChecker
.
setIndex
(
i
);
values
[
i
]
=
unmarshalValue
(
types
[
i
],
in
);
}
myChecker
.
end
(
callID
);
return
values
;
}
finally
{
in
.
setStreamChecker
(
null
);
}
}
private
static
class
MyChecker
implements
MarshalInputStream
.
StreamChecker
{
private
final
DeserializationChecker
descriptorCheck
;
private
final
Method
method
;
private
final
int
callID
;
private
int
parameterIndex
;
MyChecker
(
DeserializationChecker
descriptorCheck
,
Method
method
,
int
callID
)
{
this
.
descriptorCheck
=
descriptorCheck
;
this
.
method
=
method
;
this
.
callID
=
callID
;
}
@Override
public
void
validateDescriptor
(
ObjectStreamClass
descriptor
)
{
descriptorCheck
.
check
(
method
,
descriptor
,
parameterIndex
,
callID
);
}
@Override
public
void
checkProxyInterfaceNames
(
String
[]
ifaces
)
{
descriptorCheck
.
checkProxyClass
(
method
,
ifaces
,
parameterIndex
,
callID
);
}
void
setIndex
(
int
parameterIndex
)
{
this
.
parameterIndex
=
parameterIndex
;
}
void
end
(
int
callId
)
{
descriptorCheck
.
end
(
callId
);
}
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录