diff --git a/src/share/classes/com/sun/naming/internal/VersionHelper12.java b/src/share/classes/com/sun/naming/internal/VersionHelper12.java index bf4586e7ebcf474e8fd4cd21a8e2d868eda6197e..9133c73e7a9c0394e6f7162d76d8329e281f9add 100644 --- a/src/share/classes/com/sun/naming/internal/VersionHelper12.java +++ b/src/share/classes/com/sun/naming/internal/VersionHelper12.java @@ -61,6 +61,25 @@ final class VersionHelper12 extends VersionHelper { return loadClass(className, getContextClassLoader()); } + /** + * Determines whether classes may be loaded from an arbitrary URL code base. + */ + private static final String TRUST_URL_CODEBASE_PROPERTY = + "com.sun.jndi.ldap.object.trustURLCodebase"; + private static final String trustURLCodebase = + AccessController.doPrivileged( + new PrivilegedAction() { + public String run() { + try { + return System.getProperty(TRUST_URL_CODEBASE_PROPERTY, + "false"); + } catch (SecurityException e) { + return "false"; + } + } + } + ); + /** * Package private. * @@ -79,12 +98,15 @@ final class VersionHelper12 extends VersionHelper { */ public Class loadClass(String className, String codebase) throws ClassNotFoundException, MalformedURLException { + if ("true".equalsIgnoreCase(trustURLCodebase)) { + ClassLoader parent = getContextClassLoader(); + ClassLoader cl = + URLClassLoader.newInstance(getUrlArray(codebase), parent); - ClassLoader parent = getContextClassLoader(); - ClassLoader cl = - URLClassLoader.newInstance(getUrlArray(codebase), parent); - - return loadClass(className, cl); + return loadClass(className, cl); + } else { + return null; + } } String getJndiProperty(final int i) {