Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 61126748 编写于 作者: D dfuchs
浏览文件
操作

8006446: Restrict MBeanServer access 

Reviewed-by: alanb, mchung, darcy, jrose, ahgross, skoivu
上级 6fdc9ba8
隐藏空白更改
内联 并排
Showing with 67 addition and 35 deletion
src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java
浏览文件 @ 61126748
......@@ -36,6 +36,7 @@ import java.util.logging.Level;
import javax.management.ObjectName;
import javax.management.loading.PrivateClassLoader;
import sun.reflect.misc.ReflectUtil;
/**
* This class keeps the list of Class Loaders registered in the MBean Server.
......@@ -192,6 +193,7 @@ final class ClassLoaderRepositorySupport
final ClassLoader without,
final ClassLoader stop)
throws ClassNotFoundException {
ReflectUtil.checkPackageAccess(className);
final int size = list.length;
for(int i=0; i<size; i++) {
try {
......
src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
浏览文件 @ 61126748
......@@ -51,6 +51,7 @@ import javax.management.MBeanPermission;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.MBeanServerDelegate;
import javax.management.MBeanServerPermission;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
import javax.management.NotificationListener;
......@@ -1409,6 +1410,8 @@ public final class JmxMBeanServer
// Default is true.
final boolean fairLock = DEFAULT_FAIR_LOCK_POLICY;
checkNewMBeanServerPermission();
// This constructor happens to disregard the value of the interceptors
// flag - that is, it always uses the default value - false.
// This is admitedly a bug, but we chose not to fix it for now
......@@ -1494,4 +1497,11 @@ public final class JmxMBeanServer
}
}
private static void checkNewMBeanServerPermission() {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
Permission perm = new MBeanServerPermission("newMBeanServer");
sm.checkPermission(perm);
}
}
}
src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
浏览文件 @ 61126748
......@@ -32,11 +32,13 @@ import java.io.IOException;
import java.io.ObjectInputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.Permission;
import java.util.Map;
import java.util.logging.Level;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanException;
import javax.management.MBeanPermission;
import javax.management.NotCompliantMBeanException;
import javax.management.ObjectName;
import javax.management.OperationsException;
......@@ -44,7 +46,7 @@ import javax.management.ReflectionException;
import javax.management.RuntimeErrorException;
import javax.management.RuntimeMBeanException;
import javax.management.RuntimeOperationsException;
import sun.reflect.misc.ConstructorUtil;
import sun.reflect.misc.ReflectUtil;
/**
......@@ -56,7 +58,6 @@ import sun.reflect.misc.ReflectUtil;
* @since 1.5
*/
public class MBeanInstantiator {
private final ModifiableClassLoaderRepository clr;
// private MetaData meta = null;
......@@ -88,6 +89,7 @@ public class MBeanInstantiator {
"Exception occurred during object instantiation");
}
ReflectUtil.checkPackageAccess(className);
try {
if (clr == null) throw new ClassNotFoundException(className);
theClass = clr.loadClass(className);
......@@ -162,6 +164,7 @@ public class MBeanInstantiator {
continue;
}
ReflectUtil.checkPackageAccess(signature[i]);
// Ok we do not have a primitive type ! We need to build
// the signature of the method
//
......@@ -205,6 +208,9 @@ public class MBeanInstantiator {
*/
public Object instantiate(Class<?> theClass)
throws ReflectionException, MBeanException {
checkMBeanPermission(theClass, null, null, "instantiate");
Object moi;
......@@ -260,6 +266,9 @@ public class MBeanInstantiator {
public Object instantiate(Class<?> theClass, Object params[],
String signature[], ClassLoader loader)
throws ReflectionException, MBeanException {
checkMBeanPermission(theClass, null, null, "instantiate");
// Instantiate the new object
// ------------------------------
......@@ -407,6 +416,8 @@ public class MBeanInstantiator {
throw new RuntimeOperationsException(new
IllegalArgumentException(), "Null className passed in parameter");
}
ReflectUtil.checkPackageAccess(className);
Class<?> theClass;
if (loaderName == null) {
// Load the class using the agent class loader
......@@ -619,13 +630,13 @@ public class MBeanInstantiator {
**/
static Class<?> loadClass(String className, ClassLoader loader)
throws ReflectionException {
Class<?> theClass;
if (className == null) {
throw new RuntimeOperationsException(new
IllegalArgumentException("The class name cannot be null"),
"Exception occurred during object instantiation");
}
ReflectUtil.checkPackageAccess(className);
try {
if (loader == null)
loader = MBeanInstantiator.class.getClassLoader();
......@@ -676,6 +687,7 @@ public class MBeanInstantiator {
// We need to load the class through the class
// loader of the target object.
//
ReflectUtil.checkPackageAccess(signature[i]);
tab[i] = Class.forName(signature[i], false, aLoader);
}
} catch (ClassNotFoundException e) {
......@@ -701,7 +713,7 @@ public class MBeanInstantiator {
private Constructor<?> findConstructor(Class<?> c, Class<?>[] params) {
try {
return c.getConstructor(params);
return ConstructorUtil.getConstructor(c, params);
} catch (Exception e) {
return null;
}
......@@ -715,4 +727,18 @@ public class MBeanInstantiator {
char.class, boolean.class})
primitiveClasses.put(c.getName(), c);
}
private static void checkMBeanPermission(Class<?> clazz,
String member,
ObjectName objectName,
String actions) {
SecurityManager sm = System.getSecurityManager();
if (clazz != null && sm != null) {
Permission perm = new MBeanPermission(clazz.getName(),
member,
objectName,
actions);
sm.checkPermission(perm);
}
}
}
src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java
浏览文件 @ 61126748
......@@ -38,6 +38,7 @@ import javax.management.NotCompliantMBeanException;
import javax.management.ObjectName;
import javax.management.ReflectionException;
import com.sun.jmx.mbeanserver.MXBeanMappingFactory;
import sun.reflect.misc.ReflectUtil;
/**
* Base class for MBeans. There is one instance of this class for
......@@ -131,6 +132,7 @@ public abstract class MBeanSupport<M>
" is not an instance of " + mbeanInterfaceType.getName();
throw new NotCompliantMBeanException(msg);
}
ReflectUtil.checkPackageAccess(mbeanInterfaceType);
this.resource = resource;
MBeanIntrospector<M> introspector = getMBeanIntrospector();
this.perInterface = introspector.getPerInterface(mbeanInterfaceType);
......
src/share/classes/java/lang/management/ManagementFactory.java
浏览文件 @ 61126748
......@@ -802,20 +802,20 @@ public class ManagementFactory {
*/
private static void addMXBean(final MBeanServer mbs, final PlatformManagedObject pmo) {
// Make DynamicMBean out of MXBean by wrapping it with a StandardMBean
final DynamicMBean dmbean;
if (pmo instanceof DynamicMBean) {
dmbean = DynamicMBean.class.cast(pmo);
} else if (pmo instanceof NotificationEmitter) {
dmbean = new StandardEmitterMBean(pmo, null, true, (NotificationEmitter) pmo);
} else {
dmbean = new StandardMBean(pmo, null, true);
}
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws InstanceAlreadyExistsException,
MBeanRegistrationException,
NotCompliantMBeanException {
final DynamicMBean dmbean;
if (pmo instanceof DynamicMBean) {
dmbean = DynamicMBean.class.cast(pmo);
} else if (pmo instanceof NotificationEmitter) {
dmbean = new StandardEmitterMBean(pmo, null, true, (NotificationEmitter) pmo);
} else {
dmbean = new StandardMBean(pmo, null, true);
}
mbs.registerMBean(dmbean, pmo.getObjectName());
return null;
}
......
src/share/lib/security/java.security-linux
浏览文件 @ 61126748
......@@ -151,8 +151,7 @@ package.access=sun.,\
com.sun.xml.internal.ws.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.defaults.,\
com.sun.jmx.remote.util.,\
com.sun.jmx.,\
com.sun.proxy.,\
com.sun.org.apache.xerces.internal.utils.,\
com.sun.org.apache.xalan.internal.utils.,\
......@@ -176,8 +175,7 @@ package.definition=sun.,\
com.sun.xml.internal.ws.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.defaults.,\
com.sun.jmx.remote.util.,\
com.sun.jmx.,\
com.sun.proxy.,\
com.sun.org.apache.xerces.internal.utils.,\
com.sun.org.apache.xalan.internal.utils.,\
......
src/share/lib/security/java.security-macosx
浏览文件 @ 61126748
......@@ -152,8 +152,7 @@ package.access=sun.,\
com.sun.xml.internal.ws.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.defaults.,\
com.sun.jmx.remote.util.,\
com.sun.jmx.,\
com.sun.proxy.,\
com.sun.org.apache.xerces.internal.utils.,\
com.sun.org.apache.xalan.internal.utils.,\
......@@ -178,8 +177,7 @@ package.definition=sun.,\
com.sun.xml.internal.ws.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.defaults.,\
com.sun.jmx.remote.util.,\
com.sun.jmx.,\
com.sun.proxy.,\
com.sun.org.apache.xerces.internal.utils.,\
com.sun.org.apache.xalan.internal.utils.,\
......
src/share/lib/security/java.security-solaris
浏览文件 @ 61126748
......@@ -153,8 +153,7 @@ package.access=sun.,\
com.sun.xml.internal.ws.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.defaults.,\
com.sun.jmx.remote.util.,\
com.sun.jmx.,\
com.sun.proxy.,\
com.sun.org.apache.xerces.internal.utils.,\
com.sun.org.apache.xalan.internal.utils.,\
......@@ -178,8 +177,7 @@ package.definition=sun.,\
com.sun.xml.internal.ws.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.defaults.,\
com.sun.jmx.remote.util.,\
com.sun.jmx.,\
com.sun.proxy.,\
com.sun.org.apache.xerces.internal.utils.,\
com.sun.org.apache.xalan.internal.utils.,\
......
src/share/lib/security/java.security-windows
浏览文件 @ 61126748
......@@ -152,8 +152,7 @@ package.access=sun.,\
com.sun.xml.internal.ws.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.defaults.,\
com.sun.jmx.remote.util.,\
com.sun.jmx.,\
com.sun.proxy.,\
com.sun.org.apache.xerces.internal.utils.,\
com.sun.org.apache.xalan.internal.utils.,\
......@@ -177,8 +176,7 @@ package.definition=sun.,\
com.sun.xml.internal.ws.,\
com.sun.imageio.,\
com.sun.istack.internal.,\
com.sun.jmx.defaults.,\
com.sun.jmx.remote.util.,\
com.sun.jmx.,\
com.sun.proxy.,\
com.sun.org.apache.xerces.internal.utils.,\
com.sun.org.apache.xalan.internal.utils.,\
......
test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java
浏览文件 @ 61126748
......@@ -119,9 +119,6 @@ public class SubjectDelegation2Test {
System.out.println("Create SimpleStandard MBean");
SimpleStandard s = new SimpleStandard("monitorRole");
mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
// Set Security Manager
//
System.setSecurityManager(new SecurityManager());
// Create Properties containing the username/password entries
//
Properties props = new Properties();
......@@ -132,6 +129,9 @@ public class SubjectDelegation2Test {
HashMap env = new HashMap();
env.put("jmx.remote.authenticator",
new JMXPluggableAuthenticator(props));
// Set Security Manager
//
System.setSecurityManager(new SecurityManager());
// Create an RMI connector server
//
System.out.println("Create an RMI connector server");
......
test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java
浏览文件 @ 61126748
......@@ -120,9 +120,6 @@ public class SubjectDelegation3Test {
System.out.println("Create SimpleStandard MBean");
SimpleStandard s = new SimpleStandard("delegate");
mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
// Set Security Manager
//
System.setSecurityManager(new SecurityManager());
// Create Properties containing the username/password entries
//
Properties props = new Properties();
......@@ -133,6 +130,9 @@ public class SubjectDelegation3Test {
HashMap env = new HashMap();
env.put("jmx.remote.authenticator",
new JMXPluggableAuthenticator(props));
// Set Security Manager
//
System.setSecurityManager(new SecurityManager());
// Create an RMI connector server
//
System.out.println("Create an RMI connector server");
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册