From 678b1eff97159e0156e697130d35b0eb8334bc94 Mon Sep 17 00:00:00 2001
From: dsamersoff <unknown>
Date: Mon, 8 Jul 2013 16:15:39 +0400
Subject: [PATCH] 8008589: Better MBean permission validation Summary: Better
 MBean permission validation Reviewed-by: skoivu, dfuchs, mchung, sjiang

---
 .../management/MBeanTrustPermission.java      | 31 +++++++++++++++----
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/src/share/classes/javax/management/MBeanTrustPermission.java b/src/share/classes/javax/management/MBeanTrustPermission.java
index 040f0ddd6..605201a9f 100644
--- a/src/share/classes/javax/management/MBeanTrustPermission.java
+++ b/src/share/classes/javax/management/MBeanTrustPermission.java
@@ -26,6 +26,9 @@
 package javax.management;
 
 import java.security.BasicPermission;
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 
 /**
  * This permission represents "trust" in a signer or codebase.
@@ -75,15 +78,31 @@ public class MBeanTrustPermission extends BasicPermission {
      */
     public MBeanTrustPermission(String name, String actions) {
         super(name, actions);
+        validate(name,actions);
+    }
+
+    private static void validate(String name, String actions) {
         /* Check that actions is a null empty string */
-        if (actions != null && actions.length() > 0)
-            throw new IllegalArgumentException("MBeanTrustPermission " +
-                                               "actions must be null: " +
+        if (actions != null && actions.length() > 0) {
+            throw new IllegalArgumentException("MBeanTrustPermission actions must be null: " +
                                                actions);
+        }
 
-        if (!name.equals("register") && !name.equals("*"))
-            throw new IllegalArgumentException("MBeanTrustPermission: " +
-                                               "Unknown target name " +
+        if (!name.equals("register") && !name.equals("*")) {
+            throw new IllegalArgumentException("MBeanTrustPermission: Unknown target name " +
                                                "[" + name + "]");
+        }
+    }
+
+    private void readObject(ObjectInputStream in)
+         throws IOException, ClassNotFoundException {
+
+        // Reading private fields of base class
+        in.defaultReadObject();
+        try {
+            validate(super.getName(),super.getActions());
+        } catch (IllegalArgumentException e) {
+            throw new InvalidObjectException(e.getMessage());
+        }
     }
 }
-- 
GitLab