From 68ec1ae5fcac7843bc9aa8b5724e5879d2639497 Mon Sep 17 00:00:00 2001
From: weijun <unknown>
Date: Wed, 14 Aug 2013 15:25:16 +0800
Subject: [PATCH] 8022931: Enhance Kerberos exceptions Reviewed-by: xuelei,
 ahgross

---
 .../javax/security/auth/kerberos/KeyTab.java   | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/share/classes/javax/security/auth/kerberos/KeyTab.java b/src/share/classes/javax/security/auth/kerberos/KeyTab.java
index 631b7d022..db815395e 100644
--- a/src/share/classes/javax/security/auth/kerberos/KeyTab.java
+++ b/src/share/classes/javax/security/auth/kerberos/KeyTab.java
@@ -26,6 +26,7 @@
 package javax.security.auth.kerberos;
 
 import java.io.File;
+import java.security.AccessControlException;
 import java.util.Objects;
 import sun.security.krb5.EncryptionKey;
 import sun.security.krb5.KerberosSecrets;
@@ -214,9 +215,22 @@ public final class KeyTab {
         return new KeyTab(princ, null, true);
     }
 
-    //Takes a snapshot of the keytab content
+    // Takes a snapshot of the keytab content. This method is called by
+    // JavaxSecurityAuthKerberosAccessImpl so no more private
     sun.security.krb5.internal.ktab.KeyTab takeSnapshot() {
-        return sun.security.krb5.internal.ktab.KeyTab.getInstance(file);
+        try {
+            return sun.security.krb5.internal.ktab.KeyTab.getInstance(file);
+        } catch (AccessControlException ace) {
+            if (file != null) {
+                // It's OK to show the name if caller specified it
+                throw ace;
+            } else {
+                AccessControlException ace2 = new AccessControlException(
+                        "Access to default keytab denied (modified exception)");
+                ace2.setStackTrace(ace.getStackTrace());
+                throw ace2;
+            }
+        }
     }
 
     /**
-- 
GitLab