diff --git a/src/share/classes/java/security/AccessControlContext.java b/src/share/classes/java/security/AccessControlContext.java index 9b5bc07225e1a3cee567aedfd5cd5be92ed869f4..1805aafcccf81591cb96cd2a2f51c630bef27218 100644 --- a/src/share/classes/java/security/AccessControlContext.java +++ b/src/share/classes/java/security/AccessControlContext.java @@ -350,6 +350,10 @@ public final class AccessControlContext { return combiner; } + boolean isAuthorized() { + return isAuthorized; + } + /** * Determines whether the access request indicated by the * specified permission should be allowed or denied, based on diff --git a/src/share/classes/java/security/AccessController.java b/src/share/classes/java/security/AccessController.java index a7d089958feae73841335d47d42f42de17c0fa41..89392261fe1621df4c70f942f5c010721920ae54 100644 --- a/src/share/classes/java/security/AccessController.java +++ b/src/share/classes/java/security/AccessController.java @@ -344,9 +344,10 @@ public final class AccessController { * If the action's {@code run} method throws an (unchecked) exception, * it will propagate through this method. *

- * If a security manager is installed and the {@code AccessControlContext} - * was not created by system code and the caller's {@code ProtectionDomain} - * has not been granted the {@literal "createAccessControlContext"} + * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} * {@link java.security.SecurityPermission}, then the action is performed * with no permissions. * @@ -384,6 +385,13 @@ public final class AccessController { *

* If the action's {@code run} method throws an (unchecked) exception, * it will propagate through this method. + *

+ * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. * * @param the type of the value returned by the PrivilegedAction's * {@code run} method. @@ -438,6 +446,13 @@ public final class AccessController { * *

This method preserves the current AccessControlContext's * DomainCombiner (which may be null) while the action is performed. + *

+ * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. * * @param the type of the value returned by the PrivilegedAction's * {@code run} method. @@ -571,8 +586,18 @@ public final class AccessController { AccessControlContext parent, AccessControlContext context, Permission[] perms) { - return new AccessControlContext(getCallerPD(caller), combiner, parent, - context, perms); + ProtectionDomain callerPD = getCallerPD(caller); + // check if caller is authorized to create context + if (context != null && !context.isAuthorized() && + System.getSecurityManager() != null && + !callerPD.impliesCreateAccessControlContext()) + { + ProtectionDomain nullPD = new ProtectionDomain(null, null); + return new AccessControlContext(new ProtectionDomain[] { nullPD }); + } else { + return new AccessControlContext(callerPD, combiner, parent, + context, perms); + } } private static ProtectionDomain getCallerPD(final Class caller) { @@ -597,9 +622,10 @@ public final class AccessController { * If the action's {@code run} method throws an unchecked * exception, it will propagate through this method. *

- * If a security manager is installed and the {@code AccessControlContext} - * was not created by system code and the caller's {@code ProtectionDomain} - * has not been granted the {@literal "createAccessControlContext"} + * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} * {@link java.security.SecurityPermission}, then the action is performed * with no permissions. * @@ -641,6 +667,13 @@ public final class AccessController { *

* If the action's {@code run} method throws an (unchecked) exception, * it will propagate through this method. + *

+ * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. * * @param the type of the value returned by the * PrivilegedExceptionAction's {@code run} method. @@ -697,6 +730,13 @@ public final class AccessController { * *

This method preserves the current AccessControlContext's * DomainCombiner (which may be null) while the action is performed. + *

+ * If a security manager is installed and the specified + * {@code AccessControlContext} was not created by system code and the + * caller's {@code ProtectionDomain} has not been granted the + * {@literal "createAccessControlContext"} + * {@link java.security.SecurityPermission}, then the action is performed + * with no permissions. * * @param the type of the value returned by the * PrivilegedExceptionAction's {@code run} method.