8008623: Better handling of MBeanServers

Reviewed-by: dfuchs, dholmes, skoivu

8008623: Better handling of MBeanServers
Reviewed-by: dfuchs, dholmes, skoivu
8918d557 · jbachorik · 5a34bb4d · 8918d557 · 8918d557 · 8918d557
3 changed file
--- a/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java
+++ b/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java
@@ -1973,8 +1973,7 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor {
         * does not add it to the list that is consulted by
         * ClassLoaderRepository.loadClass.
         */
-        final ModifiableClassLoaderRepository clr =
-                instantiator.getClassLoaderRepository();
+        final ModifiableClassLoaderRepository clr = getInstantiatorCLR();
        if (clr == null) {
            final RuntimeException wrapped =
                    new IllegalArgumentException(
@@ -2000,8 +1999,7 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor {
         * Removes the  MBean from the default loader repository.
         */
        if (loader != server.getClass().getClassLoader()) {
-            final ModifiableClassLoaderRepository clr =
-                    instantiator.getClassLoaderRepository();
+            final ModifiableClassLoaderRepository clr = getInstantiatorCLR();
            if (clr != null) {
                clr.removeClassLoader(logicalName);
            }
@@ -2060,5 +2058,12 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor {
        return ResourceContext.NONE;
    }

-
+    private ModifiableClassLoaderRepository getInstantiatorCLR() {
+        return AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() {
+            @Override
+            public ModifiableClassLoaderRepository run() {
+                return instantiator != null ? instantiator.getClassLoaderRepository() : null;
+            }
+        });
+    }
 }
--- a/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
+++ b/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
@@ -32,6 +32,7 @@ import static com.sun.jmx.defaults.JmxProperties.MBEANSERVER_LOGGER;
 import java.io.ObjectInputStream;
 import java.security.AccessController;
 import java.security.Permission;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.util.List;
 import java.util.Set;
@@ -227,8 +228,16 @@ public final class JmxMBeanServer
                clr = new ClassLoaderRepositorySupport();
            instantiator = new MBeanInstantiator(clr);
        }
+
+        final MBeanInstantiator fInstantiator = instantiator;
        this.secureClr = new
-          SecureClassLoaderRepository(instantiator.getClassLoaderRepository());
+            SecureClassLoaderRepository(AccessController.doPrivileged(new PrivilegedAction<ClassLoaderRepository>() {
+                @Override
+                public ClassLoaderRepository run() {
+                    return fInstantiator.getClassLoaderRepository();
+                }
+            })
+        );
        if (delegate == null)
            delegate = new MBeanServerDelegateImpl();
        if (outer == null)
@@ -1242,8 +1251,14 @@ public final class JmxMBeanServer
           class loader.  The ClassLoaderRepository knows how
           to handle that case.  */
        ClassLoader myLoader = outerShell.getClass().getClassLoader();
-        final ModifiableClassLoaderRepository loaders =
-            instantiator.getClassLoaderRepository();
+        final ModifiableClassLoaderRepository loaders = AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() {
+
+            @Override
+            public ModifiableClassLoaderRepository run() {
+                return instantiator.getClassLoaderRepository();
+            }
+        });
+
        if (loaders != null) {
            loaders.addClassLoader(myLoader);


--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
@@ -622,6 +622,7 @@ public class MBeanInstantiator {
     * Return the Default Loader Repository used by this instantiator object.
     **/
    public ModifiableClassLoaderRepository getClassLoaderRepository() {
+        checkMBeanPermission((String)null, null, null, "getClassLoaderRepository");
        return clr;
    }

@@ -733,9 +734,19 @@ public class MBeanInstantiator {
                                             String member,
                                             ObjectName objectName,
                                             String actions) {
+        if (clazz != null) {
+            checkMBeanPermission(clazz.getName(), member, objectName, actions);
+        }
+    }
+
+    private static void checkMBeanPermission(String classname,
+                                             String member,
+                                             ObjectName objectName,
+                                             String actions)
+        throws SecurityException {
        SecurityManager sm = System.getSecurityManager();
-        if (clazz != null && sm != null) {
-            Permission perm = new MBeanPermission(clazz.getName(),
+        if (sm != null) {
+            Permission perm = new MBeanPermission(classname,
                                                  member,
                                                  objectName,
                                                  actions);