diff --git a/src/share/classes/sun/rmi/transport/Transport.java b/src/share/classes/sun/rmi/transport/Transport.java
index 217c93682bd1d1ebf365dddde513a0b619c23a97..2fa3f502f1d4fef4193afcd6b6d6b960abf72caa 100644
--- a/src/share/classes/sun/rmi/transport/Transport.java
+++ b/src/share/classes/sun/rmi/transport/Transport.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,6 +37,10 @@ import java.rmi.server.RemoteCall;
import java.rmi.server.RemoteServer;
import java.rmi.server.ServerNotActiveException;
import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import sun.rmi.runtime.Log;
import sun.rmi.server.Dispatcher;
import sun.rmi.server.UnicastServerRef;
@@ -68,6 +72,15 @@ public abstract class Transport {
/** ObjID for DGCImpl */
private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);
+ /** AccessControlContext for setting context ClassLoader */
+ private static final AccessControlContext SETCCL_ACC;
+ static {
+ Permissions perms = new Permissions();
+ perms.add(new RuntimePermission("setContextClassLoader"));
+ ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+ SETCCL_ACC = new AccessControlContext(pd);
+ }
+
/**
* Returns a Channel that generates connections to the
* endpoint ep. A Channel is an object that creates and
@@ -116,6 +129,16 @@ public abstract class Transport {
*/
protected abstract void checkAcceptPermission(AccessControlContext acc);
+ /**
+ * Sets the context class loader for the current thread.
+ */
+ private static void setContextClassLoader(ClassLoader ccl) {
+ AccessController.doPrivileged((PrivilegedAction)() -> {
+ Thread.currentThread().setContextClassLoader(ccl);
+ return null;
+ }, SETCCL_ACC);
+ }
+
/**
* Service an incoming remote call. When a message arrives on the
* connection indicating the beginning of a remote call, the
@@ -164,11 +187,10 @@ public abstract class Transport {
target.getAccessControlContext();
ClassLoader ccl = target.getContextClassLoader();
- Thread t = Thread.currentThread();
- ClassLoader savedCcl = t.getContextClassLoader();
+ ClassLoader savedCcl = Thread.currentThread().getContextClassLoader();
try {
- t.setContextClassLoader(ccl);
+ setContextClassLoader(ccl);
currentTransport.set(this);
try {
java.security.AccessController.doPrivileged(
@@ -183,7 +205,7 @@ public abstract class Transport {
throw (IOException) pae.getException();
}
} finally {
- t.setContextClassLoader(savedCcl);
+ setContextClassLoader(savedCcl);
currentTransport.set(null);
}
diff --git a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java
index 24655c2f0b59a0b9d4e4bcdc3b8c268bf67845ac..a6b8c3ae5e41989cb709df85e9ea55859d9fab72 100644
--- a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java
+++ b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,6 +49,9 @@ import java.rmi.server.ServerNotActiveException;
import java.rmi.server.UID;
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
@@ -123,6 +126,14 @@ public class TCPTransport extends Transport {
private static final ThreadLocal
threadConnectionHandler = new ThreadLocal<>();
+ /** an AccessControlContext with no permissions */
+ private static final AccessControlContext NOPERMS_ACC;
+ static {
+ Permissions perms = new Permissions();
+ ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+ NOPERMS_ACC = new AccessControlContext(pd);
+ }
+
/** endpoints for this transport */
private final LinkedList epList;
/** number of objects exported on this transport */
@@ -662,16 +673,19 @@ public class TCPTransport extends Transport {
}
public void run() {
- Thread t = Thread.currentThread();
- String name = t.getName();
- try {
- t.setName("RMI TCP Connection(" +
- connectionCount.incrementAndGet() +
- ")-" + remoteHost);
- run0();
- } finally {
- t.setName(name);
- }
+ AccessController.doPrivileged((PrivilegedAction)() -> {
+ Thread t = Thread.currentThread();
+ String name = t.getName();
+ try {
+ t.setName("RMI TCP Connection(" +
+ connectionCount.incrementAndGet() +
+ ")-" + remoteHost);
+ run0();
+ } finally {
+ t.setName(name);
+ }
+ return null;
+ }, NOPERMS_ACC);
}
private void run0() {