提交 e3eb729d 编写于 作者: X xuelei

8027204: Revise the update of 8026204 and 8025758

Summary: Rivise the update to use system class loader with null TCCL.  Also reviewed by Alexander Fomin <alexander.fomin@oracle.com>
Reviewed-by: mchung, ahgross
上级 cfc7f025
......@@ -83,7 +83,6 @@ public final class FactoryEnumeration {
try {
if (answer == null) { // reload class if weak ref cleared
Class<?> cls = Class.forName(className, true, loader);
VersionHelper12.checkPackageAccess(cls);
answer = cls;
}
// Instantiate Class to get factory
......
......@@ -39,7 +39,6 @@ import java.util.NoSuchElementException;
import java.util.Properties;
import javax.naming.*;
import sun.reflect.misc.ReflectUtil;
/**
* VersionHelper was used by JNDI to accommodate differences between
......@@ -54,18 +53,6 @@ import sun.reflect.misc.ReflectUtil;
final class VersionHelper12 extends VersionHelper {
// workaround to disable additional package access control with
// Thread Context Class Loader (TCCL).
private final static boolean noPackageAccessWithTCCL = "true".equals(
AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
return System.getProperty(
"com.sun.naming.untieAccessContextWithTCCL");
}
}
));
// Disallow external from creating one of these.
VersionHelper12() {
}
......@@ -83,9 +70,6 @@ final class VersionHelper12 extends VersionHelper {
Class<?> loadClass(String className, ClassLoader cl)
throws ClassNotFoundException {
Class<?> cls = Class.forName(className, true, cl);
if (!noPackageAccessWithTCCL) {
checkPackageAccess(cls);
}
return cls;
}
......@@ -103,35 +87,6 @@ final class VersionHelper12 extends VersionHelper {
return loadClass(className, cl);
}
/**
* check package access of a class that is loaded with Thread Context
* Class Loader (TCCL).
*
* Similar to java.lang.ClassLoader.checkPackageAccess()
*/
static void checkPackageAccess(Class<?> cls) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (ReflectUtil.isNonPublicProxyClass(cls)) {
for (Class<?> intf: cls.getInterfaces()) {
checkPackageAccess(intf);
}
return;
}
final String name = cls.getName();
final int i = name.lastIndexOf('.');
if (i != -1) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
sm.checkPackageAccess(name.substring(0, i));
return null;
}
}, AccessController.getContext());
}
}
}
String getJndiProperty(final int i) {
return AccessController.doPrivileged(
new PrivilegedAction<String>() {
......@@ -220,18 +175,24 @@ final class VersionHelper12 extends VersionHelper {
/**
* Package private.
*
* This internal method makes use of Thread Context Class Loader (TCCL),
* please don't expose this method as public.
* This internal method returns Thread Context Class Loader (TCCL),
* if null, returns the system Class Loader.
*
* Please take care of package access control on the current context
* whenever using TCCL.
* Please don't expose this method as public.
*/
ClassLoader getContextClassLoader() {
return AccessController.doPrivileged(
new PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
return Thread.currentThread().getContextClassLoader();
ClassLoader loader =
Thread.currentThread().getContextClassLoader();
if (loader == null) {
// Don't use bootstrap class loader directly!
loader = ClassLoader.getSystemClassLoader();
}
return loader;
}
}
);
......
......@@ -37,10 +37,8 @@ import javax.security.auth.AuthPermission;
import javax.security.auth.callback.*;
import java.security.AccessController;
import java.security.AccessControlContext;
import java.security.PrivilegedAction;
import sun.security.util.PendingException;
import sun.security.util.ResourcesMgr;
import sun.reflect.misc.ReflectUtil;
/**
* <p> The {@code LoginContext} class describes the basic methods used
......@@ -227,19 +225,6 @@ public class LoginContext {
private static final sun.security.util.Debug debug =
sun.security.util.Debug.getInstance("logincontext", "\t[LoginContext]");
// workaround to disable additional package access control with
// Thread Context Class Loader (TCCL).
private static final boolean noPackageAccessWithTCCL = "true".equals(
AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
return System.getProperty(
"auth.login.untieAccessContextWithTCCL");
}
}
));
private void init(String name) throws LoginException {
SecurityManager sm = System.getSecurityManager();
......@@ -293,7 +278,15 @@ public class LoginContext {
contextClassLoader = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
return Thread.currentThread().getContextClassLoader();
ClassLoader loader =
Thread.currentThread().getContextClassLoader();
if (loader == null) {
// Don't use bootstrap class loader directly to ensure
// proper package access control!
loader = ClassLoader.getSystemClassLoader();
}
return loader;
}
});
}
......@@ -713,17 +706,11 @@ public class LoginContext {
// instantiate the LoginModule
//
// Allow any object to be a LoginModule as long as it
// conforms to the interface if no customized config or
// noPackageAccessWithTCCL is true.
// conforms to the interface.
Class<?> c = Class.forName(
moduleStack[i].entry.getLoginModuleName(),
true,
contextClassLoader);
// check package access for customized config
if (!noPackageAccessWithTCCL && creatorAcc != null) {
c.asSubclass(javax.security.auth.spi.LoginModule.class);
checkPackageAccess(c, creatorAcc);
}
Constructor<?> constructor = c.getConstructor(PARAMS);
Object[] args = { };
......@@ -926,35 +913,6 @@ public class LoginContext {
}
}
/**
* check package access of a class that is loaded with Thread Context
* Class Loader (TCCL) with specified access control context.
*
* Similar to java.lang.ClassLoader.checkPackageAccess()
*/
static void checkPackageAccess(Class<?> cls, AccessControlContext context) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (ReflectUtil.isNonPublicProxyClass(cls)) {
for (Class<?> intf: cls.getInterfaces()) {
checkPackageAccess(intf, context);
}
return;
}
final String name = cls.getName();
final int i = name.lastIndexOf('.');
if (i != -1) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
sm.checkPackageAccess(name.substring(0, i));
return null;
}
}, context);
}
}
}
/**
* Wrap the caller-specified CallbackHandler in our own
* and invoke it within a privileged block, constrained by
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册