diff --git a/src/share/classes/com/sun/naming/internal/FactoryEnumeration.java b/src/share/classes/com/sun/naming/internal/FactoryEnumeration.java index 83b235dbef4dfe4202c4073ff34c79b1fefc153e..0fe4864d9679540b096f3a3ca6a0ae9066eac35c 100644 --- a/src/share/classes/com/sun/naming/internal/FactoryEnumeration.java +++ b/src/share/classes/com/sun/naming/internal/FactoryEnumeration.java @@ -83,7 +83,6 @@ public final class FactoryEnumeration { try { if (answer == null) { // reload class if weak ref cleared Class cls = Class.forName(className, true, loader); - VersionHelper12.checkPackageAccess(cls); answer = cls; } // Instantiate Class to get factory diff --git a/src/share/classes/com/sun/naming/internal/VersionHelper12.java b/src/share/classes/com/sun/naming/internal/VersionHelper12.java index 126d2781d521fe1934e92f65ca546b9561531cf1..bf4586e7ebcf474e8fd4cd21a8e2d868eda6197e 100644 --- a/src/share/classes/com/sun/naming/internal/VersionHelper12.java +++ b/src/share/classes/com/sun/naming/internal/VersionHelper12.java @@ -39,7 +39,6 @@ import java.util.NoSuchElementException; import java.util.Properties; import javax.naming.*; -import sun.reflect.misc.ReflectUtil; /** * VersionHelper was used by JNDI to accommodate differences between @@ -54,18 +53,6 @@ import sun.reflect.misc.ReflectUtil; final class VersionHelper12 extends VersionHelper { - // workaround to disable additional package access control with - // Thread Context Class Loader (TCCL). - private final static boolean noPackageAccessWithTCCL = "true".equals( - AccessController.doPrivileged( - new PrivilegedAction() { - public String run() { - return System.getProperty( - "com.sun.naming.untieAccessContextWithTCCL"); - } - } - )); - // Disallow external from creating one of these. VersionHelper12() { } @@ -83,9 +70,6 @@ final class VersionHelper12 extends VersionHelper { Class loadClass(String className, ClassLoader cl) throws ClassNotFoundException { Class cls = Class.forName(className, true, cl); - if (!noPackageAccessWithTCCL) { - checkPackageAccess(cls); - } return cls; } @@ -103,35 +87,6 @@ final class VersionHelper12 extends VersionHelper { return loadClass(className, cl); } - /** - * check package access of a class that is loaded with Thread Context - * Class Loader (TCCL). - * - * Similar to java.lang.ClassLoader.checkPackageAccess() - */ - static void checkPackageAccess(Class cls) { - final SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - if (ReflectUtil.isNonPublicProxyClass(cls)) { - for (Class intf: cls.getInterfaces()) { - checkPackageAccess(intf); - } - return; - } - - final String name = cls.getName(); - final int i = name.lastIndexOf('.'); - if (i != -1) { - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - sm.checkPackageAccess(name.substring(0, i)); - return null; - } - }, AccessController.getContext()); - } - } - } - String getJndiProperty(final int i) { return AccessController.doPrivileged( new PrivilegedAction() { @@ -220,18 +175,24 @@ final class VersionHelper12 extends VersionHelper { /** * Package private. * - * This internal method makes use of Thread Context Class Loader (TCCL), - * please don't expose this method as public. + * This internal method returns Thread Context Class Loader (TCCL), + * if null, returns the system Class Loader. * - * Please take care of package access control on the current context - * whenever using TCCL. + * Please don't expose this method as public. */ ClassLoader getContextClassLoader() { return AccessController.doPrivileged( new PrivilegedAction() { public ClassLoader run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader loader = + Thread.currentThread().getContextClassLoader(); + if (loader == null) { + // Don't use bootstrap class loader directly! + loader = ClassLoader.getSystemClassLoader(); + } + + return loader; } } ); diff --git a/src/share/classes/javax/security/auth/login/LoginContext.java b/src/share/classes/javax/security/auth/login/LoginContext.java index 643688f4d40c64b24899e19cfd2a0805acc79186..7f7f2357cc12ebf848a8f359e9d5a82757f7a283 100644 --- a/src/share/classes/javax/security/auth/login/LoginContext.java +++ b/src/share/classes/javax/security/auth/login/LoginContext.java @@ -37,10 +37,8 @@ import javax.security.auth.AuthPermission; import javax.security.auth.callback.*; import java.security.AccessController; import java.security.AccessControlContext; -import java.security.PrivilegedAction; import sun.security.util.PendingException; import sun.security.util.ResourcesMgr; -import sun.reflect.misc.ReflectUtil; /** *

The {@code LoginContext} class describes the basic methods used @@ -227,19 +225,6 @@ public class LoginContext { private static final sun.security.util.Debug debug = sun.security.util.Debug.getInstance("logincontext", "\t[LoginContext]"); - // workaround to disable additional package access control with - // Thread Context Class Loader (TCCL). - private static final boolean noPackageAccessWithTCCL = "true".equals( - AccessController.doPrivileged( - new PrivilegedAction() { - public String run() { - return System.getProperty( - "auth.login.untieAccessContextWithTCCL"); - } - } - )); - - private void init(String name) throws LoginException { SecurityManager sm = System.getSecurityManager(); @@ -293,7 +278,15 @@ public class LoginContext { contextClassLoader = java.security.AccessController.doPrivileged (new java.security.PrivilegedAction() { public ClassLoader run() { - return Thread.currentThread().getContextClassLoader(); + ClassLoader loader = + Thread.currentThread().getContextClassLoader(); + if (loader == null) { + // Don't use bootstrap class loader directly to ensure + // proper package access control! + loader = ClassLoader.getSystemClassLoader(); + } + + return loader; } }); } @@ -713,17 +706,11 @@ public class LoginContext { // instantiate the LoginModule // // Allow any object to be a LoginModule as long as it - // conforms to the interface if no customized config or - // noPackageAccessWithTCCL is true. + // conforms to the interface. Class c = Class.forName( moduleStack[i].entry.getLoginModuleName(), true, contextClassLoader); - // check package access for customized config - if (!noPackageAccessWithTCCL && creatorAcc != null) { - c.asSubclass(javax.security.auth.spi.LoginModule.class); - checkPackageAccess(c, creatorAcc); - } Constructor constructor = c.getConstructor(PARAMS); Object[] args = { }; @@ -926,35 +913,6 @@ public class LoginContext { } } - /** - * check package access of a class that is loaded with Thread Context - * Class Loader (TCCL) with specified access control context. - * - * Similar to java.lang.ClassLoader.checkPackageAccess() - */ - static void checkPackageAccess(Class cls, AccessControlContext context) { - final SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - if (ReflectUtil.isNonPublicProxyClass(cls)) { - for (Class intf: cls.getInterfaces()) { - checkPackageAccess(intf, context); - } - return; - } - - final String name = cls.getName(); - final int i = name.lastIndexOf('.'); - if (i != -1) { - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - sm.checkPackageAccess(name.substring(0, i)); - return null; - } - }, context); - } - } - } - /** * Wrap the caller-specified CallbackHandler in our own * and invoke it within a privileged block, constrained by