Subject.java (doAsPrivileged): If acc is null, create a new AccessControlContext.
2005-02-08 Andrew Haley <aph@redhat.com> * javax/security/auth/Subject.java (doAsPrivileged): If acc is null, create a new AccessControlContext. * java/security/SecureClassLoader.java (protectionDomainCache): new field. (defineClass): Create a new protection domain and add it to our cache. * java/rmi/server/UnicastRemoteObject.java (exportObject): Call addStub() to keep track of the stub we've exported. (unexportObject): Call deleteStub(). * java/rmi/server/RemoteObject.java (stubs): New field. (addStub): New method. (deleteStub): New method. (toStub): Rewrite. * java/lang/VMCompiler.java (loadSharedLibrary): Pass true to findHelper (tryParents). * gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader): Likewise. * java/net/URLClassLoader.java (SoURLLoader): Likewise. * gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass ProtectionDomain. If tryParents is false, don't scan parent class loaders. * java/security/Permissions.java (PermissionsHash.implies): Iterate over the collection and invoke implies() on each element. From-SVN: r95111
This commit is contained in:
parent
d2638db653
commit
019dac3214
|
@ -1,5 +1,38 @@
|
|||
2005-02-16 Andrew Haley <aph@redhat.com>
|
||||
|
||||
|
||||
2005-02-08 Andrew Haley <aph@redhat.com>
|
||||
|
||||
* javax/security/auth/Subject.java (doAsPrivileged): If acc is
|
||||
null, create a new AccessControlContext.
|
||||
* java/security/SecureClassLoader.java (protectionDomainCache):
|
||||
new field.
|
||||
(defineClass): Create a new protection domain and add it to our
|
||||
cache.
|
||||
|
||||
* java/rmi/server/UnicastRemoteObject.java (exportObject): Call
|
||||
addStub() to keep track of the stub we've exported.
|
||||
(unexportObject): Call deleteStub().
|
||||
* java/rmi/server/RemoteObject.java (stubs): New field.
|
||||
(addStub): New method.
|
||||
(deleteStub): New method.
|
||||
(toStub): Rewrite.
|
||||
|
||||
* java/lang/VMCompiler.java (loadSharedLibrary): Pass
|
||||
true to findHelper (tryParents).
|
||||
* gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
|
||||
Likewise.
|
||||
* java/net/URLClassLoader.java (SoURLLoader): Likewise.
|
||||
* gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
|
||||
ProtectionDomain.
|
||||
If tryParents is false, don't scan parent class loaders.
|
||||
|
||||
* java/security/Permissions.java (PermissionsHash.implies):
|
||||
Iterate over the collection and invoke implies() on each
|
||||
element.
|
||||
|
||||
2005-02-16 Andrew Haley <aph@redhat.com>
|
||||
|
||||
* gnu/gcj/runtime/PersistentByteMap.java (name, values, fc): new
|
||||
fields.
|
||||
(PersistentByteMap): Set name
|
||||
|
|
|
@ -28,13 +28,15 @@ public class SharedLibHelper
|
|||
* @parem flags passed to dlopen
|
||||
*/
|
||||
SharedLibHelper(String libname, ClassLoader parent, CodeSource source,
|
||||
int flags)
|
||||
ProtectionDomain domain, int flags)
|
||||
{
|
||||
// FIXME: ask security manager first.
|
||||
loader = parent;
|
||||
baseName = libname;
|
||||
domain = new ProtectionDomain(source,
|
||||
Policy.getPolicy().getPermissions(source));
|
||||
if (domain == null)
|
||||
domain = new ProtectionDomain(source,
|
||||
Policy.getPolicy().getPermissions(source));
|
||||
this.domain = domain;
|
||||
this.flags = flags;
|
||||
}
|
||||
|
||||
|
@ -65,7 +67,14 @@ public class SharedLibHelper
|
|||
}
|
||||
|
||||
public static SharedLibHelper findHelper (ClassLoader loader, String libname,
|
||||
CodeSource source)
|
||||
CodeSource source, boolean tryParents)
|
||||
{
|
||||
return findHelper (loader, libname, source, null, tryParents);
|
||||
}
|
||||
|
||||
public static SharedLibHelper findHelper (ClassLoader loader, String libname,
|
||||
CodeSource source, ProtectionDomain domain,
|
||||
boolean tryParents)
|
||||
{
|
||||
synchronized (map)
|
||||
{
|
||||
|
@ -95,7 +104,7 @@ public class SharedLibHelper
|
|||
return result;
|
||||
l = l.getParent();
|
||||
}
|
||||
while (l != null);
|
||||
while (tryParents && l != null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -116,7 +125,7 @@ public class SharedLibHelper
|
|||
return null;
|
||||
}
|
||||
}
|
||||
result = new SharedLibHelper(libname, loader, source, 0);
|
||||
result = new SharedLibHelper(libname, loader, source, domain, 0);
|
||||
s.add(new WeakReference(result));
|
||||
return result;
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ public class SharedLibLoader extends ClassLoader
|
|||
url = null;
|
||||
}
|
||||
helper = SharedLibHelper.findHelper(this, libname,
|
||||
new CodeSource(url, null));
|
||||
new CodeSource(url, null), true);
|
||||
}
|
||||
|
||||
/** Load a shared library, and asociate a ClassLoader with it.
|
||||
|
|
|
@ -142,7 +142,8 @@ final class VMCompiler
|
|||
{
|
||||
Class c = null;
|
||||
SharedLibHelper helper
|
||||
= SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource());
|
||||
= SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource(),
|
||||
domain, false);
|
||||
c = helper.findClass (className);
|
||||
if (c != null)
|
||||
{
|
||||
|
|
|
@ -543,7 +543,7 @@ public class URLClassLoader extends SecureClassLoader
|
|||
{
|
||||
super(classloader, url, overrideURL);
|
||||
helper = SharedLibHelper.findHelper(classloader, url.getFile(),
|
||||
noCertCodeSource);
|
||||
noCertCodeSource, true);
|
||||
}
|
||||
|
||||
Class getClass(String className)
|
||||
|
|
|
@ -45,6 +45,7 @@ import java.lang.reflect.Constructor;
|
|||
import java.rmi.NoSuchObjectException;
|
||||
import java.rmi.Remote;
|
||||
import java.rmi.UnmarshalException;
|
||||
import java.util.WeakHashMap;
|
||||
|
||||
public abstract class RemoteObject
|
||||
implements Remote, Serializable {
|
||||
|
@ -53,6 +54,8 @@ public static final long serialVersionUID = -3215090123894869218l;
|
|||
|
||||
protected transient RemoteRef ref;
|
||||
|
||||
private static final WeakHashMap stubs = new WeakHashMap();
|
||||
|
||||
protected RemoteObject() {
|
||||
this(null);
|
||||
}
|
||||
|
@ -65,21 +68,24 @@ public RemoteRef getRef() {
|
|||
return (ref);
|
||||
}
|
||||
|
||||
synchronized static void addStub(Remote obj, Remote stub)
|
||||
{
|
||||
stubs.put(obj, stub);
|
||||
}
|
||||
|
||||
synchronized static void deleteStub(Remote obj)
|
||||
{
|
||||
stubs.remove(obj);
|
||||
}
|
||||
|
||||
public static Remote toStub(Remote obj) throws NoSuchObjectException
|
||||
{
|
||||
Class cls = obj.getClass();
|
||||
String classname = cls.getName();
|
||||
ClassLoader cl = cls.getClassLoader();
|
||||
try
|
||||
{
|
||||
Class scls = cl.loadClass(classname + "_Stub");
|
||||
// JDK 1.2 stubs
|
||||
Class[] stubprototype = new Class[] { RemoteRef.class };
|
||||
Constructor con = scls.getConstructor(stubprototype);
|
||||
return (Remote)(con.newInstance(new Object[]{obj}));
|
||||
}
|
||||
catch (Exception e) {}
|
||||
throw new NoSuchObjectException(obj.getClass().getName());
|
||||
Remote stub = (Remote)stubs.get(obj);
|
||||
|
||||
if (stub == null)
|
||||
throw new NoSuchObjectException(obj.getClass().getName());
|
||||
|
||||
return stub;
|
||||
}
|
||||
|
||||
public int hashCode() {
|
||||
|
|
|
@ -98,7 +98,9 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException {
|
|||
{
|
||||
sref = new UnicastServerRef(new ObjID (), port, ssf);
|
||||
}
|
||||
return (sref.exportObject (obj));
|
||||
Remote stub = sref.exportObject (obj);
|
||||
addStub(obj, stub);
|
||||
return stub;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -116,12 +118,15 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException {
|
|||
{
|
||||
if (obj instanceof RemoteObject)
|
||||
{
|
||||
deleteStub(obj);
|
||||
UnicastServerRef sref = (UnicastServerRef)((RemoteObject)obj).getRef();
|
||||
return sref.unexportObject(obj, force);
|
||||
}
|
||||
else
|
||||
//FIX ME
|
||||
;
|
||||
{
|
||||
//FIX ME
|
||||
;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -228,9 +228,18 @@ class PermissionsHash extends PermissionCollection
|
|||
* @param perm the permission to check
|
||||
* @return true if it is implied
|
||||
*/
|
||||
// FIXME: Should this method be synchronized?
|
||||
public boolean implies(Permission perm)
|
||||
{
|
||||
return perms.get(perm) != null;
|
||||
Enumeration elements = elements();
|
||||
|
||||
while (elements.hasMoreElements())
|
||||
{
|
||||
Permission p = (Permission)elements.nextElement();
|
||||
if (p.implies(perm))
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -48,6 +48,8 @@ package java.security;
|
|||
*/
|
||||
public class SecureClassLoader extends ClassLoader
|
||||
{
|
||||
java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap();
|
||||
|
||||
protected SecureClassLoader(ClassLoader parent)
|
||||
{
|
||||
super(parent);
|
||||
|
@ -80,11 +82,29 @@ public class SecureClassLoader extends ClassLoader
|
|||
protected final Class defineClass(String name, byte[] b, int off, int len,
|
||||
CodeSource cs)
|
||||
{
|
||||
// FIXME: Need to cache ProtectionDomains according to 1.3 docs.
|
||||
if (cs != null)
|
||||
{
|
||||
ProtectionDomain protectionDomain
|
||||
= new ProtectionDomain(cs, getPermissions(cs), this, null);
|
||||
ProtectionDomain protectionDomain;
|
||||
|
||||
synchronized (protectionDomainCache)
|
||||
{
|
||||
protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs);
|
||||
}
|
||||
|
||||
if (protectionDomain == null)
|
||||
{
|
||||
protectionDomain
|
||||
= new ProtectionDomain(cs, getPermissions(cs), this, null);
|
||||
synchronized (protectionDomainCache)
|
||||
{
|
||||
ProtectionDomain domain
|
||||
= (ProtectionDomain)protectionDomainCache.get(cs);
|
||||
if (domain == null)
|
||||
protectionDomainCache.put(cs, protectionDomain);
|
||||
else
|
||||
protectionDomain = domain;
|
||||
}
|
||||
}
|
||||
return super.defineClass(name, b, off, len, protectionDomain);
|
||||
}
|
||||
else
|
||||
|
|
|
@ -235,7 +235,7 @@ public final class Subject implements Serializable
|
|||
*/
|
||||
public static Object doAsPrivileged (final Subject subject,
|
||||
final PrivilegedExceptionAction action,
|
||||
final AccessControlContext acc)
|
||||
AccessControlContext acc)
|
||||
throws PrivilegedActionException
|
||||
{
|
||||
final SecurityManager sm = System.getSecurityManager();
|
||||
|
@ -243,6 +243,8 @@ public final class Subject implements Serializable
|
|||
{
|
||||
sm.checkPermission (new AuthPermission ("doAsPrivileged"));
|
||||
}
|
||||
if (acc == null)
|
||||
acc = new AccessControlContext (new java.security.ProtectionDomain[0]);
|
||||
AccessControlContext context =
|
||||
new AccessControlContext (acc, new SubjectDomainCombiner (subject));
|
||||
return AccessController.doPrivileged (action, context);
|
||||
|
|
Loading…
Reference in New Issue