Mercurial > hg > openjdk > jdk6 > jdk
changeset 1834:bfbb31220c42
8199177: Enhance JNDI lookups
Reviewed-by: vtewari
| author | robm |
|---|---|
| date | Tue, 10 Jul 2018 16:56:22 +0100 |
| parents | 93ead2e8d186 |
| children | 01d60f0cbf30 |
| files | src/share/classes/com/sun/naming/internal/VersionHelper12.java |
| diffstat | 1 files changed, 27 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/naming/internal/VersionHelper12.java Wed Jul 18 16:37:45 2018 -0700 +++ b/src/share/classes/com/sun/naming/internal/VersionHelper12.java Tue Jul 10 16:56:22 2018 +0100 @@ -75,6 +75,25 @@ } /** + * Determines whether classes may be loaded from an arbitrary URL code base. + */ + private static final String TRUST_URL_CODEBASE_PROPERTY = + "com.sun.jndi.ldap.object.trustURLCodebase"; + private static final String trustURLCodebase = + AccessController.doPrivileged( + new PrivilegedAction<String>() { + public String run() { + try { + return System.getProperty(TRUST_URL_CODEBASE_PROPERTY, + "false"); + } catch (SecurityException e) { + return "false"; + } + } + } + ); + + /** * Package private. * * This internal method is used with Thread Context Class Loader (TCCL), @@ -93,12 +112,15 @@ */ public Class loadClass(String className, String codebase) throws ClassNotFoundException, MalformedURLException { + if ("true".equalsIgnoreCase(trustURLCodebase)) { + ClassLoader parent = getContextClassLoader(); + ClassLoader cl = + URLClassLoader.newInstance(getUrlArray(codebase), parent); - ClassLoader parent = getContextClassLoader(); - ClassLoader cl = - URLClassLoader.newInstance(getUrlArray(codebase), parent); - - return loadClass(className, cl); + return loadClass(className, cl); + } else { + return null; + } } /**