Mercurial > hg > openjdk > jdk7 > jdk
changeset 4269:0a80650409e1
7044443: Permissions resolved incorrectly for jar protocol (Patch from bugs.openjdk.java.net)
Reviewed-by: alanb, chegar
Contributed-by: dbhole@redhat.com
| author | mullan |
|---|---|
| date | Tue, 24 May 2011 14:15:14 -0700 |
| parents | 9861df231e9e |
| children | ace2dfdecda1 |
| files | src/share/classes/sun/security/provider/PolicyFile.java test/java/security/Policy/GetPermissions/JarURL.java |
| diffstat | 2 files changed, 72 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/PolicyFile.java Mon May 16 12:58:48 2011 -0700 +++ b/src/share/classes/sun/security/provider/PolicyFile.java Tue May 24 14:15:14 2011 -0700 @@ -1790,15 +1790,30 @@ CodeSource canonCs = cs; URL u = cs.getLocation(); - if (u != null && u.getProtocol().equals("file")) { - boolean isLocalFile = false; - String host = u.getHost(); - isLocalFile = (host == null || host.equals("") || - host.equals("~") || host.equalsIgnoreCase("localhost")); + if (u != null) { + if (u.getProtocol().equals("jar")) { + // unwrap url embedded inside jar url + String spec = u.getFile(); + int separator = spec.indexOf("!/"); + if (separator != -1) { + try { + u = new URL(spec.substring(0, separator)); + } catch (MalformedURLException e) { + // Fail silently. In this case, url stays what + // it was above + } + } + } + if (u.getProtocol().equals("file")) { + boolean isLocalFile = false; + String host = u.getHost(); + isLocalFile = (host == null || host.equals("") || + host.equals("~") || host.equalsIgnoreCase("localhost")); - if (isLocalFile) { - path = u.getFile().replace('/', File.separatorChar); - path = ParseUtil.decode(path); + if (isLocalFile) { + path = u.getFile().replace('/', File.separatorChar); + path = ParseUtil.decode(path); + } } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/security/Policy/GetPermissions/JarURL.java Tue May 24 14:15:14 2011 -0700 @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7044443 + * @summary Permissions resolved incorrectly for jar protocol + */ + +import java.net.URL; +import java.security.AllPermission; +import java.security.CodeSource; +import java.security.PermissionCollection; +import java.security.Policy; +import java.security.cert.Certificate; + +public class JarURL { + public static void main(String[] args) throws Exception { + URL codeSourceURL + = new URL("jar:file:" + + System.getProperty("java.ext.dirs").split(":")[0] + + "/foo.jar!/"); + CodeSource cs = new CodeSource(codeSourceURL, new Certificate[0]); + PermissionCollection perms = Policy.getPolicy().getPermissions(cs); + if (!perms.implies(new AllPermission())) + throw new Exception("FAILED: " + codeSourceURL + + " not granted AllPermission"); + } +}