Mercurial > hg > release > icedtea6-1.12

view patches/security/20130618/8003703-update_rmi_connection_dialog.patch @ 3004:08ce3247b5b0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 2013/06/18 security patches. 2013-06-22 Andrew John Hughes <gnu.andrew@member.fsf.org> * patches/idresolver_fix.patch: Removed. Part of 6469266. * Makefile.am: (SECURITY_PATCHES): Add new ones. (SPECIAL_SECURITY_PATCH_1): Renamed from SPECIAL_SECURITY_PATCH. (SPECIAL_SECURITY_PATCH_2): Add 8009071, which needs to be applied after some AWT backports. (ICEDTEA_PATCHES): Use SPECIAL_SECURITY_PATCH_{1,2}. Move 8005615, 8007393 & 8007611 to SECURITY_PATCHES as must be applied before 8004584. Add 7171223 to end. * patches/openjdk/6307603-xrender-01.patch, * patches/openjdk/6469266-xmlsec_1.4.2.patch, * patches/openjdk/6656651-windows_lcd_glyphs.patch, * patches/openjdk/6786028-wcag_bold_tags.patch, * patches/openjdk/6786682-wcag_lang.patch, * patches/openjdk/6786688-wcag_table.patch, * patches/openjdk/6786690-wcag_dl.patch, * patches/openjdk/6802694-no_deprecated.patch, * patches/openjdk/6851834-restructure.patch, * patches/openjdk/6888167-medialib_memory_leaks.patch, * patches/openjdk/6961178-doclet_xml.patch, * patches/openjdk/6990754-use_native_memory_for_symboltable.patch, * patches/openjdk/7006270-regressions.patch, * patches/openjdk/7008809-report_class_in_arraystoreexception.patch, * patches/openjdk/7014851-unused_parallel_compaction_code.patch, * patches/openjdk/7017732-move_static_fields_to_class.patch, * patches/openjdk/7036747-elfstringtable.patch, * patches/openjdk/7086585-flexible_field_injection.patch, * patches/openjdk/7171223-strict_aliasing.patch, * patches/openjdk/7195301-no_instanceof_node.patch, * patches/security/20130618/6741606-apache_santuario.patch, * patches/security/20130618/7158805-nested_subroutine_rewriting.patch, * patches/security/20130618/7170730-windows_network_stack.patch, * patches/security/20130618/8000638-improve_deserialization.patch, * patches/security/20130618/8000642-better_transportation_handling.patch, * patches/security/20130618/8001032-restrict_object_access-corba.patch, * patches/security/20130618/8001032-restrict_object_access-jdk.patch, * patches/security/20130618/8001033-refactor_address_handling.patch, * patches/security/20130618/8001034-memory_management.patch, * patches/security/20130618/8001038-resourcefully_handle_resources.patch, * patches/security/20130618/8001043-clarify_definition_restrictions.patch, * patches/security/20130618/8001309-better_handling_of_annotation_interfaces.patch, * patches/security/20130618/8001318-6_fixup.patch, * patches/security/20130618/8001318-socket_getlocaladdress_consistency.patch, * patches/security/20130618/8001330-checking_order_improvement.patch, * patches/security/20130618/8001330-improve_checking_order.patch, * patches/security/20130618/8003703-update_rmi_connection_dialog.patch, * patches/security/20130618/8004584-augment_applet_contextualization.patch, * patches/security/20130618/8005007-better_glyph_processing.patch, * patches/security/20130618/8006328-6_fixup.patch, * patches/security/20130618/8006328-sound_class_robustness.patch, * patches/security/20130618/8006611-improve_scripting.patch, * patches/security/20130618/8007467-improve_jmx_internal_api_robustness.patch, * patches/security/20130618/8007471-6_fixup.patch, * patches/security/20130618/8007471-improve_mbean_notifications.patch, * patches/security/20130618/8007812-getenclosingmethod.patch, * patches/security/20130618/8008120-improve_jmx_class_checking.patch, * patches/security/20130618/8008124-better_compliance_testing.patch, * patches/security/20130618/8008128-better_jmx_api_coherence.patch, * patches/security/20130618/8008132-better_serialization.patch, * patches/security/20130618/8008585-jmx_data_handling.patch, * patches/security/20130618/8008593-better_urlclassloader.patch, * patches/security/20130618/8008603-jmx_provider_provision.patch, * patches/security/20130618/8008611-6_fixup.patch, * patches/security/20130618/8008611-jmx_annotations.patch, * patches/security/20130618/8008615-jmx_internal_api_robustness.patch, * patches/security/20130618/8008623-mbeanserver_handling.patch, * patches/security/20130618/8008744-6741606_rework.patch, * patches/security/20130618/8008982-jmx_interface_changes.patch, * patches/security/20130618/8009004-rmi_connection_improvement.patch, * patches/security/20130618/8009013-t2k_glyphs.patch, * patches/security/20130618/8009034-jmx_notification_improvement.patch, * patches/security/20130618/8009038-jmx_notification_support_improvement.patch, * patches/security/20130618/8009067-improve_key_storing.patch, * patches/security/20130618/8009071-improve_shape_handling.patch, * patches/security/20130618/8009235-improve_tsa_data_handling.patch, * patches/security/20130618/8009554-serialjavaobject.patch, * patches/security/20130618/8011243-improve_imaginglib.patch, * patches/security/20130618/8011248-better_component_rasters.patch, * patches/security/20130618/8011253-better_short_component_rasters.patch, * patches/security/20130618/8011257-better_byte_component_rasters.patch, * patches/security/20130618/8011557-improve_reflection.patch, * patches/security/20130618/8012375-javadoc_framing.patch, * patches/security/20130618/8012421-better_positioning.patch, * patches/security/20130618/8012438-better_image_validation.patch, * patches/security/20130618/8012597-better_image_channel_validation.patch, * patches/security/20130618/8012601-better_layout_validation.patch, * patches/security/20130618/8014281-better_xml_signature_checking.patch, * patches/security/20130618/8015997-more_javadoc_framing.patch, * patches/security/20130618/diamond_fix.patch, * patches/security/20130618/handle_npe.patch, * patches/security/20130618/hs_merge-01.patch, * patches/security/20130618/hs_merge-02.patch, * patches/security/20130618/hs_merge-03.patch, * patches/security/20130618/hs_merge-04.patch, * patches/security/20130618/javac_issue.patch, * patches/security/20130618/langtools_generics.patch, * patches/security/20130618/langtools_merge-01.patch, * patches/security/20130618/langtools_merge-02.patch, * patches/security/20130618/langtools_merge-03.patch: 2013/06/18 security patches. * patches/apache-xml-internal-fix-bug-38655.patch: Remove.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Sat, 22 Jun 2013 16:38:24 -0500
parents
children
line wrap: on
line source

# HG changeset patch
# User andrew
# Date 1371238398 -3600
# Node ID 672b00f8dd800d0b494cde9eb219bd82179c5ff5
# Parent  66880d810dc10655031bfbbb1e4ea6ff66061f08
8003703: Update RMI connection dialog box
Reviewed-by: skoivu, ahgross, mchung, jbachorik

diff --git a/src/share/classes/sun/tools/jconsole/ProxyClient.java b/src/share/classes/sun/tools/jconsole/ProxyClient.java
--- openjdk/jdk/src/share/classes/sun/tools/jconsole/ProxyClient.java
+++ openjdk/jdk/src/share/classes/sun/tools/jconsole/ProxyClient.java
@@ -309,11 +309,11 @@
         }
     }
 
-    void connect() {
+    void connect(boolean requireSSL) {
         setConnectionState(ConnectionState.CONNECTING);
         Exception exception = null;
         try {
-            tryConnect();
+            tryConnect(requireSSL);
         } catch (IOException ex) {
             if (JConsole.isDebug()) {
                 ex.printStackTrace();
@@ -333,7 +333,7 @@
         }
     }
 
-    private void tryConnect() throws IOException {
+    private void tryConnect(boolean requireRemoteSSL) throws IOException {
         if (jmxUrl == null && "localhost".equals(hostName) && port == 0) {
             // Monitor self
             this.jmxc = null;
@@ -353,6 +353,10 @@
                     this.jmxUrl = new JMXServiceURL(lvm.connectorAddress());
                 }
             }
+            Map<String, Object> env = new HashMap<String, Object>();
+            if (requireRemoteSSL) {
+                env.put("jmx.remote.x.check.stub", "true");
+            }
             // Need to pass in credentials ?
             if (userName == null && password == null) {
                 if (isVmConnector()) {
@@ -361,12 +365,11 @@
                         checkSslConfig();
                     }
                     this.jmxc = new RMIConnector(stub, null);
-                    jmxc.connect();
+                    jmxc.connect(env);
                 } else {
-                    this.jmxc = JMXConnectorFactory.connect(jmxUrl);
+                    this.jmxc = JMXConnectorFactory.connect(jmxUrl, env);
                 }
             } else {
-                Map<String, String[]> env = new HashMap<String, String[]>();
                 env.put(JMXConnector.CREDENTIALS,
                         new String[] {userName, password});
                 if (isVmConnector()) {
diff --git a/src/share/classes/sun/tools/jconsole/VMPanel.java b/src/share/classes/sun/tools/jconsole/VMPanel.java
--- openjdk/jdk/src/share/classes/sun/tools/jconsole/VMPanel.java
+++ openjdk/jdk/src/share/classes/sun/tools/jconsole/VMPanel.java
@@ -62,6 +62,7 @@
     private static ArrayList<TabInfo> tabInfos = new ArrayList<TabInfo>();
 
     private boolean wasConnected = false;
+    private boolean shouldUseSSL = true;
 
     // The everConnected flag keeps track of whether the window can be
     // closed if the user clicks Cancel after a failed connection attempt.
@@ -295,7 +296,7 @@
         } else {
             new Thread("VMPanel.connect") {
                 public void run() {
-                    proxyClient.connect();
+                    proxyClient.connect(shouldUseSSL);
                 }
             }.start();
         }
@@ -472,6 +473,7 @@
 
         final String connectStr   = getText("Connect");
         final String reconnectStr = getText("Reconnect");
+        final String insecureStr = getText("Insecure");
         final String cancelStr    = getText("Cancel");
 
         String msgTitle, msgExplanation, buttonStr;
@@ -481,6 +483,10 @@
             msgTitle = getText("connectionLost1");
             msgExplanation = getText("connectionLost2", getConnectionName());
             buttonStr = reconnectStr;
+        } else if (shouldUseSSL) {
+            msgTitle = getText("connectionFailedSSL1");
+            msgExplanation = getText("connectionFailedSSL2", getConnectionName());
+            buttonStr = insecureStr;
         } else {
             msgTitle = getText("connectionFailed1");
             msgExplanation = getText("connectionFailed2", getConnectionName());
@@ -503,6 +509,9 @@
 
                     if (value == reconnectStr || value == connectStr) {
                         connect();
+                    } else if (value == insecureStr) {
+                        shouldUseSSL = false;
+                        connect();
                     } else if (!everConnected) {
                         try {
                             getFrame().setClosed(true);
diff --git a/src/share/classes/sun/tools/jconsole/resources/JConsoleResources.java b/src/share/classes/sun/tools/jconsole/resources/JConsoleResources.java
--- openjdk/jdk/src/share/classes/sun/tools/jconsole/resources/JConsoleResources.java
+++ openjdk/jdk/src/share/classes/sun/tools/jconsole/resources/JConsoleResources.java
@@ -212,6 +212,7 @@
         {"Impact","Impact"},
         {"Info","Info"},
         {"INFO","INFO"},
+        {"Insecure", "Insecure connection"},
         {"Invalid plugin path", "Warning: Invalid plugin path: {0}"},
         {"Invalid URL", "Invalid URL: {0}"},
         {"Is","Is"},
@@ -417,6 +418,10 @@
         {"connectionFailed1","Connection Failed: Retry?"},
         {"connectionFailed2","The connection to {0} did not succeed.<br>" +
                              "Would you like to try again?"},
+        {"connectionFailedSSL1","Secure connection failed. Retry insecurely?"},
+        {"connectionFailedSSL2","The connection to {0} could not be made using SSL.<br>" +
+                             "Would you like to try without SSL?<br>" +
+                             "(Username and password will be sent in plain text.)"},
         {"connectionLost1","Connection Lost: Reconnect?"},
         {"connectionLost2","The connection to {0} has been lost " +
                            "because the remote process has been terminated.<br>" +