Mercurial > hg > release > icedtea6-1.12
view patches/security/20130618/8008982-jmx_interface_changes.patch @ 3004:08ce3247b5b0
Add 2013/06/18 security patches.
2013-06-22 Andrew John Hughes <gnu.andrew@member.fsf.org>
* patches/idresolver_fix.patch:
Removed. Part of 6469266.
* Makefile.am:
(SECURITY_PATCHES): Add new ones.
(SPECIAL_SECURITY_PATCH_1): Renamed from
SPECIAL_SECURITY_PATCH.
(SPECIAL_SECURITY_PATCH_2): Add 8009071, which
needs to be applied after some AWT backports.
(ICEDTEA_PATCHES): Use SPECIAL_SECURITY_PATCH_{1,2}.
Move 8005615, 8007393 & 8007611 to SECURITY_PATCHES
as must be applied before 8004584. Add 7171223 to
end.
* patches/openjdk/6307603-xrender-01.patch,
* patches/openjdk/6469266-xmlsec_1.4.2.patch,
* patches/openjdk/6656651-windows_lcd_glyphs.patch,
* patches/openjdk/6786028-wcag_bold_tags.patch,
* patches/openjdk/6786682-wcag_lang.patch,
* patches/openjdk/6786688-wcag_table.patch,
* patches/openjdk/6786690-wcag_dl.patch,
* patches/openjdk/6802694-no_deprecated.patch,
* patches/openjdk/6851834-restructure.patch,
* patches/openjdk/6888167-medialib_memory_leaks.patch,
* patches/openjdk/6961178-doclet_xml.patch,
* patches/openjdk/6990754-use_native_memory_for_symboltable.patch,
* patches/openjdk/7006270-regressions.patch,
* patches/openjdk/7008809-report_class_in_arraystoreexception.patch,
* patches/openjdk/7014851-unused_parallel_compaction_code.patch,
* patches/openjdk/7017732-move_static_fields_to_class.patch,
* patches/openjdk/7036747-elfstringtable.patch,
* patches/openjdk/7086585-flexible_field_injection.patch,
* patches/openjdk/7171223-strict_aliasing.patch,
* patches/openjdk/7195301-no_instanceof_node.patch,
* patches/security/20130618/6741606-apache_santuario.patch,
* patches/security/20130618/7158805-nested_subroutine_rewriting.patch,
* patches/security/20130618/7170730-windows_network_stack.patch,
* patches/security/20130618/8000638-improve_deserialization.patch,
* patches/security/20130618/8000642-better_transportation_handling.patch,
* patches/security/20130618/8001032-restrict_object_access-corba.patch,
* patches/security/20130618/8001032-restrict_object_access-jdk.patch,
* patches/security/20130618/8001033-refactor_address_handling.patch,
* patches/security/20130618/8001034-memory_management.patch,
* patches/security/20130618/8001038-resourcefully_handle_resources.patch,
* patches/security/20130618/8001043-clarify_definition_restrictions.patch,
* patches/security/20130618/8001309-better_handling_of_annotation_interfaces.patch,
* patches/security/20130618/8001318-6_fixup.patch,
* patches/security/20130618/8001318-socket_getlocaladdress_consistency.patch,
* patches/security/20130618/8001330-checking_order_improvement.patch,
* patches/security/20130618/8001330-improve_checking_order.patch,
* patches/security/20130618/8003703-update_rmi_connection_dialog.patch,
* patches/security/20130618/8004584-augment_applet_contextualization.patch,
* patches/security/20130618/8005007-better_glyph_processing.patch,
* patches/security/20130618/8006328-6_fixup.patch,
* patches/security/20130618/8006328-sound_class_robustness.patch,
* patches/security/20130618/8006611-improve_scripting.patch,
* patches/security/20130618/8007467-improve_jmx_internal_api_robustness.patch,
* patches/security/20130618/8007471-6_fixup.patch,
* patches/security/20130618/8007471-improve_mbean_notifications.patch,
* patches/security/20130618/8007812-getenclosingmethod.patch,
* patches/security/20130618/8008120-improve_jmx_class_checking.patch,
* patches/security/20130618/8008124-better_compliance_testing.patch,
* patches/security/20130618/8008128-better_jmx_api_coherence.patch,
* patches/security/20130618/8008132-better_serialization.patch,
* patches/security/20130618/8008585-jmx_data_handling.patch,
* patches/security/20130618/8008593-better_urlclassloader.patch,
* patches/security/20130618/8008603-jmx_provider_provision.patch,
* patches/security/20130618/8008611-6_fixup.patch,
* patches/security/20130618/8008611-jmx_annotations.patch,
* patches/security/20130618/8008615-jmx_internal_api_robustness.patch,
* patches/security/20130618/8008623-mbeanserver_handling.patch,
* patches/security/20130618/8008744-6741606_rework.patch,
* patches/security/20130618/8008982-jmx_interface_changes.patch,
* patches/security/20130618/8009004-rmi_connection_improvement.patch,
* patches/security/20130618/8009013-t2k_glyphs.patch,
* patches/security/20130618/8009034-jmx_notification_improvement.patch,
* patches/security/20130618/8009038-jmx_notification_support_improvement.patch,
* patches/security/20130618/8009067-improve_key_storing.patch,
* patches/security/20130618/8009071-improve_shape_handling.patch,
* patches/security/20130618/8009235-improve_tsa_data_handling.patch,
* patches/security/20130618/8009554-serialjavaobject.patch,
* patches/security/20130618/8011243-improve_imaginglib.patch,
* patches/security/20130618/8011248-better_component_rasters.patch,
* patches/security/20130618/8011253-better_short_component_rasters.patch,
* patches/security/20130618/8011257-better_byte_component_rasters.patch,
* patches/security/20130618/8011557-improve_reflection.patch,
* patches/security/20130618/8012375-javadoc_framing.patch,
* patches/security/20130618/8012421-better_positioning.patch,
* patches/security/20130618/8012438-better_image_validation.patch,
* patches/security/20130618/8012597-better_image_channel_validation.patch,
* patches/security/20130618/8012601-better_layout_validation.patch,
* patches/security/20130618/8014281-better_xml_signature_checking.patch,
* patches/security/20130618/8015997-more_javadoc_framing.patch,
* patches/security/20130618/diamond_fix.patch,
* patches/security/20130618/handle_npe.patch,
* patches/security/20130618/hs_merge-01.patch,
* patches/security/20130618/hs_merge-02.patch,
* patches/security/20130618/hs_merge-03.patch,
* patches/security/20130618/hs_merge-04.patch,
* patches/security/20130618/javac_issue.patch,
* patches/security/20130618/langtools_generics.patch,
* patches/security/20130618/langtools_merge-01.patch,
* patches/security/20130618/langtools_merge-02.patch,
* patches/security/20130618/langtools_merge-03.patch:
2013/06/18 security patches.
* patches/apache-xml-internal-fix-bug-38655.patch: Remove.
author | Andrew John Hughes <gnu.andrew@redhat.com> |
---|---|
date | Sat, 22 Jun 2013 16:38:24 -0500 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User andrew # Date 1371487600 18000 # Node ID a844309d9f0a490f8ac56d21f1323e8deb65ffd1 # Parent ebb30aed90ea44ffadd97b3c462b14e328b5dfd2 8008982: Adjust JMX for underlying interface changes Reviewed-by: mchung, dholmes, dfuchs, skoivu diff --git a/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java b/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java --- openjdk/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java +++ openjdk/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java @@ -215,6 +215,11 @@ MXBeanIntrospector.getInstance().getAnalyzer(interfaceClass); } + public static void testComplianceMBeanInterface(Class<?> interfaceClass) + throws NotCompliantMBeanException{ + StandardMBeanIntrospector.getInstance().getAnalyzer(interfaceClass); + } + /** * Basic method for testing if a given class is a JMX compliant * Standard MBean. This method is only called by the legacy code diff --git a/src/share/classes/javax/management/JMX.java b/src/share/classes/javax/management/JMX.java --- openjdk/jdk/src/share/classes/javax/management/JMX.java +++ openjdk/jdk/src/share/classes/javax/management/JMX.java @@ -27,7 +27,9 @@ import com.sun.jmx.mbeanserver.Introspector; import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; +import sun.reflect.misc.ReflectUtil; /** * Static methods from the JMX API. There are no instances of this class. @@ -203,11 +205,7 @@ ObjectName objectName, Class<T> interfaceClass, boolean notificationBroadcaster) { - return MBeanServerInvocationHandler.newProxyInstance( - connection, - objectName, - interfaceClass, - notificationBroadcaster); + return createProxy(connection, objectName, interfaceClass, notificationBroadcaster, false); } /** @@ -345,26 +343,7 @@ ObjectName objectName, Class<T> interfaceClass, boolean notificationBroadcaster) { - // Check interface for MXBean compliance - // - try { - Introspector.testComplianceMXBeanInterface(interfaceClass); - } catch (NotCompliantMBeanException e) { - throw new IllegalArgumentException(e); - } - InvocationHandler handler = new MBeanServerInvocationHandler( - connection, objectName, true); - final Class[] interfaces; - if (notificationBroadcaster) { - interfaces = - new Class<?>[] {interfaceClass, NotificationEmitter.class}; - } else - interfaces = new Class[] {interfaceClass}; - Object proxy = Proxy.newProxyInstance( - interfaceClass.getClassLoader(), - interfaces, - handler); - return interfaceClass.cast(proxy); + return createProxy(connection, objectName, interfaceClass, notificationBroadcaster, true); } /** @@ -392,4 +371,65 @@ // exactly the string "MXBean" since that would mean there // was no package name, which is pretty unlikely in practice. } + + /** + * Centralised M(X)Bean proxy creation code + * @param connection {@linkplain MBeanServerConnection} to use + * @param objectName M(X)Bean object name + * @param interfaceClass M(X)Bean interface class + * @param notificationEmitter Is a notification emitter? + * @param isMXBean Is an MXBean? + * @return Returns an M(X)Bean proxy generated for the provided interface class + * @throws SecurityException + * @throws IllegalArgumentException + */ + private static <T> T createProxy(MBeanServerConnection connection, + ObjectName objectName, + Class<T> interfaceClass, + boolean notificationEmitter, + boolean isMXBean) { + + if (System.getSecurityManager() != null) { + checkProxyInterface(interfaceClass); + } + try { + if (isMXBean) { + // Check interface for MXBean compliance + Introspector.testComplianceMXBeanInterface(interfaceClass); + } else { + // Check interface for MBean compliance + Introspector.testComplianceMBeanInterface(interfaceClass); + } + } catch (NotCompliantMBeanException e) { + throw new IllegalArgumentException(e); + } + + InvocationHandler handler = new MBeanServerInvocationHandler( + connection, objectName, isMXBean); + final Class<?>[] interfaces; + if (notificationEmitter) { + interfaces = + new Class<?>[] {interfaceClass, NotificationEmitter.class}; + } else + interfaces = new Class<?>[] {interfaceClass}; + + Object proxy = Proxy.newProxyInstance( + interfaceClass.getClassLoader(), + interfaces, + handler); + return interfaceClass.cast(proxy); + } + + /** + * Checks for the M(X)Bean proxy interface being public and not restricted + * @param interfaceClass MBean proxy interface + * @throws SecurityException when the proxy interface comes from a restricted + * package or is not public + */ + private static void checkProxyInterface(Class<?> interfaceClass) { + if (!Modifier.isPublic(interfaceClass.getModifiers())) { + throw new SecurityException("mbean proxy interface non-public"); + } + ReflectUtil.checkPackageAccess(interfaceClass); + } } diff --git a/src/share/classes/javax/management/MBeanServerInvocationHandler.java b/src/share/classes/javax/management/MBeanServerInvocationHandler.java --- openjdk/jdk/src/share/classes/javax/management/MBeanServerInvocationHandler.java +++ openjdk/jdk/src/share/classes/javax/management/MBeanServerInvocationHandler.java @@ -231,20 +231,7 @@ ObjectName objectName, Class<T> interfaceClass, boolean notificationBroadcaster) { - final InvocationHandler handler = - new MBeanServerInvocationHandler(connection, objectName); - final Class[] interfaces; - if (notificationBroadcaster) { - interfaces = - new Class[] {interfaceClass, NotificationEmitter.class}; - } else - interfaces = new Class[] {interfaceClass}; - - Object proxy = - Proxy.newProxyInstance(interfaceClass.getClassLoader(), - interfaces, - handler); - return interfaceClass.cast(proxy); + return JMX.newMBeanProxy(connection, objectName, interfaceClass, notificationBroadcaster); } public Object invoke(Object proxy, Method method, Object[] args)