Mercurial > hg > release > icedtea7-forest-2.2 > jdk
changeset 5342:4d76aacdf35c
8008623: Better handling of MBeanServers
Reviewed-by: dfuchs, dholmes, skoivu
author | jbachorik |
---|---|
date | Thu, 21 Mar 2013 09:26:55 +0100 |
parents | 98ce5da895f7 |
children | 109f588a1fe7 |
files | src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java |
diffstat | 3 files changed, 41 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java Thu Mar 21 18:27:25 2013 +0100 +++ b/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java Thu Mar 21 09:26:55 2013 +0100 @@ -1973,8 +1973,7 @@ * does not add it to the list that is consulted by * ClassLoaderRepository.loadClass. */ - final ModifiableClassLoaderRepository clr = - instantiator.getClassLoaderRepository(); + final ModifiableClassLoaderRepository clr = getInstantiatorCLR(); if (clr == null) { final RuntimeException wrapped = new IllegalArgumentException( @@ -2000,8 +1999,7 @@ * Removes the MBean from the default loader repository. */ if (loader != server.getClass().getClassLoader()) { - final ModifiableClassLoaderRepository clr = - instantiator.getClassLoaderRepository(); + final ModifiableClassLoaderRepository clr = getInstantiatorCLR(); if (clr != null) { clr.removeClassLoader(logicalName); } @@ -2060,5 +2058,12 @@ return ResourceContext.NONE; } - + private ModifiableClassLoaderRepository getInstantiatorCLR() { + return AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() { + @Override + public ModifiableClassLoaderRepository run() { + return instantiator != null ? instantiator.getClassLoaderRepository() : null; + } + }); + } }
--- a/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Thu Mar 21 18:27:25 2013 +0100 +++ b/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Thu Mar 21 09:26:55 2013 +0100 @@ -32,6 +32,7 @@ import java.io.ObjectInputStream; import java.security.AccessController; import java.security.Permission; +import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; import java.util.List; import java.util.Set; @@ -227,8 +228,16 @@ clr = new ClassLoaderRepositorySupport(); instantiator = new MBeanInstantiator(clr); } + + final MBeanInstantiator fInstantiator = instantiator; this.secureClr = new - SecureClassLoaderRepository(instantiator.getClassLoaderRepository()); + SecureClassLoaderRepository(AccessController.doPrivileged(new PrivilegedAction<ClassLoaderRepository>() { + @Override + public ClassLoaderRepository run() { + return fInstantiator.getClassLoaderRepository(); + } + }) + ); if (delegate == null) delegate = new MBeanServerDelegateImpl(); if (outer == null) @@ -1242,8 +1251,14 @@ class loader. The ClassLoaderRepository knows how to handle that case. */ ClassLoader myLoader = outerShell.getClass().getClassLoader(); - final ModifiableClassLoaderRepository loaders = - instantiator.getClassLoaderRepository(); + final ModifiableClassLoaderRepository loaders = AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() { + + @Override + public ModifiableClassLoaderRepository run() { + return instantiator.getClassLoaderRepository(); + } + }); + if (loaders != null) { loaders.addClassLoader(myLoader);
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Thu Mar 21 18:27:25 2013 +0100 +++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Thu Mar 21 09:26:55 2013 +0100 @@ -624,6 +624,7 @@ * Return the Default Loader Repository used by this instantiator object. **/ public ModifiableClassLoaderRepository getClassLoaderRepository() { + checkMBeanPermission((String)null, null, null, "getClassLoaderRepository"); return clr; } @@ -735,9 +736,19 @@ String member, ObjectName objectName, String actions) { + if (clazz != null) { + checkMBeanPermission(clazz.getName(), member, objectName, actions); + } + } + + private static void checkMBeanPermission(String classname, + String member, + ObjectName objectName, + String actions) + throws SecurityException { SecurityManager sm = System.getSecurityManager(); - if (clazz != null && sm != null) { - Permission perm = new MBeanPermission(clazz.getName(), + if (sm != null) { + Permission perm = new MBeanPermission(classname, member, objectName, actions);