Mercurial > hg > release > icedtea7-forest-2.2 > jdk
changeset 5334:7b4e51f9df72
8008128: Better API coherence for JMX
Summary: Permission for getting classloader
Reviewed-by: alanb, dfuchs, skoivu
Contributed-by: jean-francois.denise@oracle.com
author | andrew |
---|---|
date | Tue, 11 Jun 2013 13:13:12 +0100 |
parents | 2716c1f17b45 |
children | a6d69dc94bbf |
files | src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java |
diffstat | 2 files changed, 41 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java Thu Mar 28 23:39:28 2013 +0400 +++ b/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java Tue Jun 11 13:13:12 2013 +0100 @@ -27,12 +27,14 @@ import static com.sun.jmx.defaults.JmxProperties.MBEANSERVER_LOGGER; +import java.security.Permission; import java.util.ArrayList; import java.util.Arrays; import java.util.Hashtable; import java.util.List; import java.util.Map; import java.util.logging.Level; +import javax.management.MBeanPermission; import javax.management.ObjectName; import javax.management.loading.PrivateClassLoader; @@ -300,7 +302,19 @@ } public final ClassLoader getClassLoader(ObjectName name) { - return loadersWithNames.get(name); + ClassLoader instance = loadersWithNames.get(name); + if (instance != null) { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + Permission perm = + new MBeanPermission(instance.getClass().getName(), + null, + name, + "getClassLoader"); + sm.checkPermission(perm); + } + } + return instance; } }
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Thu Mar 28 23:39:28 2013 +0400 +++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Tue Jun 11 13:13:12 2013 +0100 @@ -32,7 +32,12 @@ import java.io.ObjectInputStream; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; +import java.security.AccessControlContext; +import java.security.AccessController; import java.security.Permission; +import java.security.Permissions; +import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.Map; import java.util.logging.Level; @@ -126,9 +131,8 @@ // Retrieve the class loader from the repository ClassLoader loader = null; - synchronized(this) { - if (clr!=null) - loader = clr.getClassLoader(aLoader); + synchronized (this) { + loader = getClassLoader(aLoader); } if (loader == null) { throw new InstanceNotFoundException("The loader named " + @@ -428,8 +432,7 @@ try { ClassLoader instance = null; - if (clr!=null) - instance = clr.getClassLoader(loaderName); + instance = getClassLoader(loaderName); if (instance == null) throw new ClassNotFoundException(className); theClass = Class.forName(className, false, instance); @@ -741,4 +744,22 @@ sm.checkPermission(perm); } } + + private ClassLoader getClassLoader(final ObjectName name) { + if(clr == null){ + return null; + } + // Restrict to getClassLoader permission only + Permissions permissions = new Permissions(); + permissions.add(new MBeanPermission("*", null, name, "getClassLoader")); + ProtectionDomain protectionDomain = new ProtectionDomain(null, permissions); + ProtectionDomain[] domains = {protectionDomain}; + AccessControlContext ctx = new AccessControlContext(domains); + ClassLoader loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { + public ClassLoader run() { + return clr.getClassLoader(name); + } + }, ctx); + return loader; + } }