Mercurial > hg > release > icedtea7-forest-2.4 > jdk
changeset 7279:4e3fb3d5d4bf
8029286: Enhance subject delegation
Reviewed-by: dfuchs, ahgross
author | jbachorik |
---|---|
date | Mon, 23 Dec 2013 14:29:27 +0100 |
parents | 0c16ba816e4f |
children | 42e68c7fbe98 |
files | src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java |
diffstat | 1 files changed, 13 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java Mon Jan 13 16:14:55 2014 -0800 +++ b/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java Mon Dec 23 14:29:27 2013 +0100 @@ -35,6 +35,8 @@ import javax.management.remote.SubjectDelegationPermission; import com.sun.jmx.remote.util.CacheMap; +import java.util.ArrayList; +import java.util.Collection; public class SubjectDelegator { private static final int PRINCIPALS_CACHE_SIZE = 10; @@ -53,11 +55,14 @@ boolean removeCallerContext) throws SecurityException { + if (System.getSecurityManager() != null && authenticatedACC == null) { + throw new SecurityException("Illegal AccessControlContext: null"); + } if (principalsCache == null || accCache == null) { principalsCache = - new CacheMap<Subject, Principal[]>(PRINCIPALS_CACHE_SIZE); + new CacheMap<>(PRINCIPALS_CACHE_SIZE); accCache = - new CacheMap<Subject, AccessControlContext>(ACC_CACHE_SIZE); + new CacheMap<>(ACC_CACHE_SIZE); } // Retrieve the principals for the given @@ -101,14 +106,15 @@ // principal in the delegated subject // final Principal[] dp = delegatedPrincipals; + final Collection<Permission> permissions = new ArrayList<>(dp.length); + for(Principal p : dp) { + final String pname = p.getClass().getName() + "." + p.getName(); + permissions.add(new SubjectDelegationPermission(pname)); + } PrivilegedAction<Void> action = new PrivilegedAction<Void>() { public Void run() { - for (int i = 0 ; i < dp.length ; i++) { - final String pname = - dp[i].getClass().getName() + "." + dp[i].getName(); - Permission sdp = - new SubjectDelegationPermission(pname); + for (Permission sdp : permissions) { AccessController.checkPermission(sdp); } return null;