Mercurial > hg > release > icedtea7-forest-2.4 > jdk

changeset 7021:e87be44883ad

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8021360: object not exported" on start of JMXConnectorServer for RMI-IIOP protocol with security manager Reviewed-by: alanb, ahgross, smarks, coffeys
author jbachorik
date Thu, 08 Aug 2013 19:16:27 +0200
parents 480b85c53071
children 23291ff6e7a7
files src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java
diffstat 1 files changed, 42 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java	Wed Aug 07 16:51:59 2013 +0400
+++ b/src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java	Thu Aug 08 19:16:27 2013 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009,2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,13 +36,34 @@
 import java.rmi.NoSuchObjectException;
 
 import com.sun.jmx.remote.internal.IIOPProxy;
+import java.io.SerializablePermission;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
 
 /**
- * An implementatin of IIOPProxy that simply delegates to the appropriate
+ * An implementation of IIOPProxy that simply delegates to the appropriate
  * RMI-IIOP and CORBA APIs.
  */
 
 public class IIOPProxyImpl implements IIOPProxy {
+    // special ACC used to initialize the IIOP stub
+    // the only allowed privilege is SerializablePermission("enableSubclassImplementation")
+    private static final AccessControlContext STUB_ACC;
+
+    static {
+        Permissions p = new Permissions();
+        p.add(new SerializablePermission("enableSubclassImplementation"));
+        STUB_ACC = new AccessControlContext(
+            new ProtectionDomain[]{
+                new ProtectionDomain(null, p)
+            }
+        );
+    }
+
     public IIOPProxyImpl() { }
 
     @Override
@@ -113,7 +134,24 @@
     }
 
     @Override
-    public Remote toStub(Remote obj) throws NoSuchObjectException {
-        return PortableRemoteObject.toStub(obj);
+    public Remote toStub(final Remote obj) throws NoSuchObjectException {
+        if (System.getSecurityManager() == null) {
+            return PortableRemoteObject.toStub(obj);
+        } else {
+            try {
+                return AccessController.doPrivileged(new PrivilegedExceptionAction<Remote>() {
+
+                    @Override
+                    public Remote run() throws Exception {
+                        return PortableRemoteObject.toStub(obj);
+                    }
+                }, STUB_ACC);
+            } catch (PrivilegedActionException e) {
+                if (e.getException() instanceof NoSuchObjectException) {
+                    throw (NoSuchObjectException)e.getException();
+                }
+                throw new RuntimeException("Unexpected exception type", e.getException());
+            }
+        }
     }
 }