Mercurial > hg > release > icedtea7-forest-2.4 > jdk
changeset 7021:e87be44883ad
8021360: object not exported" on start of JMXConnectorServer for RMI-IIOP protocol with security manager
Reviewed-by: alanb, ahgross, smarks, coffeys
author | jbachorik |
---|---|
date | Thu, 08 Aug 2013 19:16:27 +0200 |
parents | 480b85c53071 |
children | 23291ff6e7a7 |
files | src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java |
diffstat | 1 files changed, 42 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java Wed Aug 07 16:51:59 2013 +0400 +++ b/src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java Thu Aug 08 19:16:27 2013 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009,2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,13 +36,34 @@ import java.rmi.NoSuchObjectException; import com.sun.jmx.remote.internal.IIOPProxy; +import java.io.SerializablePermission; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.Permissions; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.security.ProtectionDomain; /** - * An implementatin of IIOPProxy that simply delegates to the appropriate + * An implementation of IIOPProxy that simply delegates to the appropriate * RMI-IIOP and CORBA APIs. */ public class IIOPProxyImpl implements IIOPProxy { + // special ACC used to initialize the IIOP stub + // the only allowed privilege is SerializablePermission("enableSubclassImplementation") + private static final AccessControlContext STUB_ACC; + + static { + Permissions p = new Permissions(); + p.add(new SerializablePermission("enableSubclassImplementation")); + STUB_ACC = new AccessControlContext( + new ProtectionDomain[]{ + new ProtectionDomain(null, p) + } + ); + } + public IIOPProxyImpl() { } @Override @@ -113,7 +134,24 @@ } @Override - public Remote toStub(Remote obj) throws NoSuchObjectException { - return PortableRemoteObject.toStub(obj); + public Remote toStub(final Remote obj) throws NoSuchObjectException { + if (System.getSecurityManager() == null) { + return PortableRemoteObject.toStub(obj); + } else { + try { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Remote>() { + + @Override + public Remote run() throws Exception { + return PortableRemoteObject.toStub(obj); + } + }, STUB_ACC); + } catch (PrivilegedActionException e) { + if (e.getException() instanceof NoSuchObjectException) { + throw (NoSuchObjectException)e.getException(); + } + throw new RuntimeException("Unexpected exception type", e.getException()); + } + } } }