author | darcy |
Tue, 12 Nov 2013 09:44:39 -0800 | |
changeset 21655 | 55f32ae4f920 |
parent 19211 | 32a04c562026 |
child 23333 | b0af2c7c8c91 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
19211 | 2 |
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.rmi.server; |
|
27 |
||
28 |
import java.io.File; |
|
29 |
import java.io.FilePermission; |
|
30 |
import java.io.IOException; |
|
31 |
import java.lang.ref.ReferenceQueue; |
|
32 |
import java.lang.ref.SoftReference; |
|
33 |
import java.lang.ref.WeakReference; |
|
34 |
import java.lang.reflect.Modifier; |
|
35 |
import java.lang.reflect.Proxy; |
|
36 |
import java.net.JarURLConnection; |
|
37 |
import java.net.MalformedURLException; |
|
38 |
import java.net.SocketPermission; |
|
39 |
import java.net.URL; |
|
40 |
import java.net.URLClassLoader; |
|
41 |
import java.net.URLConnection; |
|
42 |
import java.security.AccessControlContext; |
|
43 |
import java.security.CodeSource; |
|
44 |
import java.security.Permission; |
|
45 |
import java.security.Permissions; |
|
46 |
import java.security.PermissionCollection; |
|
47 |
import java.security.Policy; |
|
48 |
import java.security.ProtectionDomain; |
|
49 |
import java.rmi.server.LogStream; |
|
50 |
import java.util.Arrays; |
|
51 |
import java.util.Collections; |
|
52 |
import java.util.Enumeration; |
|
53 |
import java.util.HashMap; |
|
54 |
import java.util.IdentityHashMap; |
|
55 |
import java.util.Map; |
|
56 |
import java.util.StringTokenizer; |
|
57 |
import java.util.WeakHashMap; |
|
18196 | 58 |
import sun.reflect.misc.ReflectUtil; |
2 | 59 |
import sun.rmi.runtime.Log; |
60 |
import sun.security.action.GetPropertyAction; |
|
61 |
||
62 |
/** |
|
63 |
* <code>LoaderHandler</code> provides the implementation of the static |
|
64 |
* methods of the <code>java.rmi.server.RMIClassLoader</code> class. |
|
65 |
* |
|
66 |
* @author Ann Wollrath |
|
67 |
* @author Peter Jones |
|
68 |
* @author Laird Dornin |
|
69 |
*/ |
|
19211 | 70 |
@SuppressWarnings("deprecation") |
2 | 71 |
public final class LoaderHandler { |
72 |
||
73 |
/** RMI class loader log level */ |
|
74 |
static final int logLevel = LogStream.parseLevel( |
|
51 | 75 |
java.security.AccessController.doPrivileged( |
2 | 76 |
new GetPropertyAction("sun.rmi.loader.logLevel"))); |
77 |
||
78 |
/* loader system log */ |
|
79 |
static final Log loaderLog = |
|
80 |
Log.getLog("sun.rmi.loader", "loader", LoaderHandler.logLevel); |
|
81 |
||
82 |
/** |
|
83 |
* value of "java.rmi.server.codebase" property, as cached at class |
|
84 |
* initialization time. It may contain malformed URLs. |
|
85 |
*/ |
|
86 |
private static String codebaseProperty = null; |
|
87 |
static { |
|
51 | 88 |
String prop = java.security.AccessController.doPrivileged( |
2 | 89 |
new GetPropertyAction("java.rmi.server.codebase")); |
90 |
if (prop != null && prop.trim().length() > 0) { |
|
91 |
codebaseProperty = prop; |
|
92 |
} |
|
93 |
} |
|
94 |
||
95 |
/** list of URLs represented by the codebase property, if valid */ |
|
96 |
private static URL[] codebaseURLs = null; |
|
97 |
||
98 |
/** table of class loaders that use codebase property for annotation */ |
|
51 | 99 |
private static final Map<ClassLoader, Void> codebaseLoaders = |
100 |
Collections.synchronizedMap(new IdentityHashMap<ClassLoader, Void>(5)); |
|
2 | 101 |
static { |
102 |
for (ClassLoader codebaseLoader = ClassLoader.getSystemClassLoader(); |
|
103 |
codebaseLoader != null; |
|
104 |
codebaseLoader = codebaseLoader.getParent()) |
|
105 |
{ |
|
106 |
codebaseLoaders.put(codebaseLoader, null); |
|
107 |
} |
|
108 |
} |
|
109 |
||
110 |
/** |
|
111 |
* table mapping codebase URL path and context class loader pairs |
|
112 |
* to class loader instances. Entries hold class loaders with weak |
|
113 |
* references, so this table does not prevent loaders from being |
|
114 |
* garbage collected. |
|
115 |
*/ |
|
51 | 116 |
private static final HashMap<LoaderKey, LoaderEntry> loaderTable |
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
117 |
= new HashMap<>(5); |
2 | 118 |
|
119 |
/** reference queue for cleared class loader entries */ |
|
51 | 120 |
private static final ReferenceQueue<Loader> refQueue |
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
121 |
= new ReferenceQueue<>(); |
2 | 122 |
|
123 |
/* |
|
124 |
* Disallow anyone from creating one of these. |
|
125 |
*/ |
|
126 |
private LoaderHandler() {} |
|
127 |
||
128 |
/** |
|
129 |
* Returns an array of URLs initialized with the value of the |
|
130 |
* java.rmi.server.codebase property as the URL path. |
|
131 |
*/ |
|
132 |
private static synchronized URL[] getDefaultCodebaseURLs() |
|
133 |
throws MalformedURLException |
|
134 |
{ |
|
135 |
/* |
|
136 |
* If it hasn't already been done, convert the codebase property |
|
137 |
* into an array of URLs; this may throw a MalformedURLException. |
|
138 |
*/ |
|
139 |
if (codebaseURLs == null) { |
|
140 |
if (codebaseProperty != null) { |
|
141 |
codebaseURLs = pathToURLs(codebaseProperty); |
|
142 |
} else { |
|
143 |
codebaseURLs = new URL[0]; |
|
144 |
} |
|
145 |
} |
|
146 |
return codebaseURLs; |
|
147 |
} |
|
148 |
||
149 |
/** |
|
150 |
* Load a class from a network location (one or more URLs), |
|
151 |
* but first try to resolve the named class through the given |
|
152 |
* "default loader". |
|
153 |
*/ |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
154 |
public static Class<?> loadClass(String codebase, String name, |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
155 |
ClassLoader defaultLoader) |
2 | 156 |
throws MalformedURLException, ClassNotFoundException |
157 |
{ |
|
158 |
if (loaderLog.isLoggable(Log.BRIEF)) { |
|
159 |
loaderLog.log(Log.BRIEF, |
|
160 |
"name = \"" + name + "\", " + |
|
161 |
"codebase = \"" + (codebase != null ? codebase : "") + "\"" + |
|
162 |
(defaultLoader != null ? |
|
163 |
", defaultLoader = " + defaultLoader : "")); |
|
164 |
} |
|
165 |
||
166 |
URL[] urls; |
|
167 |
if (codebase != null) { |
|
168 |
urls = pathToURLs(codebase); |
|
169 |
} else { |
|
170 |
urls = getDefaultCodebaseURLs(); |
|
171 |
} |
|
172 |
||
173 |
if (defaultLoader != null) { |
|
174 |
try { |
|
18196 | 175 |
Class<?> c = loadClassForName(name, false, defaultLoader); |
2 | 176 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
177 |
loaderLog.log(Log.VERBOSE, |
|
178 |
"class \"" + name + "\" found via defaultLoader, " + |
|
179 |
"defined by " + c.getClassLoader()); |
|
180 |
} |
|
181 |
return c; |
|
182 |
} catch (ClassNotFoundException e) { |
|
183 |
} |
|
184 |
} |
|
185 |
||
186 |
return loadClass(urls, name); |
|
187 |
} |
|
188 |
||
189 |
/** |
|
190 |
* Returns the class annotation (representing the location for |
|
191 |
* a class) that RMI will use to annotate the call stream when |
|
192 |
* marshalling objects of the given class. |
|
193 |
*/ |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
194 |
public static String getClassAnnotation(Class<?> cl) { |
2 | 195 |
String name = cl.getName(); |
196 |
||
197 |
/* |
|
198 |
* Class objects for arrays of primitive types never need an |
|
199 |
* annotation, because they never need to be (or can be) downloaded. |
|
200 |
* |
|
201 |
* REMIND: should we (not) be annotating classes that are in |
|
202 |
* "java.*" packages? |
|
203 |
*/ |
|
204 |
int nameLength = name.length(); |
|
205 |
if (nameLength > 0 && name.charAt(0) == '[') { |
|
206 |
// skip past all '[' characters (see bugid 4211906) |
|
207 |
int i = 1; |
|
208 |
while (nameLength > i && name.charAt(i) == '[') { |
|
209 |
i++; |
|
210 |
} |
|
211 |
if (nameLength > i && name.charAt(i) != 'L') { |
|
212 |
return null; |
|
213 |
} |
|
214 |
} |
|
215 |
||
216 |
/* |
|
217 |
* Get the class's class loader. If it is null, the system class |
|
218 |
* loader, an ancestor of the base class loader (such as the loader |
|
219 |
* for installed extensions), return the value of the |
|
220 |
* "java.rmi.server.codebase" property. |
|
221 |
*/ |
|
222 |
ClassLoader loader = cl.getClassLoader(); |
|
223 |
if (loader == null || codebaseLoaders.containsKey(loader)) { |
|
224 |
return codebaseProperty; |
|
225 |
} |
|
226 |
||
227 |
/* |
|
228 |
* Get the codebase URL path for the class loader, if it supports |
|
229 |
* such a notion (i.e., if it is a URLClassLoader or subclass). |
|
230 |
*/ |
|
231 |
String annotation = null; |
|
232 |
if (loader instanceof Loader) { |
|
233 |
/* |
|
234 |
* If the class loader is one of our RMI class loaders, we have |
|
235 |
* already computed the class annotation string, and no |
|
236 |
* permissions are required to know the URLs. |
|
237 |
*/ |
|
238 |
annotation = ((Loader) loader).getClassAnnotation(); |
|
239 |
||
240 |
} else if (loader instanceof URLClassLoader) { |
|
241 |
try { |
|
242 |
URL[] urls = ((URLClassLoader) loader).getURLs(); |
|
243 |
if (urls != null) { |
|
244 |
/* |
|
245 |
* If the class loader is not one of our RMI class loaders, |
|
246 |
* we must verify that the current access control context |
|
247 |
* has permission to know all of these URLs. |
|
248 |
*/ |
|
249 |
SecurityManager sm = System.getSecurityManager(); |
|
250 |
if (sm != null) { |
|
251 |
Permissions perms = new Permissions(); |
|
252 |
for (int i = 0; i < urls.length; i++) { |
|
253 |
Permission p = |
|
254 |
urls[i].openConnection().getPermission(); |
|
255 |
if (p != null) { |
|
256 |
if (!perms.implies(p)) { |
|
257 |
sm.checkPermission(p); |
|
258 |
perms.add(p); |
|
259 |
} |
|
260 |
} |
|
261 |
} |
|
262 |
} |
|
263 |
||
264 |
annotation = urlsToPath(urls); |
|
265 |
} |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
266 |
} catch (SecurityException | IOException e) { |
2 | 267 |
/* |
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
268 |
* SecurityException: If access was denied to the knowledge of |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
269 |
* the class loader's URLs, fall back to the default behavior. |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
270 |
* |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
271 |
* IOException: This shouldn't happen, although it is declared |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
272 |
* to be thrown by openConnection() and getPermission(). If it |
2 | 273 |
* does happen, forget about this class loader's URLs and |
274 |
* fall back to the default behavior. |
|
275 |
*/ |
|
276 |
} |
|
277 |
} |
|
278 |
||
279 |
if (annotation != null) { |
|
280 |
return annotation; |
|
281 |
} else { |
|
282 |
return codebaseProperty; // REMIND: does this make sense?? |
|
283 |
} |
|
284 |
} |
|
285 |
||
286 |
/** |
|
287 |
* Returns a classloader that loads classes from the given codebase URL |
|
288 |
* path. The parent classloader of the returned classloader is the |
|
289 |
* context class loader. |
|
290 |
*/ |
|
291 |
public static ClassLoader getClassLoader(String codebase) |
|
292 |
throws MalformedURLException |
|
293 |
{ |
|
294 |
ClassLoader parent = getRMIContextClassLoader(); |
|
295 |
||
296 |
URL[] urls; |
|
297 |
if (codebase != null) { |
|
298 |
urls = pathToURLs(codebase); |
|
299 |
} else { |
|
300 |
urls = getDefaultCodebaseURLs(); |
|
301 |
} |
|
302 |
||
303 |
/* |
|
304 |
* If there is a security manager, the current access control |
|
305 |
* context must have the "getClassLoader" RuntimePermission. |
|
306 |
*/ |
|
307 |
SecurityManager sm = System.getSecurityManager(); |
|
308 |
if (sm != null) { |
|
309 |
sm.checkPermission(new RuntimePermission("getClassLoader")); |
|
310 |
} else { |
|
311 |
/* |
|
312 |
* But if no security manager is set, disable access to |
|
313 |
* RMI class loaders and simply return the parent loader. |
|
314 |
*/ |
|
315 |
return parent; |
|
316 |
} |
|
317 |
||
318 |
Loader loader = lookupLoader(urls, parent); |
|
319 |
||
320 |
/* |
|
321 |
* Verify that the caller has permission to access this loader. |
|
322 |
*/ |
|
323 |
if (loader != null) { |
|
324 |
loader.checkPermissions(); |
|
325 |
} |
|
326 |
||
327 |
return loader; |
|
328 |
} |
|
329 |
||
330 |
/** |
|
331 |
* Return the security context of the given class loader. |
|
332 |
*/ |
|
333 |
public static Object getSecurityContext(ClassLoader loader) { |
|
334 |
/* |
|
335 |
* REMIND: This is a bogus JDK1.1-compatible implementation. |
|
336 |
* This method should never be called by application code anyway |
|
337 |
* (hence the deprecation), but should it do something different |
|
338 |
* and perhaps more useful, like return a String or a URL[]? |
|
339 |
*/ |
|
340 |
if (loader instanceof Loader) { |
|
341 |
URL[] urls = ((Loader) loader).getURLs(); |
|
342 |
if (urls.length > 0) { |
|
343 |
return urls[0]; |
|
344 |
} |
|
345 |
} |
|
346 |
return null; |
|
347 |
} |
|
348 |
||
349 |
/** |
|
350 |
* Register a class loader as one whose classes should always be |
|
351 |
* annotated with the value of the "java.rmi.server.codebase" property. |
|
352 |
*/ |
|
353 |
public static void registerCodebaseLoader(ClassLoader loader) { |
|
354 |
codebaseLoaders.put(loader, null); |
|
355 |
} |
|
356 |
||
357 |
/** |
|
358 |
* Load a class from the RMI class loader corresponding to the given |
|
359 |
* codebase URL path in the current execution context. |
|
360 |
*/ |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
361 |
private static Class<?> loadClass(URL[] urls, String name) |
2 | 362 |
throws ClassNotFoundException |
363 |
{ |
|
364 |
ClassLoader parent = getRMIContextClassLoader(); |
|
365 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
|
366 |
loaderLog.log(Log.VERBOSE, |
|
367 |
"(thread context class loader: " + parent + ")"); |
|
368 |
} |
|
369 |
||
370 |
/* |
|
371 |
* If no security manager is set, disable access to RMI class |
|
372 |
* loaders and simply delegate request to the parent loader |
|
373 |
* (see bugid 4140511). |
|
374 |
*/ |
|
375 |
SecurityManager sm = System.getSecurityManager(); |
|
376 |
if (sm == null) { |
|
377 |
try { |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
378 |
Class<?> c = Class.forName(name, false, parent); |
2 | 379 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
380 |
loaderLog.log(Log.VERBOSE, |
|
381 |
"class \"" + name + "\" found via " + |
|
382 |
"thread context class loader " + |
|
383 |
"(no security manager: codebase disabled), " + |
|
384 |
"defined by " + c.getClassLoader()); |
|
385 |
} |
|
386 |
return c; |
|
387 |
} catch (ClassNotFoundException e) { |
|
388 |
if (loaderLog.isLoggable(Log.BRIEF)) { |
|
389 |
loaderLog.log(Log.BRIEF, |
|
390 |
"class \"" + name + "\" not found via " + |
|
391 |
"thread context class loader " + |
|
392 |
"(no security manager: codebase disabled)", e); |
|
393 |
} |
|
394 |
throw new ClassNotFoundException(e.getMessage() + |
|
395 |
" (no security manager: RMI class loader disabled)", |
|
396 |
e.getException()); |
|
397 |
} |
|
398 |
} |
|
399 |
||
400 |
/* |
|
401 |
* Get or create the RMI class loader for this codebase URL path |
|
402 |
* and parent class loader pair. |
|
403 |
*/ |
|
404 |
Loader loader = lookupLoader(urls, parent); |
|
405 |
||
406 |
try { |
|
407 |
if (loader != null) { |
|
408 |
/* |
|
409 |
* Verify that the caller has permission to access this loader. |
|
410 |
*/ |
|
411 |
loader.checkPermissions(); |
|
412 |
} |
|
413 |
} catch (SecurityException e) { |
|
414 |
/* |
|
415 |
* If the current access control context does not have permission |
|
416 |
* to access all of the URLs in the codebase path, wrap the |
|
417 |
* resulting security exception in a ClassNotFoundException, so |
|
418 |
* the caller can handle this outcome just like any other class |
|
419 |
* loading failure (see bugid 4146529). |
|
420 |
*/ |
|
421 |
try { |
|
422 |
/* |
|
423 |
* But first, check to see if the named class could have been |
|
424 |
* resolved without the security-offending codebase anyway; |
|
425 |
* if so, return successfully (see bugids 4191926 & 4349670). |
|
426 |
*/ |
|
18196 | 427 |
Class<?> c = loadClassForName(name, false, parent); |
2 | 428 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
429 |
loaderLog.log(Log.VERBOSE, |
|
430 |
"class \"" + name + "\" found via " + |
|
431 |
"thread context class loader " + |
|
432 |
"(access to codebase denied), " + |
|
433 |
"defined by " + c.getClassLoader()); |
|
434 |
} |
|
435 |
return c; |
|
436 |
} catch (ClassNotFoundException unimportant) { |
|
437 |
/* |
|
438 |
* Presumably the security exception is the more important |
|
439 |
* exception to report in this case. |
|
440 |
*/ |
|
441 |
if (loaderLog.isLoggable(Log.BRIEF)) { |
|
442 |
loaderLog.log(Log.BRIEF, |
|
443 |
"class \"" + name + "\" not found via " + |
|
444 |
"thread context class loader " + |
|
445 |
"(access to codebase denied)", e); |
|
446 |
} |
|
447 |
throw new ClassNotFoundException( |
|
448 |
"access to class loader denied", e); |
|
449 |
} |
|
450 |
} |
|
451 |
||
452 |
try { |
|
18196 | 453 |
Class<?> c = loadClassForName(name, false, loader); |
2 | 454 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
455 |
loaderLog.log(Log.VERBOSE, |
|
456 |
"class \"" + name + "\" " + "found via codebase, " + |
|
457 |
"defined by " + c.getClassLoader()); |
|
458 |
} |
|
459 |
return c; |
|
460 |
} catch (ClassNotFoundException e) { |
|
461 |
if (loaderLog.isLoggable(Log.BRIEF)) { |
|
462 |
loaderLog.log(Log.BRIEF, |
|
463 |
"class \"" + name + "\" not found via codebase", e); |
|
464 |
} |
|
465 |
throw e; |
|
466 |
} |
|
467 |
} |
|
468 |
||
469 |
/** |
|
470 |
* Define and return a dynamic proxy class in a class loader with |
|
471 |
* URLs supplied in the given location. The proxy class will |
|
472 |
* implement interface classes named by the given array of |
|
473 |
* interface names. |
|
474 |
*/ |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
475 |
public static Class<?> loadProxyClass(String codebase, String[] interfaces, |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
476 |
ClassLoader defaultLoader) |
2 | 477 |
throws MalformedURLException, ClassNotFoundException |
478 |
{ |
|
479 |
if (loaderLog.isLoggable(Log.BRIEF)) { |
|
480 |
loaderLog.log(Log.BRIEF, |
|
481 |
"interfaces = " + Arrays.asList(interfaces) + ", " + |
|
482 |
"codebase = \"" + (codebase != null ? codebase : "") + "\"" + |
|
483 |
(defaultLoader != null ? |
|
484 |
", defaultLoader = " + defaultLoader : "")); |
|
485 |
} |
|
486 |
||
487 |
/* |
|
488 |
* This method uses a fairly complex algorithm to load the |
|
489 |
* proxy class and its interface classes in order to maximize |
|
490 |
* the likelihood that the proxy's codebase annotation will be |
|
491 |
* preserved. The algorithm is (assuming that all of the |
|
492 |
* proxy interface classes are public): |
|
493 |
* |
|
494 |
* If the default loader is not null, try to load the proxy |
|
495 |
* interfaces through that loader. If the interfaces can be |
|
496 |
* loaded in that loader, try to define the proxy class in an |
|
497 |
* RMI class loader (child of the context class loader) before |
|
498 |
* trying to define the proxy in the default loader. If the |
|
499 |
* attempt to define the proxy class succeeds, the codebase |
|
500 |
* annotation is preserved. If the attempt fails, try to |
|
501 |
* define the proxy class in the default loader. |
|
502 |
* |
|
503 |
* If the interface classes can not be loaded from the default |
|
504 |
* loader or the default loader is null, try to load them from |
|
505 |
* the RMI class loader. Then try to define the proxy class |
|
506 |
* in the RMI class loader. |
|
507 |
* |
|
508 |
* Additionally, if any of the proxy interface classes are not |
|
509 |
* public, all of the non-public interfaces must reside in the |
|
510 |
* same class loader or it will be impossible to define the |
|
511 |
* proxy class (an IllegalAccessError will be thrown). An |
|
512 |
* attempt to load the interfaces from the default loader is |
|
513 |
* made. If the attempt fails, a second attempt will be made |
|
514 |
* to load the interfaces from the RMI loader. If all of the |
|
515 |
* non-public interfaces classes do reside in the same class |
|
516 |
* loader, then we attempt to define the proxy class in the |
|
517 |
* class loader of the non-public interfaces. No other |
|
518 |
* attempt to define the proxy class will be made. |
|
519 |
*/ |
|
520 |
ClassLoader parent = getRMIContextClassLoader(); |
|
521 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
|
522 |
loaderLog.log(Log.VERBOSE, |
|
523 |
"(thread context class loader: " + parent + ")"); |
|
524 |
} |
|
525 |
||
526 |
URL[] urls; |
|
527 |
if (codebase != null) { |
|
528 |
urls = pathToURLs(codebase); |
|
529 |
} else { |
|
530 |
urls = getDefaultCodebaseURLs(); |
|
531 |
} |
|
532 |
||
533 |
/* |
|
534 |
* If no security manager is set, disable access to RMI class |
|
535 |
* loaders and use the would-de parent instead. |
|
536 |
*/ |
|
537 |
SecurityManager sm = System.getSecurityManager(); |
|
538 |
if (sm == null) { |
|
539 |
try { |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
540 |
Class<?> c = loadProxyClass(interfaces, defaultLoader, parent, |
2 | 541 |
false); |
542 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
|
543 |
loaderLog.log(Log.VERBOSE, |
|
544 |
"(no security manager: codebase disabled) " + |
|
545 |
"proxy class defined by " + c.getClassLoader()); |
|
546 |
} |
|
547 |
return c; |
|
548 |
} catch (ClassNotFoundException e) { |
|
549 |
if (loaderLog.isLoggable(Log.BRIEF)) { |
|
550 |
loaderLog.log(Log.BRIEF, |
|
551 |
"(no security manager: codebase disabled) " + |
|
552 |
"proxy class resolution failed", e); |
|
553 |
} |
|
554 |
throw new ClassNotFoundException(e.getMessage() + |
|
555 |
" (no security manager: RMI class loader disabled)", |
|
556 |
e.getException()); |
|
557 |
} |
|
558 |
} |
|
559 |
||
560 |
/* |
|
561 |
* Get or create the RMI class loader for this codebase URL path |
|
562 |
* and parent class loader pair. |
|
563 |
*/ |
|
564 |
Loader loader = lookupLoader(urls, parent); |
|
565 |
||
566 |
try { |
|
567 |
if (loader != null) { |
|
568 |
/* |
|
569 |
* Verify that the caller has permission to access this loader. |
|
570 |
*/ |
|
571 |
loader.checkPermissions(); |
|
572 |
} |
|
573 |
} catch (SecurityException e) { |
|
574 |
/* |
|
575 |
* If the current access control context does not have permission |
|
576 |
* to access all of the URLs in the codebase path, wrap the |
|
577 |
* resulting security exception in a ClassNotFoundException, so |
|
578 |
* the caller can handle this outcome just like any other class |
|
579 |
* loading failure (see bugid 4146529). |
|
580 |
*/ |
|
581 |
try { |
|
582 |
/* |
|
583 |
* But first, check to see if the proxy class could have been |
|
584 |
* resolved without the security-offending codebase anyway; |
|
585 |
* if so, return successfully (see bugids 4191926 & 4349670). |
|
586 |
*/ |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
587 |
Class<?> c = loadProxyClass(interfaces, defaultLoader, parent, |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
588 |
false); |
2 | 589 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
590 |
loaderLog.log(Log.VERBOSE, |
|
591 |
"(access to codebase denied) " + |
|
592 |
"proxy class defined by " + c.getClassLoader()); |
|
593 |
} |
|
594 |
return c; |
|
595 |
} catch (ClassNotFoundException unimportant) { |
|
596 |
/* |
|
597 |
* Presumably the security exception is the more important |
|
598 |
* exception to report in this case. |
|
599 |
*/ |
|
600 |
if (loaderLog.isLoggable(Log.BRIEF)) { |
|
601 |
loaderLog.log(Log.BRIEF, |
|
602 |
"(access to codebase denied) " + |
|
603 |
"proxy class resolution failed", e); |
|
604 |
} |
|
605 |
throw new ClassNotFoundException( |
|
606 |
"access to class loader denied", e); |
|
607 |
} |
|
608 |
} |
|
609 |
||
610 |
try { |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
611 |
Class<?> c = loadProxyClass(interfaces, defaultLoader, loader, true); |
2 | 612 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
613 |
loaderLog.log(Log.VERBOSE, |
|
614 |
"proxy class defined by " + c.getClassLoader()); |
|
615 |
} |
|
616 |
return c; |
|
617 |
} catch (ClassNotFoundException e) { |
|
618 |
if (loaderLog.isLoggable(Log.BRIEF)) { |
|
619 |
loaderLog.log(Log.BRIEF, |
|
620 |
"proxy class resolution failed", e); |
|
621 |
} |
|
622 |
throw e; |
|
623 |
} |
|
624 |
} |
|
625 |
||
626 |
/** |
|
627 |
* Define a proxy class in the default loader if appropriate. |
|
628 |
* Define the class in an RMI class loader otherwise. The proxy |
|
629 |
* class will implement classes which are named in the supplied |
|
630 |
* interfaceNames. |
|
631 |
*/ |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
632 |
private static Class<?> loadProxyClass(String[] interfaceNames, |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
633 |
ClassLoader defaultLoader, |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
634 |
ClassLoader codebaseLoader, |
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
635 |
boolean preferCodebase) |
2 | 636 |
throws ClassNotFoundException |
637 |
{ |
|
638 |
ClassLoader proxyLoader = null; |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
639 |
Class<?>[] classObjs = new Class<?>[interfaceNames.length]; |
2 | 640 |
boolean[] nonpublic = { false }; |
641 |
||
642 |
defaultLoaderCase: |
|
643 |
if (defaultLoader != null) { |
|
644 |
try { |
|
645 |
proxyLoader = |
|
646 |
loadProxyInterfaces(interfaceNames, defaultLoader, |
|
647 |
classObjs, nonpublic); |
|
648 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
|
649 |
ClassLoader[] definingLoaders = |
|
650 |
new ClassLoader[classObjs.length]; |
|
651 |
for (int i = 0; i < definingLoaders.length; i++) { |
|
652 |
definingLoaders[i] = classObjs[i].getClassLoader(); |
|
653 |
} |
|
654 |
loaderLog.log(Log.VERBOSE, |
|
655 |
"proxy interfaces found via defaultLoader, " + |
|
656 |
"defined by " + Arrays.asList(definingLoaders)); |
|
657 |
} |
|
658 |
} catch (ClassNotFoundException e) { |
|
659 |
break defaultLoaderCase; |
|
660 |
} |
|
661 |
if (!nonpublic[0]) { |
|
662 |
if (preferCodebase) { |
|
663 |
try { |
|
664 |
return Proxy.getProxyClass(codebaseLoader, classObjs); |
|
665 |
} catch (IllegalArgumentException e) { |
|
666 |
} |
|
667 |
} |
|
668 |
proxyLoader = defaultLoader; |
|
669 |
} |
|
670 |
return loadProxyClass(proxyLoader, classObjs); |
|
671 |
} |
|
672 |
||
673 |
nonpublic[0] = false; |
|
674 |
proxyLoader = loadProxyInterfaces(interfaceNames, codebaseLoader, |
|
675 |
classObjs, nonpublic); |
|
676 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
|
677 |
ClassLoader[] definingLoaders = new ClassLoader[classObjs.length]; |
|
678 |
for (int i = 0; i < definingLoaders.length; i++) { |
|
679 |
definingLoaders[i] = classObjs[i].getClassLoader(); |
|
680 |
} |
|
681 |
loaderLog.log(Log.VERBOSE, |
|
682 |
"proxy interfaces found via codebase, " + |
|
683 |
"defined by " + Arrays.asList(definingLoaders)); |
|
684 |
} |
|
685 |
if (!nonpublic[0]) { |
|
686 |
proxyLoader = codebaseLoader; |
|
687 |
} |
|
688 |
return loadProxyClass(proxyLoader, classObjs); |
|
689 |
} |
|
690 |
||
691 |
/** |
|
692 |
* Define a proxy class in the given class loader. The proxy |
|
693 |
* class will implement the given interfaces Classes. |
|
694 |
*/ |
|
21655
55f32ae4f920
8028229: Fix more raw types lint warning in core libraries
darcy
parents:
19211
diff
changeset
|
695 |
private static Class<?> loadProxyClass(ClassLoader loader, Class<?>[] interfaces) |
2 | 696 |
throws ClassNotFoundException |
697 |
{ |
|
698 |
try { |
|
699 |
return Proxy.getProxyClass(loader, interfaces); |
|
700 |
} catch (IllegalArgumentException e) { |
|
701 |
throw new ClassNotFoundException( |
|
702 |
"error creating dynamic proxy class", e); |
|
703 |
} |
|
704 |
} |
|
705 |
||
706 |
/* |
|
707 |
* Load Class objects for the names in the interfaces array fron |
|
708 |
* the given class loader. |
|
709 |
* |
|
710 |
* We pass classObjs and nonpublic arrays to avoid needing a |
|
711 |
* multi-element return value. nonpublic is an array to enable |
|
712 |
* the method to take a boolean argument by reference. |
|
713 |
* |
|
714 |
* nonpublic array is needed to signal when the return value of |
|
715 |
* this method should be used as the proxy class loader. Because |
|
716 |
* null represents a valid class loader, that value is |
|
717 |
* insufficient to signal that the return value should not be used |
|
718 |
* as the proxy class loader. |
|
719 |
*/ |
|
720 |
private static ClassLoader loadProxyInterfaces(String[] interfaces, |
|
721 |
ClassLoader loader, |
|
21655
55f32ae4f920
8028229: Fix more raw types lint warning in core libraries
darcy
parents:
19211
diff
changeset
|
722 |
Class<?>[] classObjs, |
2 | 723 |
boolean[] nonpublic) |
724 |
throws ClassNotFoundException |
|
725 |
{ |
|
726 |
/* loader of a non-public interface class */ |
|
727 |
ClassLoader nonpublicLoader = null; |
|
728 |
||
729 |
for (int i = 0; i < interfaces.length; i++) { |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
730 |
Class<?> cl = |
18196 | 731 |
(classObjs[i] = loadClassForName(interfaces[i], false, loader)); |
2 | 732 |
|
733 |
if (!Modifier.isPublic(cl.getModifiers())) { |
|
734 |
ClassLoader current = cl.getClassLoader(); |
|
735 |
if (loaderLog.isLoggable(Log.VERBOSE)) { |
|
736 |
loaderLog.log(Log.VERBOSE, |
|
737 |
"non-public interface \"" + interfaces[i] + |
|
738 |
"\" defined by " + current); |
|
739 |
} |
|
740 |
if (!nonpublic[0]) { |
|
741 |
nonpublicLoader = current; |
|
742 |
nonpublic[0] = true; |
|
743 |
} else if (current != nonpublicLoader) { |
|
744 |
throw new IllegalAccessError( |
|
745 |
"non-public interfaces defined in different " + |
|
746 |
"class loaders"); |
|
747 |
} |
|
748 |
} |
|
749 |
} |
|
750 |
return nonpublicLoader; |
|
751 |
} |
|
752 |
||
753 |
/** |
|
754 |
* Convert a string containing a space-separated list of URLs into a |
|
755 |
* corresponding array of URL objects, throwing a MalformedURLException |
|
756 |
* if any of the URLs are invalid. |
|
757 |
*/ |
|
758 |
private static URL[] pathToURLs(String path) |
|
759 |
throws MalformedURLException |
|
760 |
{ |
|
761 |
synchronized (pathToURLsCache) { |
|
51 | 762 |
Object[] v = pathToURLsCache.get(path); |
2 | 763 |
if (v != null) { |
764 |
return ((URL[])v[0]); |
|
765 |
} |
|
766 |
} |
|
767 |
StringTokenizer st = new StringTokenizer(path); // divide by spaces |
|
768 |
URL[] urls = new URL[st.countTokens()]; |
|
769 |
for (int i = 0; st.hasMoreTokens(); i++) { |
|
770 |
urls[i] = new URL(st.nextToken()); |
|
771 |
} |
|
772 |
synchronized (pathToURLsCache) { |
|
773 |
pathToURLsCache.put(path, |
|
51 | 774 |
new Object[] {urls, new SoftReference<String>(path)}); |
2 | 775 |
} |
776 |
return urls; |
|
777 |
} |
|
778 |
||
779 |
/** map from weak(key=string) to [URL[], soft(key)] */ |
|
51 | 780 |
private static final Map<String, Object[]> pathToURLsCache |
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
781 |
= new WeakHashMap<>(5); |
2 | 782 |
|
783 |
/** |
|
784 |
* Convert an array of URL objects into a corresponding string |
|
785 |
* containing a space-separated list of URLs. |
|
786 |
* |
|
787 |
* Note that if the array has zero elements, the return value is |
|
788 |
* null, not the empty string. |
|
789 |
*/ |
|
790 |
private static String urlsToPath(URL[] urls) { |
|
791 |
if (urls.length == 0) { |
|
792 |
return null; |
|
793 |
} else if (urls.length == 1) { |
|
794 |
return urls[0].toExternalForm(); |
|
795 |
} else { |
|
796 |
StringBuffer path = new StringBuffer(urls[0].toExternalForm()); |
|
797 |
for (int i = 1; i < urls.length; i++) { |
|
798 |
path.append(' '); |
|
799 |
path.append(urls[i].toExternalForm()); |
|
800 |
} |
|
801 |
return path.toString(); |
|
802 |
} |
|
803 |
} |
|
804 |
||
805 |
/** |
|
806 |
* Return the class loader to be used as the parent for an RMI class |
|
807 |
* loader used in the current execution context. |
|
808 |
*/ |
|
809 |
private static ClassLoader getRMIContextClassLoader() { |
|
810 |
/* |
|
811 |
* The current implementation simply uses the current thread's |
|
812 |
* context class loader. |
|
813 |
*/ |
|
814 |
return Thread.currentThread().getContextClassLoader(); |
|
815 |
} |
|
816 |
||
817 |
/** |
|
818 |
* Look up the RMI class loader for the given codebase URL path |
|
819 |
* and the given parent class loader. A new class loader instance |
|
820 |
* will be created and returned if no match is found. |
|
821 |
*/ |
|
822 |
private static Loader lookupLoader(final URL[] urls, |
|
823 |
final ClassLoader parent) |
|
824 |
{ |
|
825 |
/* |
|
826 |
* If the requested codebase URL path is empty, the supplied |
|
827 |
* parent class loader will be sufficient. |
|
828 |
* |
|
829 |
* REMIND: To be conservative, this optimization is commented out |
|
830 |
* for now so that it does not open a security hole in the future |
|
831 |
* by providing untrusted code with direct access to the public |
|
832 |
* loadClass() method of a class loader instance that it cannot |
|
833 |
* get a reference to. (It's an unlikely optimization anyway.) |
|
834 |
* |
|
835 |
* if (urls.length == 0) { |
|
836 |
* return parent; |
|
837 |
* } |
|
838 |
*/ |
|
839 |
||
840 |
LoaderEntry entry; |
|
841 |
Loader loader; |
|
842 |
||
843 |
synchronized (LoaderHandler.class) { |
|
844 |
/* |
|
845 |
* Take this opportunity to remove from the table entries |
|
846 |
* whose weak references have been cleared. |
|
847 |
*/ |
|
848 |
while ((entry = (LoaderEntry) refQueue.poll()) != null) { |
|
849 |
if (!entry.removed) { // ignore entries removed below |
|
850 |
loaderTable.remove(entry.key); |
|
851 |
} |
|
852 |
} |
|
853 |
||
854 |
/* |
|
855 |
* Look up the codebase URL path and parent class loader pair |
|
856 |
* in the table of RMI class loaders. |
|
857 |
*/ |
|
858 |
LoaderKey key = new LoaderKey(urls, parent); |
|
51 | 859 |
entry = loaderTable.get(key); |
2 | 860 |
|
51 | 861 |
if (entry == null || (loader = entry.get()) == null) { |
2 | 862 |
/* |
863 |
* If entry was in table but it's weak reference was cleared, |
|
864 |
* remove it from the table and mark it as explicitly cleared, |
|
865 |
* so that new matching entry that we put in the table will |
|
866 |
* not be erroneously removed when this entry is processed |
|
867 |
* from the weak reference queue. |
|
868 |
*/ |
|
869 |
if (entry != null) { |
|
870 |
loaderTable.remove(key); |
|
871 |
entry.removed = true; |
|
872 |
} |
|
873 |
||
874 |
/* |
|
875 |
* A matching loader was not found, so create a new class |
|
876 |
* loader instance for the requested codebase URL path and |
|
877 |
* parent class loader. The instance is created within an |
|
878 |
* access control context retricted to the permissions |
|
879 |
* necessary to load classes from its codebase URL path. |
|
880 |
*/ |
|
881 |
AccessControlContext acc = getLoaderAccessControlContext(urls); |
|
51 | 882 |
loader = java.security.AccessController.doPrivileged( |
883 |
new java.security.PrivilegedAction<Loader>() { |
|
884 |
public Loader run() { |
|
2 | 885 |
return new Loader(urls, parent); |
886 |
} |
|
887 |
}, acc); |
|
888 |
||
889 |
/* |
|
890 |
* Finally, create an entry to hold the new loader with a |
|
891 |
* weak reference and store it in the table with the key. |
|
892 |
*/ |
|
893 |
entry = new LoaderEntry(key, loader); |
|
894 |
loaderTable.put(key, entry); |
|
895 |
} |
|
896 |
} |
|
897 |
||
898 |
return loader; |
|
899 |
} |
|
900 |
||
901 |
/** |
|
902 |
* LoaderKey holds a codebase URL path and parent class loader pair |
|
903 |
* used to look up RMI class loader instances in its class loader cache. |
|
904 |
*/ |
|
905 |
private static class LoaderKey { |
|
906 |
||
907 |
private URL[] urls; |
|
908 |
||
909 |
private ClassLoader parent; |
|
910 |
||
911 |
private int hashValue; |
|
912 |
||
913 |
public LoaderKey(URL[] urls, ClassLoader parent) { |
|
914 |
this.urls = urls; |
|
915 |
this.parent = parent; |
|
916 |
||
917 |
if (parent != null) { |
|
918 |
hashValue = parent.hashCode(); |
|
919 |
} |
|
920 |
for (int i = 0; i < urls.length; i++) { |
|
921 |
hashValue ^= urls[i].hashCode(); |
|
922 |
} |
|
923 |
} |
|
924 |
||
925 |
public int hashCode() { |
|
926 |
return hashValue; |
|
927 |
} |
|
928 |
||
929 |
public boolean equals(Object obj) { |
|
930 |
if (obj instanceof LoaderKey) { |
|
931 |
LoaderKey other = (LoaderKey) obj; |
|
932 |
if (parent != other.parent) { |
|
933 |
return false; |
|
934 |
} |
|
935 |
if (urls == other.urls) { |
|
936 |
return true; |
|
937 |
} |
|
938 |
if (urls.length != other.urls.length) { |
|
939 |
return false; |
|
940 |
} |
|
941 |
for (int i = 0; i < urls.length; i++) { |
|
942 |
if (!urls[i].equals(other.urls[i])) { |
|
943 |
return false; |
|
944 |
} |
|
945 |
} |
|
946 |
return true; |
|
947 |
} else { |
|
948 |
return false; |
|
949 |
} |
|
950 |
} |
|
951 |
} |
|
952 |
||
953 |
/** |
|
954 |
* LoaderEntry contains a weak reference to an RMIClassLoader. The |
|
955 |
* weak reference is registered with the private static "refQueue" |
|
956 |
* queue. The entry contains the codebase URL path and parent class |
|
957 |
* loader key for the loader so that the mapping can be removed from |
|
958 |
* the table efficiently when the weak reference is cleared. |
|
959 |
*/ |
|
51 | 960 |
private static class LoaderEntry extends WeakReference<Loader> { |
2 | 961 |
|
962 |
public LoaderKey key; |
|
963 |
||
964 |
/** |
|
965 |
* set to true if the entry has been removed from the table |
|
966 |
* because it has been replaced, so it should not be attempted |
|
967 |
* to be removed again |
|
968 |
*/ |
|
969 |
public boolean removed = false; |
|
970 |
||
971 |
public LoaderEntry(LoaderKey key, Loader loader) { |
|
972 |
super(loader, refQueue); |
|
973 |
this.key = key; |
|
974 |
} |
|
975 |
} |
|
976 |
||
977 |
/** |
|
978 |
* Return the access control context that a loader for the given |
|
979 |
* codebase URL path should execute with. |
|
980 |
*/ |
|
981 |
private static AccessControlContext getLoaderAccessControlContext( |
|
982 |
URL[] urls) |
|
983 |
{ |
|
984 |
/* |
|
985 |
* The approach used here is taken from the similar method |
|
986 |
* getAccessControlContext() in the sun.applet.AppletPanel class. |
|
987 |
*/ |
|
988 |
// begin with permissions granted to all code in current policy |
|
51 | 989 |
PermissionCollection perms = |
2 | 990 |
java.security.AccessController.doPrivileged( |
51 | 991 |
new java.security.PrivilegedAction<PermissionCollection>() { |
992 |
public PermissionCollection run() { |
|
2 | 993 |
CodeSource codesource = new CodeSource(null, |
994 |
(java.security.cert.Certificate[]) null); |
|
995 |
Policy p = java.security.Policy.getPolicy(); |
|
996 |
if (p != null) { |
|
997 |
return p.getPermissions(codesource); |
|
998 |
} else { |
|
999 |
return new Permissions(); |
|
1000 |
} |
|
1001 |
} |
|
1002 |
}); |
|
1003 |
||
1004 |
// createClassLoader permission needed to create loader in context |
|
1005 |
perms.add(new RuntimePermission("createClassLoader")); |
|
1006 |
||
1007 |
// add permissions to read any "java.*" property |
|
1008 |
perms.add(new java.util.PropertyPermission("java.*","read")); |
|
1009 |
||
1010 |
// add permissions reuiqred to load from codebase URL path |
|
1011 |
addPermissionsForURLs(urls, perms, true); |
|
1012 |
||
1013 |
/* |
|
1014 |
* Create an AccessControlContext that consists of a single |
|
1015 |
* protection domain with only the permissions calculated above. |
|
1016 |
*/ |
|
1017 |
ProtectionDomain pd = new ProtectionDomain( |
|
1018 |
new CodeSource((urls.length > 0 ? urls[0] : null), |
|
1019 |
(java.security.cert.Certificate[]) null), |
|
1020 |
perms); |
|
1021 |
return new AccessControlContext(new ProtectionDomain[] { pd }); |
|
1022 |
} |
|
1023 |
||
1024 |
/** |
|
1025 |
* Adds to the specified permission collection the permissions |
|
1026 |
* necessary to load classes from a loader with the specified URL |
|
1027 |
* path; if "forLoader" is true, also adds URL-specific |
|
1028 |
* permissions necessary for the security context that such a |
|
1029 |
* loader operates within, such as permissions necessary for |
|
1030 |
* granting automatic permissions to classes defined by the |
|
1031 |
* loader. A given permission is only added to the collection if |
|
1032 |
* it is not already implied by the collection. |
|
1033 |
*/ |
|
11039
4ee27839f531
7102369: remove java.rmi.server.codebase property parsing from registyimpl
coffeys
parents:
10913
diff
changeset
|
1034 |
private static void addPermissionsForURLs(URL[] urls, |
10913 | 1035 |
PermissionCollection perms, |
1036 |
boolean forLoader) |
|
2 | 1037 |
{ |
1038 |
for (int i = 0; i < urls.length; i++) { |
|
1039 |
URL url = urls[i]; |
|
1040 |
try { |
|
1041 |
URLConnection urlConnection = url.openConnection(); |
|
1042 |
Permission p = urlConnection.getPermission(); |
|
1043 |
if (p != null) { |
|
1044 |
if (p instanceof FilePermission) { |
|
1045 |
/* |
|
1046 |
* If the codebase is a file, the permission required |
|
1047 |
* to actually read classes from the codebase URL is |
|
1048 |
* the permission to read all files beneath the last |
|
1049 |
* directory in the file path, either because JAR |
|
1050 |
* files can refer to other JAR files in the same |
|
1051 |
* directory, or because permission to read a |
|
1052 |
* directory is not implied by permission to read the |
|
1053 |
* contents of a directory, which all that might be |
|
1054 |
* granted. |
|
1055 |
*/ |
|
1056 |
String path = p.getName(); |
|
1057 |
int endIndex = path.lastIndexOf(File.separatorChar); |
|
1058 |
if (endIndex != -1) { |
|
1059 |
path = path.substring(0, endIndex+1); |
|
1060 |
if (path.endsWith(File.separator)) { |
|
1061 |
path += "-"; |
|
1062 |
} |
|
1063 |
Permission p2 = new FilePermission(path, "read"); |
|
1064 |
if (!perms.implies(p2)) { |
|
1065 |
perms.add(p2); |
|
1066 |
} |
|
1067 |
perms.add(new FilePermission(path, "read")); |
|
1068 |
} else { |
|
1069 |
/* |
|
1070 |
* No directory separator: use permission to |
|
1071 |
* read the file. |
|
1072 |
*/ |
|
1073 |
if (!perms.implies(p)) { |
|
1074 |
perms.add(p); |
|
1075 |
} |
|
1076 |
} |
|
1077 |
} else { |
|
1078 |
if (!perms.implies(p)) { |
|
1079 |
perms.add(p); |
|
1080 |
} |
|
1081 |
||
1082 |
/* |
|
1083 |
* If the purpose of these permissions is to grant |
|
1084 |
* them to an instance of a URLClassLoader subclass, |
|
1085 |
* we must add permission to connect to and accept |
|
1086 |
* from the host of non-"file:" URLs, otherwise the |
|
1087 |
* getPermissions() method of URLClassLoader will |
|
1088 |
* throw a security exception. |
|
1089 |
*/ |
|
1090 |
if (forLoader) { |
|
1091 |
// get URL with meaningful host component |
|
1092 |
URL hostURL = url; |
|
1093 |
for (URLConnection conn = urlConnection; |
|
1094 |
conn instanceof JarURLConnection;) |
|
1095 |
{ |
|
1096 |
hostURL = |
|
1097 |
((JarURLConnection) conn).getJarFileURL(); |
|
1098 |
conn = hostURL.openConnection(); |
|
1099 |
} |
|
1100 |
String host = hostURL.getHost(); |
|
1101 |
if (host != null && |
|
1102 |
p.implies(new SocketPermission(host, |
|
1103 |
"resolve"))) |
|
1104 |
{ |
|
1105 |
Permission p2 = |
|
1106 |
new SocketPermission(host, |
|
1107 |
"connect,accept"); |
|
1108 |
if (!perms.implies(p2)) { |
|
1109 |
perms.add(p2); |
|
1110 |
} |
|
1111 |
} |
|
1112 |
} |
|
1113 |
} |
|
1114 |
} |
|
1115 |
} catch (IOException e) { |
|
1116 |
/* |
|
1117 |
* This shouldn't happen, although it is declared to be |
|
1118 |
* thrown by openConnection() and getPermission(). If it |
|
1119 |
* does, don't bother granting or requiring any permissions |
|
1120 |
* for this URL. |
|
1121 |
*/ |
|
1122 |
} |
|
1123 |
} |
|
1124 |
} |
|
1125 |
||
1126 |
/** |
|
1127 |
* Loader is the actual class of the RMI class loaders created |
|
1128 |
* by the RMIClassLoader static methods. |
|
1129 |
*/ |
|
1130 |
private static class Loader extends URLClassLoader { |
|
1131 |
||
1132 |
/** parent class loader, kept here as an optimization */ |
|
1133 |
private ClassLoader parent; |
|
1134 |
||
1135 |
/** string form of loader's codebase URL path, also an optimization */ |
|
1136 |
private String annotation; |
|
1137 |
||
1138 |
/** permissions required to access loader through public API */ |
|
1139 |
private Permissions permissions; |
|
1140 |
||
1141 |
private Loader(URL[] urls, ClassLoader parent) { |
|
1142 |
super(urls, parent); |
|
1143 |
this.parent = parent; |
|
1144 |
||
1145 |
/* |
|
1146 |
* Precompute the permissions required to access the loader. |
|
1147 |
*/ |
|
1148 |
permissions = new Permissions(); |
|
1149 |
addPermissionsForURLs(urls, permissions, false); |
|
1150 |
||
1151 |
/* |
|
1152 |
* Caching the value of class annotation string here assumes |
|
1153 |
* that the protected method addURL() is never called on this |
|
1154 |
* class loader. |
|
1155 |
*/ |
|
1156 |
annotation = urlsToPath(urls); |
|
1157 |
} |
|
1158 |
||
1159 |
/** |
|
1160 |
* Return the string to be annotated with all classes loaded from |
|
1161 |
* this class loader. |
|
1162 |
*/ |
|
1163 |
public String getClassAnnotation() { |
|
1164 |
return annotation; |
|
1165 |
} |
|
1166 |
||
1167 |
/** |
|
1168 |
* Check that the current access control context has all of the |
|
1169 |
* permissions necessary to load classes from this loader. |
|
1170 |
*/ |
|
1171 |
private void checkPermissions() { |
|
1172 |
SecurityManager sm = System.getSecurityManager(); |
|
1173 |
if (sm != null) { // should never be null? |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
1174 |
Enumeration<Permission> enum_ = permissions.elements(); |
2 | 1175 |
while (enum_.hasMoreElements()) { |
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
1176 |
sm.checkPermission(enum_.nextElement()); |
2 | 1177 |
} |
1178 |
} |
|
1179 |
} |
|
1180 |
||
1181 |
/** |
|
1182 |
* Return the permissions to be granted to code loaded from the |
|
1183 |
* given code source. |
|
1184 |
*/ |
|
1185 |
protected PermissionCollection getPermissions(CodeSource codesource) { |
|
1186 |
PermissionCollection perms = super.getPermissions(codesource); |
|
1187 |
/* |
|
1188 |
* Grant the same permissions that URLClassLoader would grant. |
|
1189 |
*/ |
|
1190 |
return perms; |
|
1191 |
} |
|
1192 |
||
1193 |
/** |
|
1194 |
* Return a string representation of this loader (useful for |
|
1195 |
* debugging). |
|
1196 |
*/ |
|
1197 |
public String toString() { |
|
1198 |
return super.toString() + "[\"" + annotation + "\"]"; |
|
1199 |
} |
|
18196 | 1200 |
|
1201 |
@Override |
|
1202 |
protected Class<?> loadClass(String name, boolean resolve) |
|
1203 |
throws ClassNotFoundException { |
|
1204 |
if (parent == null) { |
|
1205 |
ReflectUtil.checkPackageAccess(name); |
|
1206 |
} |
|
1207 |
return super.loadClass(name, resolve); |
|
1208 |
} |
|
1209 |
||
1210 |
||
2 | 1211 |
} |
18196 | 1212 |
|
1213 |
private static Class<?> loadClassForName(String name, |
|
1214 |
boolean initialize, |
|
1215 |
ClassLoader loader) |
|
1216 |
throws ClassNotFoundException |
|
1217 |
{ |
|
1218 |
if (loader == null) { |
|
1219 |
ReflectUtil.checkPackageAccess(name); |
|
1220 |
} |
|
1221 |
return Class.forName(name, initialize, loader); |
|
1222 |
} |
|
1223 |
||
2 | 1224 |
} |