author | phh |
Sat, 30 Nov 2019 14:33:05 -0800 | |
changeset 59330 | 5b96c12f909d |
parent 52427 | 3c6aa484536c |
permissions | -rw-r--r-- |
2 | 1 |
/* |
52427
3c6aa484536c
8211122: Reduce the number of internal classes made accessible to jdk.unsupported
mchung
parents:
48576
diff
changeset
|
2 |
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.rmi.registry; |
|
27 |
||
43211 | 28 |
import java.io.ObjectInputFilter; |
36670
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
29 |
import java.nio.file.Path; |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
30 |
import java.nio.file.Paths; |
43211 | 31 |
import java.security.PrivilegedAction; |
32 |
import java.security.Security; |
|
36670
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
33 |
import java.util.ArrayList; |
2 | 34 |
import java.util.Enumeration; |
35 |
import java.util.Hashtable; |
|
36670
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
36 |
import java.util.List; |
2 | 37 |
import java.util.MissingResourceException; |
38 |
import java.util.ResourceBundle; |
|
36670
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
39 |
import java.io.File; |
11039
4ee27839f531
7102369: remove java.rmi.server.codebase property parsing from registyimpl
coffeys
parents:
10914
diff
changeset
|
40 |
import java.io.FilePermission; |
2 | 41 |
import java.io.IOException; |
42 |
import java.net.*; |
|
43 |
import java.rmi.*; |
|
44 |
import java.rmi.server.ObjID; |
|
45 |
import java.rmi.server.ServerNotActiveException; |
|
46 |
import java.rmi.registry.Registry; |
|
47 |
import java.rmi.server.RMIClientSocketFactory; |
|
48 |
import java.rmi.server.RMIServerSocketFactory; |
|
10913 | 49 |
import java.security.AccessControlContext; |
50 |
import java.security.AccessController; |
|
51 |
import java.security.CodeSource; |
|
52 |
import java.security.Policy; |
|
2 | 53 |
import java.security.PrivilegedActionException; |
10913 | 54 |
import java.security.PrivilegedExceptionAction; |
55 |
import java.security.PermissionCollection; |
|
56 |
import java.security.Permissions; |
|
57 |
import java.security.ProtectionDomain; |
|
2 | 58 |
import java.text.MessageFormat; |
43211 | 59 |
|
52427
3c6aa484536c
8211122: Reduce the number of internal classes made accessible to jdk.unsupported
mchung
parents:
48576
diff
changeset
|
60 |
import jdk.internal.access.SharedSecrets; |
43211 | 61 |
import sun.rmi.runtime.Log; |
62 |
import sun.rmi.server.UnicastRef; |
|
2 | 63 |
import sun.rmi.server.UnicastServerRef; |
64 |
import sun.rmi.server.UnicastServerRef2; |
|
65 |
import sun.rmi.transport.LiveRef; |
|
66 |
||
67 |
/** |
|
68 |
* A "registry" exists on every node that allows RMI connections to |
|
69 |
* servers on that node. The registry on a particular node contains a |
|
70 |
* transient database that maps names to remote objects. When the |
|
71 |
* node boots, the registry database is empty. The names stored in the |
|
72 |
* registry are pure and are not parsed. A service storing itself in |
|
73 |
* the registry may want to prefix its name of the service by a package |
|
74 |
* name (although not required), to reduce name collisions in the |
|
75 |
* registry. |
|
76 |
* |
|
77 |
* The LocateRegistry class is used to obtain registry for different hosts. |
|
45989 | 78 |
* <p> |
79 |
* The default RegistryImpl exported restricts access to clients on the local host |
|
80 |
* for the methods {@link #bind}, {@link #rebind}, {@link #unbind} by checking |
|
81 |
* the client host in the skeleton. |
|
2 | 82 |
* |
83 |
* @see java.rmi.registry.LocateRegistry |
|
84 |
*/ |
|
85 |
public class RegistryImpl extends java.rmi.server.RemoteServer |
|
86 |
implements Registry |
|
87 |
{ |
|
88 |
||
89 |
/* indicate compatibility with JDK 1.1.x version of class */ |
|
90 |
private static final long serialVersionUID = 4666870661827494597L; |
|
51 | 91 |
private Hashtable<String, Remote> bindings |
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
92 |
= new Hashtable<>(101); |
51 | 93 |
private static Hashtable<InetAddress, InetAddress> allowedAccessCache |
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
94 |
= new Hashtable<>(3); |
2 | 95 |
private static RegistryImpl registry; |
96 |
private static ObjID id = new ObjID(ObjID.REGISTRY_ID); |
|
97 |
||
98 |
private static ResourceBundle resources = null; |
|
99 |
||
100 |
/** |
|
43211 | 101 |
* Property name of the RMI Registry serial filter to augment |
102 |
* the built-in list of allowed types. |
|
103 |
* Setting the property in the {@code conf/security/java.security} file |
|
104 |
* will enable the augmented filter. |
|
105 |
*/ |
|
106 |
private static final String REGISTRY_FILTER_PROPNAME = "sun.rmi.registry.registryFilter"; |
|
107 |
||
108 |
/** Registry max depth of remote invocations. **/ |
|
45436
152ed642e379
8180582: The bind to rmiregistry is rejected by registryFilter even though registryFilter is set
rriggs
parents:
43211
diff
changeset
|
109 |
private static final int REGISTRY_MAX_DEPTH = 20; |
43211 | 110 |
|
111 |
/** Registry maximum array size in remote invocations. **/ |
|
46160
c647e44ea1b9
8185346: Relax RMI Registry Serial Filter to allow arrays of any type
rriggs
parents:
45989
diff
changeset
|
112 |
private static final int REGISTRY_MAX_ARRAY_SIZE = 1_000_000; |
43211 | 113 |
|
114 |
/** |
|
115 |
* The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"} |
|
116 |
* property. |
|
117 |
*/ |
|
118 |
private static final ObjectInputFilter registryFilter = |
|
119 |
AccessController.doPrivileged((PrivilegedAction<ObjectInputFilter>)RegistryImpl::initRegistryFilter); |
|
120 |
||
121 |
/** |
|
122 |
* Initialize the registryFilter from the security properties or system property; if any |
|
123 |
* @return an ObjectInputFilter, or null |
|
124 |
*/ |
|
125 |
@SuppressWarnings("deprecation") |
|
126 |
private static ObjectInputFilter initRegistryFilter() { |
|
127 |
ObjectInputFilter filter = null; |
|
128 |
String props = System.getProperty(REGISTRY_FILTER_PROPNAME); |
|
129 |
if (props == null) { |
|
130 |
props = Security.getProperty(REGISTRY_FILTER_PROPNAME); |
|
131 |
} |
|
132 |
if (props != null) { |
|
46160
c647e44ea1b9
8185346: Relax RMI Registry Serial Filter to allow arrays of any type
rriggs
parents:
45989
diff
changeset
|
133 |
filter = SharedSecrets.getJavaObjectInputFilterAccess().createFilter2(props); |
43211 | 134 |
Log regLog = Log.getLog("sun.rmi.registry", "registry", -1); |
135 |
if (regLog.isLoggable(Log.BRIEF)) { |
|
136 |
regLog.log(Log.BRIEF, "registryFilter = " + filter); |
|
137 |
} |
|
138 |
} |
|
139 |
return filter; |
|
140 |
} |
|
141 |
||
142 |
/** |
|
2 | 143 |
* Construct a new RegistryImpl on the specified port with the |
144 |
* given custom socket factory pair. |
|
145 |
*/ |
|
146 |
public RegistryImpl(int port, |
|
147 |
RMIClientSocketFactory csf, |
|
148 |
RMIServerSocketFactory ssf) |
|
149 |
throws RemoteException |
|
150 |
{ |
|
45989 | 151 |
this(port, csf, ssf, RegistryImpl::registryFilter); |
152 |
} |
|
153 |
||
154 |
||
155 |
/** |
|
156 |
* Construct a new RegistryImpl on the specified port with the |
|
157 |
* given custom socket factory pair and ObjectInputFilter. |
|
158 |
*/ |
|
159 |
public RegistryImpl(int port, |
|
160 |
RMIClientSocketFactory csf, |
|
161 |
RMIServerSocketFactory ssf, |
|
162 |
ObjectInputFilter serialFilter) |
|
163 |
throws RemoteException |
|
164 |
{ |
|
22339 | 165 |
if (port == Registry.REGISTRY_PORT && System.getSecurityManager() != null) { |
166 |
// grant permission for default port only. |
|
167 |
try { |
|
168 |
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { |
|
169 |
public Void run() throws RemoteException { |
|
170 |
LiveRef lref = new LiveRef(id, port, csf, ssf); |
|
45989 | 171 |
setup(new UnicastServerRef2(lref, serialFilter)); |
22339 | 172 |
return null; |
173 |
} |
|
174 |
}, null, new SocketPermission("localhost:"+port, "listen,accept")); |
|
175 |
} catch (PrivilegedActionException pae) { |
|
176 |
throw (RemoteException)pae.getException(); |
|
177 |
} |
|
178 |
} else { |
|
179 |
LiveRef lref = new LiveRef(id, port, csf, ssf); |
|
48576 | 180 |
setup(new UnicastServerRef2(lref, serialFilter)); |
22339 | 181 |
} |
2 | 182 |
} |
183 |
||
184 |
/** |
|
185 |
* Construct a new RegistryImpl on the specified port. |
|
186 |
*/ |
|
187 |
public RegistryImpl(int port) |
|
188 |
throws RemoteException |
|
189 |
{ |
|
22341
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
190 |
if (port == Registry.REGISTRY_PORT && System.getSecurityManager() != null) { |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
191 |
// grant permission for default port only. |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
192 |
try { |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
193 |
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() { |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
194 |
public Void run() throws RemoteException { |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
195 |
LiveRef lref = new LiveRef(id, port); |
43211 | 196 |
setup(new UnicastServerRef(lref, RegistryImpl::registryFilter)); |
22341
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
197 |
return null; |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
198 |
} |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
199 |
}, null, new SocketPermission("localhost:"+port, "listen,accept")); |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
200 |
} catch (PrivilegedActionException pae) { |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
201 |
throw (RemoteException)pae.getException(); |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
202 |
} |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
203 |
} else { |
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
204 |
LiveRef lref = new LiveRef(id, port); |
43211 | 205 |
setup(new UnicastServerRef(lref, RegistryImpl::registryFilter)); |
22341
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
206 |
} |
2 | 207 |
} |
208 |
||
209 |
/* |
|
210 |
* Create the export the object using the parameter |
|
211 |
* <code>uref</code> |
|
212 |
*/ |
|
213 |
private void setup(UnicastServerRef uref) |
|
214 |
throws RemoteException |
|
215 |
{ |
|
216 |
/* Server ref must be created and assigned before remote |
|
217 |
* object 'this' can be exported. |
|
218 |
*/ |
|
219 |
ref = uref; |
|
220 |
uref.exportObject(this, null, true); |
|
221 |
} |
|
222 |
||
223 |
/** |
|
224 |
* Returns the remote object for specified name in the registry. |
|
225 |
* @exception RemoteException If remote operation failed. |
|
30655 | 226 |
* @exception NotBoundException If name is not currently bound. |
2 | 227 |
*/ |
228 |
public Remote lookup(String name) |
|
229 |
throws RemoteException, NotBoundException |
|
230 |
{ |
|
231 |
synchronized (bindings) { |
|
51 | 232 |
Remote obj = bindings.get(name); |
2 | 233 |
if (obj == null) |
234 |
throw new NotBoundException(name); |
|
235 |
return obj; |
|
236 |
} |
|
237 |
} |
|
238 |
||
239 |
/** |
|
240 |
* Binds the name to the specified remote object. |
|
241 |
* @exception RemoteException If remote operation failed. |
|
242 |
* @exception AlreadyBoundException If name is already bound. |
|
243 |
*/ |
|
244 |
public void bind(String name, Remote obj) |
|
245 |
throws RemoteException, AlreadyBoundException, AccessException |
|
246 |
{ |
|
45989 | 247 |
// The access check preventing remote access is done in the skeleton |
248 |
// and is not applicable to local access. |
|
2 | 249 |
synchronized (bindings) { |
51 | 250 |
Remote curr = bindings.get(name); |
2 | 251 |
if (curr != null) |
252 |
throw new AlreadyBoundException(name); |
|
253 |
bindings.put(name, obj); |
|
254 |
} |
|
255 |
} |
|
256 |
||
257 |
/** |
|
258 |
* Unbind the name. |
|
259 |
* @exception RemoteException If remote operation failed. |
|
30655 | 260 |
* @exception NotBoundException If name is not currently bound. |
2 | 261 |
*/ |
262 |
public void unbind(String name) |
|
263 |
throws RemoteException, NotBoundException, AccessException |
|
264 |
{ |
|
45989 | 265 |
// The access check preventing remote access is done in the skeleton |
266 |
// and is not applicable to local access. |
|
2 | 267 |
synchronized (bindings) { |
51 | 268 |
Remote obj = bindings.get(name); |
2 | 269 |
if (obj == null) |
270 |
throw new NotBoundException(name); |
|
271 |
bindings.remove(name); |
|
272 |
} |
|
273 |
} |
|
274 |
||
275 |
/** |
|
276 |
* Rebind the name to a new object, replaces any existing binding. |
|
277 |
* @exception RemoteException If remote operation failed. |
|
278 |
*/ |
|
279 |
public void rebind(String name, Remote obj) |
|
280 |
throws RemoteException, AccessException |
|
281 |
{ |
|
45989 | 282 |
// The access check preventing remote access is done in the skeleton |
283 |
// and is not applicable to local access. |
|
2 | 284 |
bindings.put(name, obj); |
285 |
} |
|
286 |
||
287 |
/** |
|
288 |
* Returns an enumeration of the names in the registry. |
|
289 |
* @exception RemoteException If remote operation failed. |
|
290 |
*/ |
|
291 |
public String[] list() |
|
292 |
throws RemoteException |
|
293 |
{ |
|
294 |
String[] names; |
|
295 |
synchronized (bindings) { |
|
296 |
int i = bindings.size(); |
|
297 |
names = new String[i]; |
|
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
298 |
Enumeration<String> enum_ = bindings.keys(); |
2 | 299 |
while ((--i) >= 0) |
12040
558b0e0d5910
7146763: Warnings cleanup in the sun.rmi and related packages
khazra
parents:
11039
diff
changeset
|
300 |
names[i] = enum_.nextElement(); |
2 | 301 |
} |
302 |
return names; |
|
303 |
} |
|
304 |
||
305 |
/** |
|
306 |
* Check that the caller has access to perform indicated operation. |
|
307 |
* The client must be on same the same host as this server. |
|
308 |
*/ |
|
309 |
public static void checkAccess(String op) throws AccessException { |
|
310 |
||
311 |
try { |
|
312 |
/* |
|
313 |
* Get client host that this registry operation was made from. |
|
314 |
*/ |
|
315 |
final String clientHostName = getClientHost(); |
|
316 |
InetAddress clientHost; |
|
317 |
||
318 |
try { |
|
51 | 319 |
clientHost = java.security.AccessController.doPrivileged( |
320 |
new java.security.PrivilegedExceptionAction<InetAddress>() { |
|
321 |
public InetAddress run() |
|
2 | 322 |
throws java.net.UnknownHostException |
323 |
{ |
|
324 |
return InetAddress.getByName(clientHostName); |
|
325 |
} |
|
326 |
}); |
|
327 |
} catch (PrivilegedActionException pae) { |
|
328 |
throw (java.net.UnknownHostException) pae.getException(); |
|
329 |
} |
|
330 |
||
331 |
// if client not yet seen, make sure client allowed access |
|
332 |
if (allowedAccessCache.get(clientHost) == null) { |
|
333 |
||
334 |
if (clientHost.isAnyLocalAddress()) { |
|
335 |
throw new AccessException( |
|
45989 | 336 |
op + " disallowed; origin unknown"); |
2 | 337 |
} |
338 |
||
339 |
try { |
|
340 |
final InetAddress finalClientHost = clientHost; |
|
341 |
||
342 |
java.security.AccessController.doPrivileged( |
|
51 | 343 |
new java.security.PrivilegedExceptionAction<Void>() { |
344 |
public Void run() throws java.io.IOException { |
|
2 | 345 |
/* |
346 |
* if a ServerSocket can be bound to the client's |
|
347 |
* address then that address must be local |
|
348 |
*/ |
|
349 |
(new ServerSocket(0, 10, finalClientHost)).close(); |
|
350 |
allowedAccessCache.put(finalClientHost, |
|
351 |
finalClientHost); |
|
352 |
return null; |
|
353 |
} |
|
354 |
}); |
|
355 |
} catch (PrivilegedActionException pae) { |
|
356 |
// must have been an IOException |
|
357 |
||
358 |
throw new AccessException( |
|
45989 | 359 |
op + " disallowed; origin " + |
2 | 360 |
clientHost + " is non-local host"); |
361 |
} |
|
362 |
} |
|
363 |
} catch (ServerNotActiveException ex) { |
|
364 |
/* |
|
365 |
* Local call from this VM: allow access. |
|
366 |
*/ |
|
367 |
} catch (java.net.UnknownHostException ex) { |
|
45989 | 368 |
throw new AccessException(op + " disallowed; origin is unknown host"); |
2 | 369 |
} |
370 |
} |
|
371 |
||
372 |
public static ObjID getID() { |
|
373 |
return id; |
|
374 |
} |
|
375 |
||
376 |
/** |
|
377 |
* Retrieves text resources from the locale-specific properties file. |
|
378 |
*/ |
|
379 |
private static String getTextResource(String key) { |
|
380 |
if (resources == null) { |
|
381 |
try { |
|
382 |
resources = ResourceBundle.getBundle( |
|
383 |
"sun.rmi.registry.resources.rmiregistry"); |
|
384 |
} catch (MissingResourceException mre) { |
|
385 |
} |
|
386 |
if (resources == null) { |
|
387 |
// throwing an Error is a bit extreme, methinks |
|
388 |
return ("[missing resource file: " + key + "]"); |
|
389 |
} |
|
390 |
} |
|
391 |
||
392 |
String val = null; |
|
393 |
try { |
|
394 |
val = resources.getString(key); |
|
395 |
} catch (MissingResourceException mre) { |
|
396 |
} |
|
397 |
||
398 |
if (val == null) { |
|
399 |
return ("[missing resource: " + key + "]"); |
|
400 |
} else { |
|
401 |
return (val); |
|
402 |
} |
|
403 |
} |
|
404 |
||
405 |
/** |
|
36670
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
406 |
* Convert class path specification into an array of file URLs. |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
407 |
* |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
408 |
* The path of the file is converted to a URI then into URL |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
409 |
* form so that reserved characters can safely appear in the path. |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
410 |
*/ |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
411 |
private static URL[] pathToURLs(String path) { |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
412 |
List<URL> paths = new ArrayList<>(); |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
413 |
for (String entry: path.split(File.pathSeparator)) { |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
414 |
Path p = Paths.get(entry); |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
415 |
try { |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
416 |
p = p.toRealPath(); |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
417 |
} catch (IOException x) { |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
418 |
p = p.toAbsolutePath(); |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
419 |
} |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
420 |
try { |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
421 |
paths.add(p.toUri().toURL()); |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
422 |
} catch (MalformedURLException e) { |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
423 |
//ignore / skip entry |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
424 |
} |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
425 |
} |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
426 |
return paths.toArray(new URL[0]); |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
427 |
} |
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
428 |
|
acf999f92006
8152277: Move URLClassPath.pathToURLs(String) to RegistryImpl
chegar
parents:
30655
diff
changeset
|
429 |
/** |
43211 | 430 |
* ObjectInputFilter to filter Registry input objects. |
431 |
* The list of acceptable classes is limited to classes normally |
|
432 |
* stored in a registry. |
|
433 |
* |
|
434 |
* @param filterInfo access to the class, array length, etc. |
|
435 |
* @return {@link ObjectInputFilter.Status#ALLOWED} if allowed, |
|
436 |
* {@link ObjectInputFilter.Status#REJECTED} if rejected, |
|
437 |
* otherwise {@link ObjectInputFilter.Status#UNDECIDED} |
|
438 |
*/ |
|
439 |
private static ObjectInputFilter.Status registryFilter(ObjectInputFilter.FilterInfo filterInfo) { |
|
440 |
if (registryFilter != null) { |
|
441 |
ObjectInputFilter.Status status = registryFilter.checkInput(filterInfo); |
|
442 |
if (status != ObjectInputFilter.Status.UNDECIDED) { |
|
443 |
// The Registry filter can override the built-in white-list |
|
444 |
return status; |
|
445 |
} |
|
446 |
} |
|
447 |
||
448 |
if (filterInfo.depth() > REGISTRY_MAX_DEPTH) { |
|
449 |
return ObjectInputFilter.Status.REJECTED; |
|
450 |
} |
|
451 |
Class<?> clazz = filterInfo.serialClass(); |
|
452 |
if (clazz != null) { |
|
453 |
if (clazz.isArray()) { |
|
46160
c647e44ea1b9
8185346: Relax RMI Registry Serial Filter to allow arrays of any type
rriggs
parents:
45989
diff
changeset
|
454 |
// Arrays are REJECTED only if they exceed the limit |
c647e44ea1b9
8185346: Relax RMI Registry Serial Filter to allow arrays of any type
rriggs
parents:
45989
diff
changeset
|
455 |
return (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) |
c647e44ea1b9
8185346: Relax RMI Registry Serial Filter to allow arrays of any type
rriggs
parents:
45989
diff
changeset
|
456 |
? ObjectInputFilter.Status.REJECTED |
c647e44ea1b9
8185346: Relax RMI Registry Serial Filter to allow arrays of any type
rriggs
parents:
45989
diff
changeset
|
457 |
: ObjectInputFilter.Status.UNDECIDED; |
43211 | 458 |
} |
459 |
if (String.class == clazz |
|
460 |
|| java.lang.Number.class.isAssignableFrom(clazz) |
|
461 |
|| Remote.class.isAssignableFrom(clazz) |
|
462 |
|| java.lang.reflect.Proxy.class.isAssignableFrom(clazz) |
|
463 |
|| UnicastRef.class.isAssignableFrom(clazz) |
|
464 |
|| RMIClientSocketFactory.class.isAssignableFrom(clazz) |
|
465 |
|| RMIServerSocketFactory.class.isAssignableFrom(clazz) |
|
466 |
|| java.rmi.activation.ActivationID.class.isAssignableFrom(clazz) |
|
467 |
|| java.rmi.server.UID.class.isAssignableFrom(clazz)) { |
|
468 |
return ObjectInputFilter.Status.ALLOWED; |
|
469 |
} else { |
|
470 |
return ObjectInputFilter.Status.REJECTED; |
|
471 |
} |
|
472 |
} |
|
473 |
return ObjectInputFilter.Status.UNDECIDED; |
|
474 |
} |
|
475 |
||
476 |
/** |
|
43061
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
477 |
* Return a new RegistryImpl on the requested port and export it to serve |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
478 |
* registry requests. A classloader is initialized from the system property |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
479 |
* "env.class.path" and a security manager is set unless one is already set. |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
480 |
* <p> |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
481 |
* The returned Registry is fully functional within the current process and |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
482 |
* is usable for internal and testing purposes. |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
483 |
* |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
484 |
* @param regPort port on which the rmiregistry accepts requests; |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
485 |
* if 0, an implementation specific port is assigned |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
486 |
* @return a RegistryImpl instance |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
487 |
* @exception RemoteException If remote operation failed. |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
488 |
* @since 9 |
2 | 489 |
*/ |
43061
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
490 |
public static RegistryImpl createRegistry(int regPort) throws RemoteException { |
2 | 491 |
// Create and install the security manager if one is not installed |
492 |
// already. |
|
493 |
if (System.getSecurityManager() == null) { |
|
28053
b2366f339e39
8066633: Fix deprecation warnings in java.rmi module
smarks
parents:
27805
diff
changeset
|
494 |
System.setSecurityManager(new SecurityManager()); |
2 | 495 |
} |
496 |
||
43061
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
497 |
/* |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
498 |
* Fix bugid 4147561: When JDK tools are executed, the value of |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
499 |
* the CLASSPATH environment variable for the shell in which they |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
500 |
* were invoked is no longer incorporated into the application |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
501 |
* class path; CLASSPATH's only effect is to be the value of the |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
502 |
* system property "env.class.path". To preserve the previous |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
503 |
* (JDK1.1 and JDK1.2beta3) behavior of this tool, however, its |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
504 |
* CLASSPATH should still be considered when resolving classes |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
505 |
* being unmarshalled. To effect this old behavior, a class |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
506 |
* loader that loads from the file path specified in the |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
507 |
* "env.class.path" property is created and set to be the context |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
508 |
* class loader before the remote object is exported. |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
509 |
*/ |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
510 |
String envcp = System.getProperty("env.class.path"); |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
511 |
if (envcp == null) { |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
512 |
envcp = "."; // preserve old default behavior |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
513 |
} |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
514 |
URL[] urls = pathToURLs(envcp); |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
515 |
ClassLoader cl = new URLClassLoader(urls); |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
516 |
|
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
517 |
/* |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
518 |
* Fix bugid 4242317: Classes defined by this class loader should |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
519 |
* be annotated with the value of the "java.rmi.server.codebase" |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
520 |
* property, not the "file:" URLs for the CLASSPATH elements. |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
521 |
*/ |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
522 |
sun.rmi.server.LoaderHandler.registerCodebaseLoader(cl); |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
523 |
|
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
524 |
Thread.currentThread().setContextClassLoader(cl); |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
525 |
|
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
526 |
RegistryImpl registryImpl = null; |
2 | 527 |
try { |
43061
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
528 |
registryImpl = AccessController.doPrivileged( |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
529 |
new PrivilegedExceptionAction<RegistryImpl>() { |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
530 |
public RegistryImpl run() throws RemoteException { |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
531 |
return new RegistryImpl(regPort); |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
532 |
} |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
533 |
}, getAccessControlContext(regPort)); |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
534 |
} catch (PrivilegedActionException ex) { |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
535 |
throw (RemoteException) ex.getException(); |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
536 |
} |
2 | 537 |
|
43061
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
538 |
return registryImpl; |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
539 |
} |
2 | 540 |
|
43061
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
541 |
/** |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
542 |
* Main program to start a registry. <br> |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
543 |
* The port number can be specified on the command line. |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
544 |
*/ |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
545 |
public static void main(String args[]) |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
546 |
{ |
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
547 |
try { |
10913 | 548 |
final int regPort = (args.length >= 1) ? Integer.parseInt(args[0]) |
549 |
: Registry.REGISTRY_PORT; |
|
43061
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
550 |
|
257cac611780
8172347: Refactoring src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java to improve testability of rmiregistry
mli
parents:
36670
diff
changeset
|
551 |
registry = createRegistry(regPort); |
10913 | 552 |
|
2 | 553 |
// prevent registry from exiting |
554 |
while (true) { |
|
555 |
try { |
|
556 |
Thread.sleep(Long.MAX_VALUE); |
|
557 |
} catch (InterruptedException e) { |
|
558 |
} |
|
559 |
} |
|
560 |
} catch (NumberFormatException e) { |
|
561 |
System.err.println(MessageFormat.format( |
|
562 |
getTextResource("rmiregistry.port.badnumber"), |
|
563 |
args[0] )); |
|
564 |
System.err.println(MessageFormat.format( |
|
565 |
getTextResource("rmiregistry.usage"), |
|
566 |
"rmiregistry" )); |
|
567 |
} catch (Exception e) { |
|
568 |
e.printStackTrace(); |
|
569 |
} |
|
570 |
System.exit(1); |
|
571 |
} |
|
10913 | 572 |
|
573 |
/** |
|
11039
4ee27839f531
7102369: remove java.rmi.server.codebase property parsing from registyimpl
coffeys
parents:
10914
diff
changeset
|
574 |
* Generates an AccessControlContext with minimal permissions. |
10913 | 575 |
* The approach used here is taken from the similar method |
576 |
* getAccessControlContext() in the sun.applet.AppletPanel class. |
|
577 |
*/ |
|
22339 | 578 |
private static AccessControlContext getAccessControlContext(int port) { |
10913 | 579 |
// begin with permissions granted to all code in current policy |
580 |
PermissionCollection perms = AccessController.doPrivileged( |
|
581 |
new java.security.PrivilegedAction<PermissionCollection>() { |
|
582 |
public PermissionCollection run() { |
|
583 |
CodeSource codesource = new CodeSource(null, |
|
584 |
(java.security.cert.Certificate[]) null); |
|
585 |
Policy p = java.security.Policy.getPolicy(); |
|
586 |
if (p != null) { |
|
587 |
return p.getPermissions(codesource); |
|
588 |
} else { |
|
589 |
return new Permissions(); |
|
590 |
} |
|
591 |
} |
|
592 |
}); |
|
593 |
||
594 |
/* |
|
595 |
* Anyone can connect to the registry and the registry can connect |
|
596 |
* to and possibly download stubs from anywhere. Downloaded stubs and |
|
597 |
* related classes themselves are more tightly limited by RMI. |
|
598 |
*/ |
|
599 |
perms.add(new SocketPermission("*", "connect,accept")); |
|
22341
4689530d03b9
8028293: Check local configuration for actual ephemeral port range
michaelm
parents:
22339
diff
changeset
|
600 |
perms.add(new SocketPermission("localhost:"+port, "listen,accept")); |
10913 | 601 |
|
14209 | 602 |
perms.add(new RuntimePermission("accessClassInPackage.sun.jvmstat.*")); |
603 |
perms.add(new RuntimePermission("accessClassInPackage.sun.jvm.hotspot.*")); |
|
10914 | 604 |
|
11039
4ee27839f531
7102369: remove java.rmi.server.codebase property parsing from registyimpl
coffeys
parents:
10914
diff
changeset
|
605 |
perms.add(new FilePermission("<<ALL FILES>>", "read")); |
10913 | 606 |
|
607 |
/* |
|
608 |
* Create an AccessControlContext that consists of a single |
|
609 |
* protection domain with only the permissions calculated above. |
|
610 |
*/ |
|
611 |
ProtectionDomain pd = new ProtectionDomain( |
|
11039
4ee27839f531
7102369: remove java.rmi.server.codebase property parsing from registyimpl
coffeys
parents:
10914
diff
changeset
|
612 |
new CodeSource(null, |
4ee27839f531
7102369: remove java.rmi.server.codebase property parsing from registyimpl
coffeys
parents:
10914
diff
changeset
|
613 |
(java.security.cert.Certificate[]) null), perms); |
10913 | 614 |
return new AccessControlContext(new ProtectionDomain[] { pd }); |
615 |
} |
|
2 | 616 |
} |