36 import java.rmi.server.RemoteServer; |
36 import java.rmi.server.RemoteServer; |
37 import java.rmi.server.ServerNotActiveException; |
37 import java.rmi.server.ServerNotActiveException; |
38 import java.rmi.registry.Registry; |
38 import java.rmi.registry.Registry; |
39 import java.rmi.server.RMIClientSocketFactory; |
39 import java.rmi.server.RMIClientSocketFactory; |
40 import java.rmi.server.RMIServerSocketFactory; |
40 import java.rmi.server.RMIServerSocketFactory; |
|
41 import java.security.AccessControlContext; |
|
42 import java.security.AccessController; |
|
43 import java.security.CodeSource; |
|
44 import java.security.Policy; |
41 import java.security.PrivilegedActionException; |
45 import java.security.PrivilegedActionException; |
|
46 import java.security.PrivilegedExceptionAction; |
|
47 import java.security.PermissionCollection; |
|
48 import java.security.Permissions; |
|
49 import java.security.ProtectionDomain; |
42 import java.text.MessageFormat; |
50 import java.text.MessageFormat; |
|
51 import sun.rmi.server.LoaderHandler; |
43 import sun.rmi.server.UnicastServerRef; |
52 import sun.rmi.server.UnicastServerRef; |
44 import sun.rmi.server.UnicastServerRef2; |
53 import sun.rmi.server.UnicastServerRef2; |
45 import sun.rmi.transport.LiveRef; |
54 import sun.rmi.transport.LiveRef; |
46 import sun.rmi.transport.ObjectTable; |
55 import sun.rmi.transport.ObjectTable; |
47 import sun.rmi.transport.Target; |
56 import sun.rmi.transport.Target; |
|
57 import sun.security.action.GetPropertyAction; |
48 |
58 |
49 /** |
59 /** |
50 * A "registry" exists on every node that allows RMI connections to |
60 * A "registry" exists on every node that allows RMI connections to |
51 * servers on that node. The registry on a particular node contains a |
61 * servers on that node. The registry on a particular node contains a |
52 * transient database that maps names to remote objects. When the |
62 * transient database that maps names to remote objects. When the |
323 envcp = "."; // preserve old default behavior |
333 envcp = "."; // preserve old default behavior |
324 } |
334 } |
325 URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp); |
335 URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp); |
326 ClassLoader cl = new URLClassLoader(urls); |
336 ClassLoader cl = new URLClassLoader(urls); |
327 |
337 |
|
338 String codebaseProperty = null; |
|
339 String prop = java.security.AccessController.doPrivileged( |
|
340 new GetPropertyAction("java.rmi.server.codebase")); |
|
341 if (prop != null && prop.trim().length() > 0) { |
|
342 codebaseProperty = prop; |
|
343 } |
|
344 URL[] codebaseURLs = null; |
|
345 if (codebaseProperty != null) { |
|
346 codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty); |
|
347 } else { |
|
348 codebaseURLs = new URL[0]; |
|
349 } |
|
350 |
328 /* |
351 /* |
329 * Fix bugid 4242317: Classes defined by this class loader should |
352 * Fix bugid 4242317: Classes defined by this class loader should |
330 * be annotated with the value of the "java.rmi.server.codebase" |
353 * be annotated with the value of the "java.rmi.server.codebase" |
331 * property, not the "file:" URLs for the CLASSPATH elements. |
354 * property, not the "file:" URLs for the CLASSPATH elements. |
332 */ |
355 */ |
333 sun.rmi.server.LoaderHandler.registerCodebaseLoader(cl); |
356 sun.rmi.server.LoaderHandler.registerCodebaseLoader(cl); |
334 |
357 |
335 Thread.currentThread().setContextClassLoader(cl); |
358 Thread.currentThread().setContextClassLoader(cl); |
336 |
359 |
337 int regPort = Registry.REGISTRY_PORT; |
360 final int regPort = (args.length >= 1) ? Integer.parseInt(args[0]) |
338 if (args.length >= 1) { |
361 : Registry.REGISTRY_PORT; |
339 regPort = Integer.parseInt(args[0]); |
362 try { |
340 } |
363 registry = AccessController.doPrivileged( |
341 registry = new RegistryImpl(regPort); |
364 new PrivilegedExceptionAction<RegistryImpl>() { |
|
365 public RegistryImpl run() throws RemoteException { |
|
366 return new RegistryImpl(regPort); |
|
367 } |
|
368 }, getAccessControlContext(codebaseURLs)); |
|
369 } catch (PrivilegedActionException ex) { |
|
370 throw (RemoteException) ex.getException(); |
|
371 } |
|
372 |
342 // prevent registry from exiting |
373 // prevent registry from exiting |
343 while (true) { |
374 while (true) { |
344 try { |
375 try { |
345 Thread.sleep(Long.MAX_VALUE); |
376 Thread.sleep(Long.MAX_VALUE); |
346 } catch (InterruptedException e) { |
377 } catch (InterruptedException e) { |
356 } catch (Exception e) { |
387 } catch (Exception e) { |
357 e.printStackTrace(); |
388 e.printStackTrace(); |
358 } |
389 } |
359 System.exit(1); |
390 System.exit(1); |
360 } |
391 } |
|
392 |
|
393 /** |
|
394 * Generates an AccessControlContext from several URLs. |
|
395 * The approach used here is taken from the similar method |
|
396 * getAccessControlContext() in the sun.applet.AppletPanel class. |
|
397 */ |
|
398 private static AccessControlContext getAccessControlContext(URL[] urls) { |
|
399 // begin with permissions granted to all code in current policy |
|
400 PermissionCollection perms = AccessController.doPrivileged( |
|
401 new java.security.PrivilegedAction<PermissionCollection>() { |
|
402 public PermissionCollection run() { |
|
403 CodeSource codesource = new CodeSource(null, |
|
404 (java.security.cert.Certificate[]) null); |
|
405 Policy p = java.security.Policy.getPolicy(); |
|
406 if (p != null) { |
|
407 return p.getPermissions(codesource); |
|
408 } else { |
|
409 return new Permissions(); |
|
410 } |
|
411 } |
|
412 }); |
|
413 |
|
414 /* |
|
415 * Anyone can connect to the registry and the registry can connect |
|
416 * to and possibly download stubs from anywhere. Downloaded stubs and |
|
417 * related classes themselves are more tightly limited by RMI. |
|
418 */ |
|
419 perms.add(new SocketPermission("*", "connect,accept")); |
|
420 |
|
421 // add permissions required to load from codebase URL path |
|
422 LoaderHandler.addPermissionsForURLs(urls, perms, false); |
|
423 |
|
424 /* |
|
425 * Create an AccessControlContext that consists of a single |
|
426 * protection domain with only the permissions calculated above. |
|
427 */ |
|
428 ProtectionDomain pd = new ProtectionDomain( |
|
429 new CodeSource((urls.length > 0 ? urls[0] : null), |
|
430 (java.security.cert.Certificate[]) null), |
|
431 perms); |
|
432 return new AccessControlContext(new ProtectionDomain[] { pd }); |
|
433 } |
361 } |
434 } |