Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8000539: JMX implementation allows invocation of methods of a system class
authordsamersoff
Tue, 30 Oct 2012 17:05:45 +0400
changeset 16086 0a1053497df1
parent 16085 1389ac1d3a5f
child 16087 89b565a23835
8000539: JMX implementation allows invocation of methods of a system class Summary: Added extra packageAccess check call Reviewed-by: ahgross, dfuchs Contributed-by: jaroslav.bachorik@oracle.com
jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java	Fri Oct 26 13:48:33 2012 -0700
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/Introspector.java	Tue Oct 30 17:05:45 2012 +0400
@@ -56,6 +56,8 @@
 import java.lang.reflect.InvocationTargetException;
 import javax.management.AttributeNotFoundException;
 import javax.management.openmbean.CompositeData;
+import sun.reflect.misc.MethodUtil;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * This class contains the methods for performing all the tests needed to verify
@@ -528,8 +530,10 @@
                     // to locate method
                     readMethod = SimpleIntrospector.getReadMethod(clazz, element);
                 }
-                if (readMethod != null)
-                    return readMethod.invoke(complex);
+                if (readMethod != null) {
+                    ReflectUtil.checkPackageAccess(readMethod.getDeclaringClass());
+                    return MethodUtil.invoke(readMethod, complex, new Class[0]);
+                }
 
                 throw new AttributeNotFoundException(
                     "Could not find the getter method for the property " +
jdk-sandbox