8008589: Better MBean permission validation
Summary: Better MBean permission validation
Reviewed-by: skoivu, dfuchs, mchung, sjiang
--- a/jdk/src/share/classes/javax/management/MBeanTrustPermission.java Wed Jul 03 15:10:11 2013 -0700
+++ b/jdk/src/share/classes/javax/management/MBeanTrustPermission.java Mon Jul 08 16:15:39 2013 +0400
@@ -26,6 +26,9 @@
package javax.management;
import java.security.BasicPermission;
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
/**
* This permission represents "trust" in a signer or codebase.
@@ -75,15 +78,31 @@
*/
public MBeanTrustPermission(String name, String actions) {
super(name, actions);
+ validate(name,actions);
+ }
+
+ private static void validate(String name, String actions) {
/* Check that actions is a null empty string */
- if (actions != null && actions.length() > 0)
- throw new IllegalArgumentException("MBeanTrustPermission " +
- "actions must be null: " +
+ if (actions != null && actions.length() > 0) {
+ throw new IllegalArgumentException("MBeanTrustPermission actions must be null: " +
actions);
+ }
- if (!name.equals("register") && !name.equals("*"))
- throw new IllegalArgumentException("MBeanTrustPermission: " +
- "Unknown target name " +
+ if (!name.equals("register") && !name.equals("*")) {
+ throw new IllegalArgumentException("MBeanTrustPermission: Unknown target name " +
"[" + name + "]");
+ }
+ }
+
+ private void readObject(ObjectInputStream in)
+ throws IOException, ClassNotFoundException {
+
+ // Reading private fields of base class
+ in.defaultReadObject();
+ try {
+ validate(super.getName(),super.getActions());
+ } catch (IllegalArgumentException e) {
+ throw new InvalidObjectException(e.getMessage());
+ }
}
}