--- a/jdk/src/share/classes/com/sun/rowset/CachedRowSetImpl.java Wed Jan 15 11:23:07 2014 +0800
+++ b/jdk/src/share/classes/com/sun/rowset/CachedRowSetImpl.java Fri Oct 25 14:35:42 2013 -0400
@@ -37,6 +37,7 @@
import javax.sql.rowset.serial.*;
import com.sun.rowset.internal.*;
import com.sun.rowset.providers.*;
+import sun.reflect.misc.ReflectUtil;
/**
* The standard implementation of the <code>CachedRowSet</code> interface.
@@ -2959,13 +2960,9 @@
// create new instance of the class
SQLData obj = null;
try {
- obj = (SQLData)c.newInstance();
- } catch (java.lang.InstantiationException ex) {
- throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
- ex.getMessage()));
- } catch (java.lang.IllegalAccessException ex) {
- throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
- ex.getMessage()));
+ obj = (SQLData) ReflectUtil.newInstance(c);
+ } catch(Exception ex) {
+ throw new SQLException("Unable to Instantiate: ", ex);
}
// get the attributes from the struct
Object attribs[] = s.getAttributes(map);
@@ -5710,13 +5707,9 @@
// create new instance of the class
SQLData obj = null;
try {
- obj = (SQLData)c.newInstance();
- } catch (java.lang.InstantiationException ex) {
- throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
- ex.getMessage()));
- } catch (java.lang.IllegalAccessException ex) {
- throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
- ex.getMessage()));
+ obj = (SQLData) ReflectUtil.newInstance(c);
+ } catch(Exception ex) {
+ throw new SQLException("Unable to Instantiate: ", ex);
}
// get the attributes from the struct
Object attribs[] = s.getAttributes(map);
--- a/jdk/src/share/classes/com/sun/rowset/internal/CachedRowSetWriter.java Wed Jan 15 11:23:07 2014 +0800
+++ b/jdk/src/share/classes/com/sun/rowset/internal/CachedRowSetWriter.java Fri Oct 25 14:35:42 2013 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@
import javax.sql.*;
import java.util.*;
import java.io.*;
+import sun.reflect.misc.ReflectUtil;
import com.sun.rowset.*;
import java.text.MessageFormat;
@@ -572,13 +573,9 @@
// create new instance of the class
SQLData obj = null;
try {
- obj = (SQLData)c.newInstance();
- } catch (java.lang.InstantiationException ex) {
- throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
- ex.getMessage()));
- } catch (java.lang.IllegalAccessException ex) {
- throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
- ex.getMessage()));
+ obj = (SQLData)ReflectUtil.newInstance(c);
+ } catch (Exception ex) {
+ throw new SQLException("Unable to Instantiate: ", ex);
}
// get the attributes from the struct
Object attribs[] = s.getAttributes(map);
--- a/jdk/src/share/classes/javax/sql/rowset/RowSetProvider.java Wed Jan 15 11:23:07 2014 +0800
+++ b/jdk/src/share/classes/javax/sql/rowset/RowSetProvider.java Fri Oct 25 14:35:42 2013 -0400
@@ -28,8 +28,11 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.sql.SQLException;
+import java.util.PropertyPermission;
import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;
+import javax.sql.rowset.spi.SyncFactoryException;
+import sun.reflect.misc.ReflectUtil;
/**
* A factory API that enables applications to obtain a
@@ -129,15 +132,11 @@
factoryClassName = getSystemProperty(ROWSET_FACTORY_NAME);
if (factoryClassName != null) {
trace("Found system property, value=" + factoryClassName);
- factory = (RowSetFactory) getFactoryClass(factoryClassName, null, true).newInstance();
+ factory = (RowSetFactory) ReflectUtil.newInstance(getFactoryClass(factoryClassName, null, true));
}
- } catch (ClassNotFoundException e) {
- throw new SQLException(
- "RowSetFactory: " + factoryClassName + " not found", e);
- } catch (Exception e) {
- throw new SQLException(
- "RowSetFactory: " + factoryClassName + " could not be instantiated: " + e,
- e);
+ } catch (Exception e) {
+ throw new SQLException( "RowSetFactory: " + factoryClassName +
+ " could not be instantiated: ", e);
}
// Check to see if we found the RowSetFactory via a System property
@@ -182,6 +181,16 @@
throws SQLException {
trace("***In newInstance()");
+
+ if(factoryClassName == null) {
+ throw new SQLException("Error: factoryClassName cannot be null");
+ }
+ try {
+ ReflectUtil.checkPackageAccess(factoryClassName);
+ } catch (java.security.AccessControlException e) {
+ throw new SQLException("Access Exception",e);
+ }
+
try {
Class<?> providerClass = getFactoryClass(factoryClassName, cl, false);
RowSetFactory instance = (RowSetFactory) providerClass.newInstance();
@@ -291,8 +300,9 @@
public String run() {
return System.getProperty(propName);
}
- });
+ }, null, new PropertyPermission(propName, "read"));
} catch (SecurityException se) {
+ trace("error getting " + propName + ": "+ se);
if (debug) {
se.printStackTrace();
}
--- a/jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java Wed Jan 15 11:23:07 2014 +0800
+++ b/jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java Fri Oct 25 14:35:42 2013 -0400
@@ -37,8 +37,11 @@
import java.io.FileNotFoundException;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import javax.naming.*;
+import sun.reflect.misc.ReflectUtil;
/**
* The Service Provider Interface (SPI) mechanism that generates <code>SyncProvider</code>
@@ -329,7 +332,7 @@
// Local implementation class names and keys from Properties
// file, translate names into Class objects using Class.forName
// and store mappings
- Properties properties = new Properties();
+ final Properties properties = new Properties();
if (implementations == null) {
implementations = new Hashtable<>();
@@ -356,10 +359,11 @@
public String run() {
return System.getProperty("rowset.properties");
}
- }, null, new PropertyPermission("rowset.properties","read"));
+ }, null, new PropertyPermission("rowset.properties", "read"));
} catch (Exception ex) {
+ System.out.println("errorget rowset.properties: " + ex);
strRowsetProperties = null;
- }
+ };
if (strRowsetProperties != null) {
// Load user's implementation of SyncProvider
@@ -380,14 +384,27 @@
ClassLoader cl = Thread.currentThread().getContextClassLoader();
- try (InputStream stream =
- (cl == null) ? ClassLoader.getSystemResourceAsStream(ROWSET_PROPERTIES)
- : cl.getResourceAsStream(ROWSET_PROPERTIES)) {
- if (stream == null) {
- throw new SyncFactoryException(
- "Resource " + ROWSET_PROPERTIES + " not found");
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (InputStream stream = (cl == null) ?
+ ClassLoader.getSystemResourceAsStream(ROWSET_PROPERTIES)
+ : cl.getResourceAsStream(ROWSET_PROPERTIES)) {
+ if (stream == null) {
+ throw new SyncFactoryException("Resource " + ROWSET_PROPERTIES + " not found");
+ }
+ properties.load(stream);
+ }
+ return null;
+ });
+ } catch (PrivilegedActionException ex) {
+ Throwable e = ex.getException();
+ if (e instanceof SyncFactoryException) {
+ throw (SyncFactoryException) e;
+ } else {
+ SyncFactoryException sfe = new SyncFactoryException();
+ sfe.initCause(ex.getException());
+ throw sfe;
}
- properties.load(stream);
}
parseProperties(properties);
@@ -411,7 +428,7 @@
public String run() {
return System.getProperty(ROWSET_SYNC_PROVIDER);
}
- }, null, new PropertyPermission(ROWSET_SYNC_PROVIDER,"read"));
+ }, null, new PropertyPermission(ROWSET_SYNC_PROVIDER, "read"));
} catch (Exception ex) {
providerImpls = null;
}
@@ -547,6 +564,14 @@
return new com.sun.rowset.providers.RIOptimisticProvider();
}
+ try {
+ ReflectUtil.checkPackageAccess(providerID);
+ } catch (java.security.AccessControlException e) {
+ SyncFactoryException sfe = new SyncFactoryException();
+ sfe.initCause(e);
+ throw sfe;
+ }
+
// Attempt to invoke classname from registered SyncProvider list
Class<?> c = null;
try {
@@ -555,7 +580,7 @@
/**
* The SyncProvider implementation of the user will be in
* the classpath. We need to find the ClassLoader which loads
- * this SyncFactory and try to laod the SyncProvider class from
+ * this SyncFactory and try to load the SyncProvider class from
* there.
**/
c = Class.forName(providerID, true, cl);