8027204: Revise the update of 8026204 and 8025758
authorxuelei
Thu, 24 Oct 2013 10:02:26 -0700
changeset 22338 fda2b44112c7
parent 22337 4dc66bdfd4ea
child 22339 e91bfaf4360d
8027204: Revise the update of 8026204 and 8025758 Summary: Rivise the update to use system class loader with null TCCL. Also reviewed by Alexander Fomin <alexander.fomin@oracle.com> Reviewed-by: mchung, ahgross
jdk/src/share/classes/com/sun/naming/internal/FactoryEnumeration.java
jdk/src/share/classes/com/sun/naming/internal/VersionHelper12.java
jdk/src/share/classes/javax/security/auth/login/LoginContext.java
--- a/jdk/src/share/classes/com/sun/naming/internal/FactoryEnumeration.java	Wed Oct 23 21:24:34 2013 -0700
+++ b/jdk/src/share/classes/com/sun/naming/internal/FactoryEnumeration.java	Thu Oct 24 10:02:26 2013 -0700
@@ -83,7 +83,6 @@
             try {
                 if (answer == null) {   // reload class if weak ref cleared
                     Class<?> cls = Class.forName(className, true, loader);
-                    VersionHelper12.checkPackageAccess(cls);
                     answer = cls;
                 }
                 // Instantiate Class to get factory
--- a/jdk/src/share/classes/com/sun/naming/internal/VersionHelper12.java	Wed Oct 23 21:24:34 2013 -0700
+++ b/jdk/src/share/classes/com/sun/naming/internal/VersionHelper12.java	Thu Oct 24 10:02:26 2013 -0700
@@ -39,7 +39,6 @@
 import java.util.Properties;
 
 import javax.naming.*;
-import sun.reflect.misc.ReflectUtil;
 
 /**
  * VersionHelper was used by JNDI to accommodate differences between
@@ -54,18 +53,6 @@
 
 final class VersionHelper12 extends VersionHelper {
 
-    // workaround to disable additional package access control with
-    // Thread Context Class Loader (TCCL).
-    private final static boolean noPackageAccessWithTCCL = "true".equals(
-        AccessController.doPrivileged(
-            new PrivilegedAction<String>() {
-                public String run() {
-                    return System.getProperty(
-                        "com.sun.naming.untieAccessContextWithTCCL");
-                }
-            }
-        ));
-
     // Disallow external from creating one of these.
     VersionHelper12() {
     }
@@ -83,9 +70,6 @@
     Class<?> loadClass(String className, ClassLoader cl)
         throws ClassNotFoundException {
         Class<?> cls = Class.forName(className, true, cl);
-        if (!noPackageAccessWithTCCL) {
-            checkPackageAccess(cls);
-        }
         return cls;
     }
 
@@ -103,35 +87,6 @@
         return loadClass(className, cl);
     }
 
-    /**
-     * check package access of a class that is loaded with Thread Context
-     * Class Loader (TCCL).
-     *
-     * Similar to java.lang.ClassLoader.checkPackageAccess()
-     */
-    static void checkPackageAccess(Class<?> cls) {
-        final SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            if (ReflectUtil.isNonPublicProxyClass(cls)) {
-                for (Class<?> intf: cls.getInterfaces()) {
-                    checkPackageAccess(intf);
-                }
-                return;
-            }
-
-            final String name = cls.getName();
-            final int i = name.lastIndexOf('.');
-            if (i != -1) {
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
-                    public Void run() {
-                        sm.checkPackageAccess(name.substring(0, i));
-                        return null;
-                    }
-                }, AccessController.getContext());
-            }
-        }
-    }
-
     String getJndiProperty(final int i) {
         return AccessController.doPrivileged(
             new PrivilegedAction<String>() {
@@ -220,18 +175,24 @@
     /**
      * Package private.
      *
-     * This internal method makes use of Thread Context Class Loader (TCCL),
-     * please don't expose this method as public.
+     * This internal method returns Thread Context Class Loader (TCCL),
+     * if null, returns the system Class Loader.
      *
-     * Please take care of package access control on the current context
-     * whenever using TCCL.
+     * Please don't expose this method as public.
      */
     ClassLoader getContextClassLoader() {
 
         return AccessController.doPrivileged(
             new PrivilegedAction<ClassLoader>() {
                 public ClassLoader run() {
-                    return Thread.currentThread().getContextClassLoader();
+                    ClassLoader loader =
+                            Thread.currentThread().getContextClassLoader();
+                    if (loader == null) {
+                        // Don't use bootstrap class loader directly!
+                        loader = ClassLoader.getSystemClassLoader();
+                    }
+
+                    return loader;
                 }
             }
         );
--- a/jdk/src/share/classes/javax/security/auth/login/LoginContext.java	Wed Oct 23 21:24:34 2013 -0700
+++ b/jdk/src/share/classes/javax/security/auth/login/LoginContext.java	Thu Oct 24 10:02:26 2013 -0700
@@ -37,10 +37,8 @@
 import javax.security.auth.callback.*;
 import java.security.AccessController;
 import java.security.AccessControlContext;
-import java.security.PrivilegedAction;
 import sun.security.util.PendingException;
 import sun.security.util.ResourcesMgr;
-import sun.reflect.misc.ReflectUtil;
 
 /**
  * <p> The {@code LoginContext} class describes the basic methods used
@@ -227,19 +225,6 @@
     private static final sun.security.util.Debug debug =
         sun.security.util.Debug.getInstance("logincontext", "\t[LoginContext]");
 
-    // workaround to disable additional package access control with
-    // Thread Context Class Loader (TCCL).
-    private static final boolean noPackageAccessWithTCCL = "true".equals(
-        AccessController.doPrivileged(
-            new PrivilegedAction<String>() {
-                public String run() {
-                    return System.getProperty(
-                        "auth.login.untieAccessContextWithTCCL");
-                }
-            }
-        ));
-
-
     private void init(String name) throws LoginException {
 
         SecurityManager sm = System.getSecurityManager();
@@ -293,7 +278,15 @@
         contextClassLoader = java.security.AccessController.doPrivileged
                 (new java.security.PrivilegedAction<ClassLoader>() {
                 public ClassLoader run() {
-                    return Thread.currentThread().getContextClassLoader();
+                    ClassLoader loader =
+                            Thread.currentThread().getContextClassLoader();
+                    if (loader == null) {
+                        // Don't use bootstrap class loader directly to ensure
+                        // proper package access control!
+                        loader = ClassLoader.getSystemClassLoader();
+                    }
+
+                    return loader;
                 }
         });
     }
@@ -713,17 +706,11 @@
                     // instantiate the LoginModule
                     //
                     // Allow any object to be a LoginModule as long as it
-                    // conforms to the interface if no customized config or
-                    // noPackageAccessWithTCCL is true.
+                    // conforms to the interface.
                     Class<?> c = Class.forName(
                                 moduleStack[i].entry.getLoginModuleName(),
                                 true,
                                 contextClassLoader);
-                    // check package access for customized config
-                    if (!noPackageAccessWithTCCL && creatorAcc != null) {
-                        c.asSubclass(javax.security.auth.spi.LoginModule.class);
-                        checkPackageAccess(c, creatorAcc);
-                    }
 
                     Constructor<?> constructor = c.getConstructor(PARAMS);
                     Object[] args = { };
@@ -927,35 +914,6 @@
     }
 
     /**
-     * check package access of a class that is loaded with Thread Context
-     * Class Loader (TCCL) with specified access control context.
-     *
-     * Similar to java.lang.ClassLoader.checkPackageAccess()
-     */
-    static void checkPackageAccess(Class<?> cls, AccessControlContext context) {
-        final SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            if (ReflectUtil.isNonPublicProxyClass(cls)) {
-                for (Class<?> intf: cls.getInterfaces()) {
-                    checkPackageAccess(intf, context);
-                }
-                return;
-            }
-
-            final String name = cls.getName();
-            final int i = name.lastIndexOf('.');
-            if (i != -1) {
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
-                    public Void run() {
-                        sm.checkPackageAccess(name.substring(0, i));
-                        return null;
-                    }
-                }, context);
-            }
-        }
-    }
-
-    /**
      * Wrap the caller-specified CallbackHandler in our own
      * and invoke it within a privileged block, constrained by
      * the caller's AccessControlContext.