equal
deleted
inserted
replaced
38 import javax.security.auth.Subject; |
38 import javax.security.auth.Subject; |
39 import javax.security.auth.x500.X500Principal; |
39 import javax.security.auth.x500.X500Principal; |
40 import java.io.FilePermission; |
40 import java.io.FilePermission; |
41 import java.net.SocketPermission; |
41 import java.net.SocketPermission; |
42 import java.net.NetPermission; |
42 import java.net.NetPermission; |
43 import java.util.concurrent.atomic.AtomicReference; |
43 import java.util.concurrent.ConcurrentHashMap; |
44 import jdk.internal.misc.JavaSecurityAccess; |
44 import jdk.internal.misc.JavaSecurityAccess; |
45 import static jdk.internal.misc.JavaSecurityAccess.ProtectionDomainCache; |
45 import static jdk.internal.misc.JavaSecurityAccess.ProtectionDomainCache; |
46 import jdk.internal.misc.SharedSecrets; |
46 import jdk.internal.misc.SharedSecrets; |
47 import sun.security.util.*; |
47 import sun.security.util.*; |
48 import sun.net.www.ParseUtil; |
48 import sun.net.www.ParseUtil; |
246 private static final String POLICY_URL = "policy.url."; |
246 private static final String POLICY_URL = "policy.url."; |
247 |
247 |
248 private static final int DEFAULT_CACHE_SIZE = 1; |
248 private static final int DEFAULT_CACHE_SIZE = 1; |
249 |
249 |
250 // contains the policy grant entries, PD cache, and alias mapping |
250 // contains the policy grant entries, PD cache, and alias mapping |
251 private AtomicReference<PolicyInfo> policyInfo = new AtomicReference<>(); |
251 // can be updated if refresh() is called |
|
252 private volatile PolicyInfo policyInfo; |
252 |
253 |
253 private boolean expandProperties = true; |
254 private boolean expandProperties = true; |
254 private boolean allowSystemProperties = true; |
255 private boolean allowSystemProperties = true; |
255 private boolean notUtf8 = false; |
256 private boolean notUtf8 = false; |
256 private URL url; |
257 private URL url; |
266 * repeatedly, leading to a StackOverflowError or ClassCircularityError. |
267 * repeatedly, leading to a StackOverflowError or ClassCircularityError. |
267 * To avoid this, this set is populated with policy files that have been |
268 * To avoid this, this set is populated with policy files that have been |
268 * previously parsed and have syntax errors, so that they can be |
269 * previously parsed and have syntax errors, so that they can be |
269 * subsequently ignored. |
270 * subsequently ignored. |
270 */ |
271 */ |
271 private static AtomicReference<Set<URL>> badPolicyURLs = |
272 private static Set<URL> badPolicyURLs = |
272 new AtomicReference<>(new HashSet<>()); |
273 Collections.newSetFromMap(new ConcurrentHashMap<URL,Boolean>()); |
273 |
274 |
274 // The default.policy file |
275 // The default.policy file |
275 private static final URL DEFAULT_POLICY_URL = |
276 private static final URL DEFAULT_POLICY_URL = |
276 AccessController.doPrivileged(new PrivilegedAction<>() { |
277 AccessController.doPrivileged(new PrivilegedAction<>() { |
277 @Override |
278 @Override |
339 numCaches = DEFAULT_CACHE_SIZE; |
340 numCaches = DEFAULT_CACHE_SIZE; |
340 } |
341 } |
341 // System.out.println("number caches=" + numCaches); |
342 // System.out.println("number caches=" + numCaches); |
342 PolicyInfo newInfo = new PolicyInfo(numCaches); |
343 PolicyInfo newInfo = new PolicyInfo(numCaches); |
343 initPolicyFile(newInfo, url); |
344 initPolicyFile(newInfo, url); |
344 policyInfo.set(newInfo); |
345 policyInfo = newInfo; |
345 } |
346 } |
346 |
347 |
347 private void initPolicyFile(final PolicyInfo newInfo, final URL url) { |
348 private void initPolicyFile(final PolicyInfo newInfo, final URL url) { |
348 |
349 |
349 // always load default.policy |
350 // always load default.policy |
496 */ |
497 */ |
497 private boolean init(URL policy, PolicyInfo newInfo, boolean defPolicy) { |
498 private boolean init(URL policy, PolicyInfo newInfo, boolean defPolicy) { |
498 |
499 |
499 // skip parsing policy file if it has been previously parsed and |
500 // skip parsing policy file if it has been previously parsed and |
500 // has syntax errors |
501 // has syntax errors |
501 if (badPolicyURLs.get().contains(policy)) { |
502 if (badPolicyURLs.contains(policy)) { |
502 if (debug != null) { |
503 if (debug != null) { |
503 debug.println("skipping bad policy file: " + policy); |
504 debug.println("skipping bad policy file: " + policy); |
504 } |
505 } |
505 return false; |
506 return false; |
506 } |
507 } |
537 } catch (PolicyParser.ParsingException pe) { |
538 } catch (PolicyParser.ParsingException pe) { |
538 if (defPolicy) { |
539 if (defPolicy) { |
539 throw new InternalError("Failed to load default.policy", pe); |
540 throw new InternalError("Failed to load default.policy", pe); |
540 } |
541 } |
541 // record bad policy file to avoid later reparsing it |
542 // record bad policy file to avoid later reparsing it |
542 badPolicyURLs.updateAndGet(k -> { |
543 badPolicyURLs.add(policy); |
543 k.add(policy); |
|
544 return k; |
|
545 }); |
|
546 Object[] source = {policy, pe.getNonlocalizedMessage()}; |
544 Object[] source = {policy, pe.getNonlocalizedMessage()}; |
547 System.err.println(LocalizedMessage.getNonlocalized |
545 System.err.println(LocalizedMessage.getNonlocalized |
548 (POLICY + ".error.parsing.policy.message", source)); |
546 (POLICY + ".error.parsing.policy.message", source)); |
549 if (debug != null) { |
547 if (debug != null) { |
550 pe.printStackTrace(); |
548 pe.printStackTrace(); |
989 * |
987 * |
990 * @see java.security.ProtectionDomain |
988 * @see java.security.ProtectionDomain |
991 */ |
989 */ |
992 @Override |
990 @Override |
993 public boolean implies(ProtectionDomain pd, Permission p) { |
991 public boolean implies(ProtectionDomain pd, Permission p) { |
994 PolicyInfo pi = policyInfo.get(); |
992 ProtectionDomainCache pdMap = policyInfo.getPdMapping(); |
995 ProtectionDomainCache pdMap = pi.getPdMapping(); |
|
996 |
|
997 PermissionCollection pc = pdMap.get(pd); |
993 PermissionCollection pc = pdMap.get(pd); |
998 |
994 |
999 if (pc != null) { |
995 if (pc != null) { |
1000 return pc.implies(p); |
996 return pc.implies(p); |
1001 } |
997 } |
1137 } |
1133 } |
1138 |
1134 |
1139 private Permissions getPermissions(Permissions perms, |
1135 private Permissions getPermissions(Permissions perms, |
1140 final CodeSource cs, |
1136 final CodeSource cs, |
1141 Principal[] principals) { |
1137 Principal[] principals) { |
1142 PolicyInfo pi = policyInfo.get(); |
1138 for (PolicyEntry entry : policyInfo.policyEntries) { |
1143 |
|
1144 for (PolicyEntry entry : pi.policyEntries) { |
|
1145 addPermissions(perms, cs, principals, entry); |
1139 addPermissions(perms, cs, principals, entry); |
1146 } |
1140 } |
1147 |
1141 |
1148 return perms; |
1142 return perms; |
1149 } |
1143 } |