# HG changeset patch # User mullan # Date 1290443234 18000 # Node ID e70d5e55fd1de98f1f814e9f6881f203778edf2e # Parent 15905ab1a64a58c1a2dca74d52951fa9c6a9c713# Parent ff70dc612d95e5b60c61b3928ccc8e7aa4f6b4f1 Merge diff -r 15905ab1a64a -r e70d5e55fd1d jdk/src/share/classes/javax/security/auth/Policy.java --- a/jdk/src/share/classes/javax/security/auth/Policy.java Mon Nov 22 16:11:13 2010 +0000 +++ b/jdk/src/share/classes/javax/security/auth/Policy.java Mon Nov 22 11:27:14 2010 -0500 @@ -25,6 +25,9 @@ package javax.security.auth; +import java.security.Security; +import sun.security.util.Debug; + /** *

This is an abstract class for representing the system policy for * Subject-based authorization. A subclass implementation @@ -159,6 +162,10 @@ private static Policy policy; private static ClassLoader contextClassLoader; + // true if a custom (not com.sun.security.auth.PolicyFile) system-wide + // policy object is set + private static boolean isCustomPolicy; + static { contextClassLoader = java.security.AccessController.doPrivileged (new java.security.PrivilegedAction() { @@ -234,6 +241,8 @@ contextClassLoader).newInstance(); } }); + isCustomPolicy = + !finalClass.equals("com.sun.security.auth.PolicyFile"); } catch (Exception e) { throw new SecurityException (sun.security.util.ResourcesMgr.getString @@ -265,6 +274,46 @@ java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(new AuthPermission("setPolicy")); Policy.policy = policy; + // all non-null policy objects are assumed to be custom + isCustomPolicy = policy != null ? true : false; + } + + /** + * Returns true if a custom (not com.sun.security.auth.PolicyFile) + * system-wide policy object has been set or installed. This method is + * called by SubjectDomainCombiner to provide backwards compatibility for + * developers that provide their own javax.security.auth.Policy + * implementations. + * + * @return true if a custom (not com.sun.security.auth.PolicyFile) + * system-wide policy object has been set; false otherwise + */ + static boolean isCustomPolicySet(Debug debug) { + if (policy != null) { + if (debug != null && isCustomPolicy) { + debug.println("Providing backwards compatibility for " + + "javax.security.auth.policy implementation: " + + policy.toString()); + } + return isCustomPolicy; + } + // check if custom policy has been set using auth.policy.provider prop + String policyClass = java.security.AccessController.doPrivileged + (new java.security.PrivilegedAction() { + public String run() { + return Security.getProperty("auth.policy.provider"); + } + }); + if (policyClass != null + && !policyClass.equals("com.sun.security.auth.PolicyFile")) { + if (debug != null) { + debug.println("Providing backwards compatibility for " + + "javax.security.auth.policy implementation: " + + policyClass); + } + return true; + } + return false; } /** diff -r 15905ab1a64a -r e70d5e55fd1d jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java --- a/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java Mon Nov 22 16:11:13 2010 +0000 +++ b/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java Mon Nov 22 11:27:14 2010 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,6 @@ package javax.security.auth; import java.security.AccessController; -import java.security.AccessControlContext; -import java.security.AllPermission; import java.security.Permission; import java.security.Permissions; import java.security.PermissionCollection; @@ -35,10 +33,8 @@ import java.security.Principal; import java.security.PrivilegedAction; import java.security.ProtectionDomain; -import java.lang.ClassLoader; import java.security.Security; import java.util.Set; -import java.util.Iterator; import java.util.WeakHashMap; import java.lang.ref.WeakReference; @@ -61,7 +57,8 @@ "\t[SubjectDomainCombiner]"); // Note: check only at classloading time, not dynamically during combine() - private static final boolean useJavaxPolicy = compatPolicy(); + private static final boolean useJavaxPolicy = + javax.security.auth.Policy.isCustomPolicySet(debug); // Relevant only when useJavaxPolicy is true private static final boolean allowCaching = @@ -202,8 +199,8 @@ return null; } - // maintain backwards compatibility for people who provide - // their own javax.security.auth.Policy implementations + // maintain backwards compatibility for developers who provide + // their own custom javax.security.auth.Policy implementations if (useJavaxPolicy) { return combineJavaxPolicy(currentDomains, assignedDomains); } @@ -476,8 +473,7 @@ String s = AccessController.doPrivileged (new PrivilegedAction() { public String run() { - return java.security.Security.getProperty - ("cache.auth.policy"); + return Security.getProperty("cache.auth.policy"); } }); if (s != null) { @@ -488,29 +484,6 @@ return true; } - // maintain backwards compatibility for people who provide - // their own javax.security.auth.Policy implementations - private static boolean compatPolicy() { - javax.security.auth.Policy javaxPolicy = AccessController.doPrivileged - (new PrivilegedAction() { - public javax.security.auth.Policy run() { - return javax.security.auth.Policy.getPolicy(); - } - }); - - if (!(javaxPolicy instanceof com.sun.security.auth.PolicyFile)) { - if (debug != null) { - debug.println("Providing backwards compatibility for " + - "javax.security.auth.policy implementation: " + - javaxPolicy.toString()); - } - - return true; - } else { - return false; - } - } - private static void printInputDomains(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) { if (currentDomains == null || currentDomains.length == 0) {