--- a/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java Thu Mar 21 02:13:49 2013 +0400
+++ b/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java Thu Mar 21 09:26:55 2013 +0100
@@ -1973,8 +1973,7 @@
* does not add it to the list that is consulted by
* ClassLoaderRepository.loadClass.
*/
- final ModifiableClassLoaderRepository clr =
- instantiator.getClassLoaderRepository();
+ final ModifiableClassLoaderRepository clr = getInstantiatorCLR();
if (clr == null) {
final RuntimeException wrapped =
new IllegalArgumentException(
@@ -2000,8 +1999,7 @@
* Removes the MBean from the default loader repository.
*/
if (loader != server.getClass().getClassLoader()) {
- final ModifiableClassLoaderRepository clr =
- instantiator.getClassLoaderRepository();
+ final ModifiableClassLoaderRepository clr = getInstantiatorCLR();
if (clr != null) {
clr.removeClassLoader(logicalName);
}
@@ -2060,5 +2058,12 @@
return ResourceContext.NONE;
}
-
+ private ModifiableClassLoaderRepository getInstantiatorCLR() {
+ return AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() {
+ @Override
+ public ModifiableClassLoaderRepository run() {
+ return instantiator != null ? instantiator.getClassLoaderRepository() : null;
+ }
+ });
+ }
}
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Thu Mar 21 02:13:49 2013 +0400
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java Thu Mar 21 09:26:55 2013 +0100
@@ -32,6 +32,7 @@
import java.io.ObjectInputStream;
import java.security.AccessController;
import java.security.Permission;
+import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.Set;
@@ -227,8 +228,16 @@
clr = new ClassLoaderRepositorySupport();
instantiator = new MBeanInstantiator(clr);
}
+
+ final MBeanInstantiator fInstantiator = instantiator;
this.secureClr = new
- SecureClassLoaderRepository(instantiator.getClassLoaderRepository());
+ SecureClassLoaderRepository(AccessController.doPrivileged(new PrivilegedAction<ClassLoaderRepository>() {
+ @Override
+ public ClassLoaderRepository run() {
+ return fInstantiator.getClassLoaderRepository();
+ }
+ })
+ );
if (delegate == null)
delegate = new MBeanServerDelegateImpl();
if (outer == null)
@@ -1242,8 +1251,14 @@
class loader. The ClassLoaderRepository knows how
to handle that case. */
ClassLoader myLoader = outerShell.getClass().getClassLoader();
- final ModifiableClassLoaderRepository loaders =
- instantiator.getClassLoaderRepository();
+ final ModifiableClassLoaderRepository loaders = AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() {
+
+ @Override
+ public ModifiableClassLoaderRepository run() {
+ return instantiator.getClassLoaderRepository();
+ }
+ });
+
if (loaders != null) {
loaders.addClassLoader(myLoader);
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Thu Mar 21 02:13:49 2013 +0400
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java Thu Mar 21 09:26:55 2013 +0100
@@ -622,6 +622,7 @@
* Return the Default Loader Repository used by this instantiator object.
**/
public ModifiableClassLoaderRepository getClassLoaderRepository() {
+ checkMBeanPermission((String)null, null, null, "getClassLoaderRepository");
return clr;
}
@@ -733,9 +734,19 @@
String member,
ObjectName objectName,
String actions) {
+ if (clazz != null) {
+ checkMBeanPermission(clazz.getName(), member, objectName, actions);
+ }
+ }
+
+ private static void checkMBeanPermission(String classname,
+ String member,
+ ObjectName objectName,
+ String actions)
+ throws SecurityException {
SecurityManager sm = System.getSecurityManager();
- if (clazz != null && sm != null) {
- Permission perm = new MBeanPermission(clazz.getName(),
+ if (sm != null) {
+ Permission perm = new MBeanPermission(classname,
member,
objectName,
actions);