--- a/jdk/src/share/classes/javax/security/auth/Policy.java Mon Nov 22 09:43:58 2010 +0800
+++ b/jdk/src/share/classes/javax/security/auth/Policy.java Mon Nov 22 10:18:33 2010 -0500
@@ -25,6 +25,9 @@
package javax.security.auth;
+import java.security.Security;
+import sun.security.util.Debug;
+
/**
* <p> This is an abstract class for representing the system policy for
* Subject-based authorization. A subclass implementation
@@ -159,6 +162,10 @@
private static Policy policy;
private static ClassLoader contextClassLoader;
+ // true if a custom (not com.sun.security.auth.PolicyFile) system-wide
+ // policy object is set
+ private static boolean isCustomPolicy;
+
static {
contextClassLoader = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<ClassLoader>() {
@@ -234,6 +241,8 @@
contextClassLoader).newInstance();
}
});
+ isCustomPolicy =
+ !finalClass.equals("com.sun.security.auth.PolicyFile");
} catch (Exception e) {
throw new SecurityException
(sun.security.util.ResourcesMgr.getString
@@ -265,6 +274,46 @@
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
Policy.policy = policy;
+ // all non-null policy objects are assumed to be custom
+ isCustomPolicy = policy != null ? true : false;
+ }
+
+ /**
+ * Returns true if a custom (not com.sun.security.auth.PolicyFile)
+ * system-wide policy object has been set or installed. This method is
+ * called by SubjectDomainCombiner to provide backwards compatibility for
+ * developers that provide their own javax.security.auth.Policy
+ * implementations.
+ *
+ * @return true if a custom (not com.sun.security.auth.PolicyFile)
+ * system-wide policy object has been set; false otherwise
+ */
+ static boolean isCustomPolicySet(Debug debug) {
+ if (policy != null) {
+ if (debug != null && isCustomPolicy) {
+ debug.println("Providing backwards compatibility for " +
+ "javax.security.auth.policy implementation: " +
+ policy.toString());
+ }
+ return isCustomPolicy;
+ }
+ // check if custom policy has been set using auth.policy.provider prop
+ String policyClass = java.security.AccessController.doPrivileged
+ (new java.security.PrivilegedAction<String>() {
+ public String run() {
+ return Security.getProperty("auth.policy.provider");
+ }
+ });
+ if (policyClass != null
+ && !policyClass.equals("com.sun.security.auth.PolicyFile")) {
+ if (debug != null) {
+ debug.println("Providing backwards compatibility for " +
+ "javax.security.auth.policy implementation: " +
+ policyClass);
+ }
+ return true;
+ }
+ return false;
}
/**
--- a/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java Mon Nov 22 09:43:58 2010 +0800
+++ b/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java Mon Nov 22 10:18:33 2010 -0500
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,6 @@
package javax.security.auth;
import java.security.AccessController;
-import java.security.AccessControlContext;
-import java.security.AllPermission;
import java.security.Permission;
import java.security.Permissions;
import java.security.PermissionCollection;
@@ -35,10 +33,8 @@
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
-import java.lang.ClassLoader;
import java.security.Security;
import java.util.Set;
-import java.util.Iterator;
import java.util.WeakHashMap;
import java.lang.ref.WeakReference;
@@ -61,7 +57,8 @@
"\t[SubjectDomainCombiner]");
// Note: check only at classloading time, not dynamically during combine()
- private static final boolean useJavaxPolicy = compatPolicy();
+ private static final boolean useJavaxPolicy =
+ javax.security.auth.Policy.isCustomPolicySet(debug);
// Relevant only when useJavaxPolicy is true
private static final boolean allowCaching =
@@ -202,8 +199,8 @@
return null;
}
- // maintain backwards compatibility for people who provide
- // their own javax.security.auth.Policy implementations
+ // maintain backwards compatibility for developers who provide
+ // their own custom javax.security.auth.Policy implementations
if (useJavaxPolicy) {
return combineJavaxPolicy(currentDomains, assignedDomains);
}
@@ -476,8 +473,7 @@
String s = AccessController.doPrivileged
(new PrivilegedAction<String>() {
public String run() {
- return java.security.Security.getProperty
- ("cache.auth.policy");
+ return Security.getProperty("cache.auth.policy");
}
});
if (s != null) {
@@ -488,29 +484,6 @@
return true;
}
- // maintain backwards compatibility for people who provide
- // their own javax.security.auth.Policy implementations
- private static boolean compatPolicy() {
- javax.security.auth.Policy javaxPolicy = AccessController.doPrivileged
- (new PrivilegedAction<javax.security.auth.Policy>() {
- public javax.security.auth.Policy run() {
- return javax.security.auth.Policy.getPolicy();
- }
- });
-
- if (!(javaxPolicy instanceof com.sun.security.auth.PolicyFile)) {
- if (debug != null) {
- debug.println("Providing backwards compatibility for " +
- "javax.security.auth.policy implementation: " +
- javaxPolicy.toString());
- }
-
- return true;
- } else {
- return false;
- }
- }
-
private static void printInputDomains(ProtectionDomain[] currentDomains,
ProtectionDomain[] assignedDomains) {
if (currentDomains == null || currentDomains.length == 0) {