Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8021360: object not exported" on start of JMXConnectorServer for RMI-IIOP protocol with security manager
authorjbachorik
Thu, 08 Aug 2013 19:16:27 +0200
changeset 20838 d292e6a0481f
parent 20837 a9837567647e
child 20839 a3fd5c769680
8021360: object not exported" on start of JMXConnectorServer for RMI-IIOP protocol with security manager Reviewed-by: alanb, ahgross, smarks, coffeys
jdk/src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java file | annotate | diff | comparison | revisions 
--- a/jdk/src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java	Wed Aug 07 14:37:22 2013 +0400
+++ b/jdk/src/share/classes/com/sun/jmx/remote/protocol/iiop/IIOPProxyImpl.java	Thu Aug 08 19:16:27 2013 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009,2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,13 +36,34 @@
 import java.rmi.NoSuchObjectException;
 
 import com.sun.jmx.remote.internal.IIOPProxy;
+import java.io.SerializablePermission;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permissions;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.security.ProtectionDomain;
 
 /**
- * An implementatin of IIOPProxy that simply delegates to the appropriate
+ * An implementation of IIOPProxy that simply delegates to the appropriate
  * RMI-IIOP and CORBA APIs.
  */
 
 public class IIOPProxyImpl implements IIOPProxy {
+    // special ACC used to initialize the IIOP stub
+    // the only allowed privilege is SerializablePermission("enableSubclassImplementation")
+    private static final AccessControlContext STUB_ACC;
+
+    static {
+        Permissions p = new Permissions();
+        p.add(new SerializablePermission("enableSubclassImplementation"));
+        STUB_ACC = new AccessControlContext(
+            new ProtectionDomain[]{
+                new ProtectionDomain(null, p)
+            }
+        );
+    }
+
     public IIOPProxyImpl() { }
 
     @Override
@@ -113,7 +134,24 @@
     }
 
     @Override
-    public Remote toStub(Remote obj) throws NoSuchObjectException {
-        return PortableRemoteObject.toStub(obj);
+    public Remote toStub(final Remote obj) throws NoSuchObjectException {
+        if (System.getSecurityManager() == null) {
+            return PortableRemoteObject.toStub(obj);
+        } else {
+            try {
+                return AccessController.doPrivileged(new PrivilegedExceptionAction<Remote>() {
+
+                    @Override
+                    public Remote run() throws Exception {
+                        return PortableRemoteObject.toStub(obj);
+                    }
+                }, STUB_ACC);
+            } catch (PrivilegedActionException e) {
+                if (e.getException() instanceof NoSuchObjectException) {
+                    throw (NoSuchObjectException)e.getException();
+                }
+                throw new RuntimeException("Unexpected exception type", e.getException());
+            }
+        }
     }
 }
jdk-sandbox