Merge
authormullan
Mon, 22 Nov 2010 11:27:14 -0500
changeset 7293 e70d5e55fd1d
parent 7290 15905ab1a64a (current diff)
parent 7292 ff70dc612d95 (diff)
child 7294 5616c35fa811
Merge
--- a/jdk/src/share/classes/javax/security/auth/Policy.java	Mon Nov 22 16:11:13 2010 +0000
+++ b/jdk/src/share/classes/javax/security/auth/Policy.java	Mon Nov 22 11:27:14 2010 -0500
@@ -25,6 +25,9 @@
 
 package javax.security.auth;
 
+import java.security.Security;
+import sun.security.util.Debug;
+
 /**
  * <p> This is an abstract class for representing the system policy for
  * Subject-based authorization.  A subclass implementation
@@ -159,6 +162,10 @@
     private static Policy policy;
     private static ClassLoader contextClassLoader;
 
+    // true if a custom (not com.sun.security.auth.PolicyFile) system-wide
+    // policy object is set
+    private static boolean isCustomPolicy;
+
     static {
         contextClassLoader = java.security.AccessController.doPrivileged
                 (new java.security.PrivilegedAction<ClassLoader>() {
@@ -234,6 +241,8 @@
                                         contextClassLoader).newInstance();
                             }
                         });
+                        isCustomPolicy =
+                            !finalClass.equals("com.sun.security.auth.PolicyFile");
                     } catch (Exception e) {
                         throw new SecurityException
                                 (sun.security.util.ResourcesMgr.getString
@@ -265,6 +274,46 @@
         java.lang.SecurityManager sm = System.getSecurityManager();
         if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
         Policy.policy = policy;
+        // all non-null policy objects are assumed to be custom
+        isCustomPolicy = policy != null ? true : false;
+    }
+
+    /**
+     * Returns true if a custom (not com.sun.security.auth.PolicyFile)
+     * system-wide policy object has been set or installed. This method is
+     * called by SubjectDomainCombiner to provide backwards compatibility for
+     * developers that provide their own javax.security.auth.Policy
+     * implementations.
+     *
+     * @return true if a custom (not com.sun.security.auth.PolicyFile)
+     * system-wide policy object has been set; false otherwise
+     */
+    static boolean isCustomPolicySet(Debug debug) {
+        if (policy != null) {
+            if (debug != null && isCustomPolicy) {
+                debug.println("Providing backwards compatibility for " +
+                              "javax.security.auth.policy implementation: " +
+                              policy.toString());
+            }
+            return isCustomPolicy;
+        }
+        // check if custom policy has been set using auth.policy.provider prop
+        String policyClass = java.security.AccessController.doPrivileged
+            (new java.security.PrivilegedAction<String>() {
+                public String run() {
+                    return Security.getProperty("auth.policy.provider");
+                }
+        });
+        if (policyClass != null
+            && !policyClass.equals("com.sun.security.auth.PolicyFile")) {
+            if (debug != null) {
+                debug.println("Providing backwards compatibility for " +
+                              "javax.security.auth.policy implementation: " +
+                              policyClass);
+            }
+            return true;
+        }
+        return false;
     }
 
     /**
--- a/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java	Mon Nov 22 16:11:13 2010 +0000
+++ b/jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java	Mon Nov 22 11:27:14 2010 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,6 @@
 package javax.security.auth;
 
 import java.security.AccessController;
-import java.security.AccessControlContext;
-import java.security.AllPermission;
 import java.security.Permission;
 import java.security.Permissions;
 import java.security.PermissionCollection;
@@ -35,10 +33,8 @@
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
-import java.lang.ClassLoader;
 import java.security.Security;
 import java.util.Set;
-import java.util.Iterator;
 import java.util.WeakHashMap;
 import java.lang.ref.WeakReference;
 
@@ -61,7 +57,8 @@
                                         "\t[SubjectDomainCombiner]");
 
     // Note: check only at classloading time, not dynamically during combine()
-    private static final boolean useJavaxPolicy = compatPolicy();
+    private static final boolean useJavaxPolicy =
+        javax.security.auth.Policy.isCustomPolicySet(debug);
 
     // Relevant only when useJavaxPolicy is true
     private static final boolean allowCaching =
@@ -202,8 +199,8 @@
             return null;
         }
 
-        // maintain backwards compatibility for people who provide
-        // their own javax.security.auth.Policy implementations
+        // maintain backwards compatibility for developers who provide
+        // their own custom javax.security.auth.Policy implementations
         if (useJavaxPolicy) {
             return combineJavaxPolicy(currentDomains, assignedDomains);
         }
@@ -476,8 +473,7 @@
         String s = AccessController.doPrivileged
             (new PrivilegedAction<String>() {
             public String run() {
-                return java.security.Security.getProperty
-                                        ("cache.auth.policy");
+                return Security.getProperty("cache.auth.policy");
             }
         });
         if (s != null) {
@@ -488,29 +484,6 @@
         return true;
     }
 
-    // maintain backwards compatibility for people who provide
-    // their own javax.security.auth.Policy implementations
-    private static boolean compatPolicy() {
-        javax.security.auth.Policy javaxPolicy = AccessController.doPrivileged
-            (new PrivilegedAction<javax.security.auth.Policy>() {
-            public javax.security.auth.Policy run() {
-                return javax.security.auth.Policy.getPolicy();
-            }
-        });
-
-        if (!(javaxPolicy instanceof com.sun.security.auth.PolicyFile)) {
-            if (debug != null) {
-                debug.println("Providing backwards compatibility for " +
-                        "javax.security.auth.policy implementation: " +
-                        javaxPolicy.toString());
-            }
-
-            return true;
-        } else {
-            return false;
-        }
-    }
-
     private static void printInputDomains(ProtectionDomain[] currentDomains,
                                 ProtectionDomain[] assignedDomains) {
         if (currentDomains == null || currentDomains.length == 0) {