< prev index next >
src/share/classes/javax/security/auth/SubjectDomainCombiner.java
Print this page
rev 1419 : 8147771: Construction of static protection domains under Javax custom policy
Summary: Changed SubjectDomainCombiner to combine static PD as is even when custom policy is enabled.
Reviewed-by: valeriep
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -35,10 +35,12 @@
import java.security.ProtectionDomain;
import java.security.Security;
import java.util.Set;
import java.util.WeakHashMap;
import java.lang.ref.WeakReference;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecurityProtectionDomainAccess;
/**
* A <code>SubjectDomainCombiner</code> updates ProtectionDomains
* with Principals from the <code>Subject</code> associated with this
* <code>SubjectDomainCombiner</code>.
@@ -62,10 +64,13 @@
// Relevant only when useJavaxPolicy is true
private static final boolean allowCaching =
(useJavaxPolicy && cachePolicy());
+ private static final JavaSecurityProtectionDomainAccess pdAccess =
+ SharedSecrets.getJavaSecurityProtectionDomainAccess();
+
/**
* Associate the provided <code>Subject</code> with this
* <code>SubjectDomainCombiner</code>.
*
* <p>
@@ -236,14 +241,20 @@
ProtectionDomain pd = currentDomains[i];
subjectPd = cachedPDs.getValue(pd);
if (subjectPd == null) {
+ if (pdAccess.getStaticPermissionsField(pd)) {
+ // Need to keep static ProtectionDomain objects static
+ subjectPd = new ProtectionDomain(pd.getCodeSource(),
+ pd.getPermissions());
+ } else {
subjectPd = new ProtectionDomain(pd.getCodeSource(),
pd.getPermissions(),
pd.getClassLoader(),
principals);
+ }
cachedPDs.putValue(pd, subjectPd);
} else {
allNew = false;
}
newDomains[i] = subjectPd;
@@ -336,39 +347,43 @@
for (int i = 0; i < cLen; i++) {
ProtectionDomain pd = currentDomains[i];
ProtectionDomain subjectPd = cachedPDs.getValue(pd);
if (subjectPd == null) {
-
+ if (pdAccess.getStaticPermissionsField(pd)) {
+ // keep static ProtectionDomain objects static
+ subjectPd = new ProtectionDomain(pd.getCodeSource(),
+ pd.getPermissions());
+ } else {
// XXX
// we must first add the original permissions.
// that way when we later add the new JAAS permissions,
// any unresolved JAAS-related permissions will
// automatically get resolved.
// get the original perms
Permissions perms = new Permissions();
PermissionCollection coll = pd.getPermissions();
- java.util.Enumeration e;
+ java.util.Enumeration<Permission> e;
if (coll != null) {
synchronized (coll) {
e = coll.elements();
while (e.hasMoreElements()) {
Permission newPerm =
- (Permission)e.nextElement();
+ e.nextElement();
perms.add(newPerm);
}
}
}
// get perms from the policy
-
final java.security.CodeSource finalCs = pd.getCodeSource();
final Subject finalS = subject;
PermissionCollection newPerms =
java.security.AccessController.doPrivileged
(new PrivilegedAction<PermissionCollection>() {
+ @SuppressWarnings("deprecation")
public PermissionCollection run() {
return
javax.security.auth.Policy.getPolicy().getPermissions
(finalS, finalCs);
}
@@ -377,22 +392,22 @@
// add the newly granted perms,
// avoiding duplicates
synchronized (newPerms) {
e = newPerms.elements();
while (e.hasMoreElements()) {
- Permission newPerm = (Permission)e.nextElement();
+ Permission newPerm = e.nextElement();
if (!perms.implies(newPerm)) {
perms.add(newPerm);
if (debug != null)
debug.println (
"Adding perm " + newPerm + "\n");
}
}
}
subjectPd = new ProtectionDomain
(finalCs, perms, pd.getClassLoader(), principals);
-
+ }
if (allowCaching)
cachedPDs.putValue(pd, subjectPd);
}
newDomains[i] = subjectPd;
}
< prev index next >