modules/web/src/main/java/com/sun/webkit/network/NetworkContext.java

Print this page
rev 8410 : RT-39421: Security exception in Service.cancel when running sandboxed applet

*** 38,47 **** --- 38,48 ---- import java.util.concurrent.atomic.AtomicInteger; import java.util.logging.Level; import java.util.logging.Logger; import com.sun.webkit.WebPage; + import java.security.Permission; final class NetworkContext { private static final Logger logger = Logger.getLogger(NetworkContext.class.getName());
*** 191,213 **** --- 192,227 ---- */ private static final class URLLoaderThreadFactory implements ThreadFactory { private final ThreadGroup group; private final AtomicInteger index = new AtomicInteger(1); + // Need to assert the modifyThread and modifyThreadGroup permission when + // creating the thread from the URLLoaderThreadFactory, so we can + // create the thread with the desired ThreadGroup. + // Note that this is needed when running as an applet or a web start app. + private static final Permission modifyThreadGroupPerm = new RuntimePermission("modifyThreadGroup"); + private static final Permission modifyThreadPerm = new RuntimePermission("modifyThread"); + private URLLoaderThreadFactory() { SecurityManager sm = System.getSecurityManager(); group = (sm != null) ? sm.getThreadGroup() : Thread.currentThread().getThreadGroup(); } @Override public Thread newThread(Runnable r) { + // Assert the modifyThread and modifyThreadGroup permissions + return + AccessController.doPrivileged((PrivilegedAction<Thread>) () -> { Thread t = new Thread(group, r, "URL-Loader-" + index.getAndIncrement()); t.setDaemon(true); if (t.getPriority() != Thread.NORM_PRIORITY) { t.setPriority(Thread.NORM_PRIORITY); } return t; + }, + null, + modifyThreadGroupPerm, modifyThreadPerm); } } }