< prev index next >
src/java.base/share/classes/java/security/Policy.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 47,57 ****
* <p> If no Policy object has been installed in the runtime, a call to
* {@code getPolicy} installs an instance of the default Policy
* implementation (a default subclass implementation of this abstract class).
* The default Policy implementation can be changed by setting the value
* of the {@code policy.provider} security property to the fully qualified
! * name of the desired Policy subclass implementation.
*
* <p> Application code can directly subclass Policy to provide a custom
* implementation. In addition, an instance of a Policy object can be
* constructed by invoking one of the {@code getInstance} factory methods
* with a standard type. The default policy type is "JavaPolicy".
--- 47,58 ----
* <p> If no Policy object has been installed in the runtime, a call to
* {@code getPolicy} installs an instance of the default Policy
* implementation (a default subclass implementation of this abstract class).
* The default Policy implementation can be changed by setting the value
* of the {@code policy.provider} security property to the fully qualified
! * name of the desired Policy subclass implementation. The system class loader
! * is used to load this class.
*
* <p> Application code can directly subclass Policy to provide a custom
* implementation. In addition, an instance of a Policy object can be
* constructed by invoking one of the {@code getInstance} factory methods
* with a standard type. The default policy type is "JavaPolicy".
*** 109,118 ****
--- 110,123 ----
private static AtomicReference<PolicyInfo> policy =
new AtomicReference<>(new PolicyInfo(null, false));
private static final Debug debug = Debug.getInstance("policy");
+ // Default policy provider
+ private static final String DEFAULT_POLICY =
+ "sun.security.provider.PolicyFile";
+
// Cache mapping ProtectionDomain.Key to PermissionCollection
private WeakHashMap<ProtectionDomain.Key, PermissionCollection> pdMapping;
/** package private for AccessControlContext and ProtectionDomain */
static boolean isSet()
*** 167,249 ****
// already initialized
if (pi.initialized == false || pi.policy == null) {
synchronized (Policy.class) {
PolicyInfo pinfo = policy.get();
if (pinfo.policy == null) {
! String policy_class = AccessController.doPrivileged(
! new PrivilegedAction<String>() {
! public String run() {
! return Security.getProperty("policy.provider");
}
! });
! if (policy_class == null) {
! policy_class = "sun.security.provider.PolicyFile";
}
! try {
! pinfo = new PolicyInfo(
! (Policy) Class.forName(policy_class).newInstance(),
! true);
! } catch (Exception e) {
/*
! * The policy_class seems to be an extension
! * so we have to bootstrap loading it via a policy
! * provider that is on the bootclasspath.
! * If it loads then shift gears to using the configured
! * provider.
*/
! // install the bootstrap provider to avoid recursion
Policy polFile = new sun.security.provider.PolicyFile();
! pinfo = new PolicyInfo(polFile, false);
! policy.set(pinfo);
! final String pc = policy_class;
! Policy pol = AccessController.doPrivileged(
! new PrivilegedAction<Policy>() {
! public Policy run() {
try {
! ClassLoader cl =
! ClassLoader.getSystemClassLoader();
! // we want the extension loader
! ClassLoader extcl = null;
! while (cl != null) {
! extcl = cl;
! cl = cl.getParent();
! }
! return (extcl != null ? (Policy)Class.forName(
! pc, true, extcl).newInstance() : null);
} catch (Exception e) {
if (debug != null) {
! debug.println("policy provider " +
! pc +
" not available");
e.printStackTrace();
}
- return null;
}
! }
! });
! /*
! * if it loaded install it as the policy provider. Otherwise
! * continue to use the system default implementation
! */
! if (pol != null) {
! pinfo = new PolicyInfo(pol, true);
! } else {
if (debug != null) {
! debug.println("using sun.security.provider.PolicyFile");
! }
! pinfo = new PolicyInfo(polFile, true);
}
}
! policy.set(pinfo);
! }
! return pinfo.policy;
! }
! }
! return pi.policy;
}
/**
* Sets the system-wide Policy object. This method first calls
* {@code SecurityManager.checkPermission} with a
--- 172,245 ----
// already initialized
if (pi.initialized == false || pi.policy == null) {
synchronized (Policy.class) {
PolicyInfo pinfo = policy.get();
if (pinfo.policy == null) {
! return loadPolicyProvider();
! }
! return pinfo.policy;
}
! }
! return pi.policy;
}
! /**
! * Loads and instantiates a Policy implementation specified by the
! * policy.provider security property. Note that this method should only
! * be called by getPolicyNoCheck and from within a synchronized block with
! * an intrinsic lock on the Policy.class.
! */
! private static Policy loadPolicyProvider() {
! String policyProvider =
! AccessController.doPrivileged((PrivilegedAction<String>)
! () -> Security.getProperty("policy.provider"));
!
/*
! * If policy.provider is not set or is set to the default provider,
! * simply instantiate it and return.
*/
+ if (policyProvider == null || policyProvider.isEmpty() ||
+ policyProvider.equals(DEFAULT_POLICY))
+ {
+ Policy polFile = new sun.security.provider.PolicyFile();
+ policy.set(new PolicyInfo(polFile, true));
+ return polFile;
+ }
! /*
! * Locate, load, and instantiate the policy.provider impl using
! * the system class loader. While doing so, install the bootstrap
! * provider to avoid potential recursion.
! */
Policy polFile = new sun.security.provider.PolicyFile();
! policy.set(new PolicyInfo(polFile, false));
! Policy pol = null;
try {
! pol = AccessController.doPrivileged(
! (PrivilegedExceptionAction<Policy>) () ->
! {
! ClassLoader scl = ClassLoader.getSystemClassLoader();
! Class<?> c = Class.forName(policyProvider, true, scl);
! return (Policy)c.newInstance();
! });
} catch (Exception e) {
if (debug != null) {
! debug.println("policy provider " + policyProvider +
" not available");
e.printStackTrace();
}
}
! if (pol == null) {
! // Fallback and use the system default implementation
if (debug != null) {
! debug.println("using " + DEFAULT_POLICY);
}
+ pol = polFile;
}
! policy.set(new PolicyInfo(pol, true));
! return pol;
}
/**
* Sets the system-wide Policy object. This method first calls
* {@code SecurityManager.checkPermission} with a
< prev index next >