--- old/src/share/classes/com/sun/jndi/ldap/VersionHelper.java 2014-07-25 13:53:59.000000000 +0100 +++ new/src/share/classes/com/sun/jndi/ldap/VersionHelper.java 2014-07-25 13:53:59.000000000 +0100 @@ -27,10 +27,15 @@ import java.net.MalformedURLException; import java.net.URL; +import sun.misc.SharedSecrets; +import java.net.URLClassLoader; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; -abstract class VersionHelper { +public class VersionHelper { - private static final VersionHelper helper = new VersionHelper12(); + private static final VersionHelper helper = new VersionHelper(); VersionHelper() {} // Disallow anyone from creating one of these. @@ -38,8 +43,20 @@ return helper; } - abstract ClassLoader getURLClassLoader(String[] url) - throws MalformedURLException; + ClassLoader getURLClassLoader(String[] url) + throws MalformedURLException { + ClassLoader parent = getContextClassLoader(); + /* + * Classes may only be loaded from an arbitrary URL code base when + * the system property com.sun.jndi.ldap.object.trustURLCodebase + * has been set to "true". + */ + if (url != null && trustURLCodebase) { + return URLClassLoader.newInstance(getUrlArray(url), parent); + } else { + return parent; + } + } static protected URL[] getUrlArray(String[] url) throws MalformedURLException { @@ -50,7 +67,36 @@ return urlArray; } - abstract Class loadClass(String className) throws ClassNotFoundException; + Class loadClass(String className) throws ClassNotFoundException { + return Class.forName(className, true, getContextClassLoader()); + } + + Thread createThread(Runnable r) { + AccessControlContext acc = AccessController.getContext(); + // 4290486: doPrivileged is needed to create a thread in + // an environment that restricts "modifyThreadGroup". + PrivilegedAction act = + () -> SharedSecrets.getJavaLangAccess().newThreadWithAcc(r, acc); + return AccessController.doPrivileged(act); + } + + private ClassLoader getContextClassLoader() { + PrivilegedAction act = + Thread.currentThread()::getContextClassLoader; + return AccessController.doPrivileged(act); + } - abstract Thread createThread(Runnable r); + /** + * Determines whether classes may be loaded from an arbitrary URL code base. + */ + private static final boolean trustURLCodebase; + + static { + // System property to control whether classes may be loaded from an + // arbitrary URL code base + PrivilegedAction act = + () -> System.getProperty("com.sun.jndi.ldap.object.trustURLCodebase", "false"); + String trust = AccessController.doPrivileged(act); + trustURLCodebase = "true".equalsIgnoreCase(trust); + } } --- old/src/share/classes/com/sun/naming/internal/VersionHelper.java 2014-07-25 13:54:00.000000000 +0100 +++ new/src/share/classes/com/sun/naming/internal/VersionHelper.java 2014-07-25 13:54:00.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,10 +27,20 @@ import java.io.InputStream; import java.io.IOException; +import java.io.File; +import java.io.FileInputStream; import java.net.MalformedURLException; import java.net.URL; import java.util.StringTokenizer; import java.util.Vector; +import java.util.NoSuchElementException; +import java.util.Enumeration; +import java.util.Properties; +import java.net.URLClassLoader; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import javax.naming.NamingEnumeration; @@ -45,10 +55,10 @@ * @author Scott Seligman */ -public abstract class VersionHelper { - private static VersionHelper helper = null; +public final class VersionHelper { + private static VersionHelper helper = new VersionHelper(); - final static String[] PROPS = new String[] { + final static String[] PROPS = new String[]{ javax.naming.Context.INITIAL_CONTEXT_FACTORY, javax.naming.Context.OBJECT_FACTORIES, javax.naming.Context.URL_PKG_PREFIXES, @@ -69,29 +79,54 @@ VersionHelper() {} // Disallow anyone from creating one of these. - static { - helper = new VersionHelper12(); - } - public static VersionHelper getVersionHelper() { return helper; } - public abstract Class loadClass(String className) - throws ClassNotFoundException; + public Class loadClass(String className) + throws ClassNotFoundException { + return loadClass(className, getContextClassLoader()); + } - abstract Class loadClass(String className, ClassLoader cl) - throws ClassNotFoundException; + /** + * Package private. + *

+ * This internal method is used with Thread Context Class Loader (TCCL), + * please don't expose this method as public. + */ + Class loadClass(String className, ClassLoader cl) + throws ClassNotFoundException { + Class cls = Class.forName(className, true, cl); + return cls; + } - public abstract Class loadClass(String className, String codebase) - throws ClassNotFoundException, MalformedURLException; + /** + * @param className A non-null fully qualified class name. + * @param codebase A non-null, space-separated list of URL strings. + */ + public Class loadClass(String className, String codebase) + throws ClassNotFoundException, MalformedURLException { + ClassLoader parent = getContextClassLoader(); + ClassLoader cl = + URLClassLoader.newInstance(getUrlArray(codebase), parent); + return loadClass(className, cl); + } /* * Returns a JNDI property from the system properties. Returns * null if the property is not set, or if there is no permission * to read it. */ - abstract String getJndiProperty(int i); + String getJndiProperty(int i) { + PrivilegedAction act = () -> { + try { + return System.getProperty(PROPS[i]); + } catch (SecurityException e) { + return null; + } + }; + return AccessController.doPrivileged(act); + } /* * Reads each property in PROPS from the system properties, and @@ -99,13 +134,33 @@ * unset property, the corresponding array element is set to null. * Returns null if there is no permission to call System.getProperties(). */ - abstract String[] getJndiProperties(); + String[] getJndiProperties() { + PrivilegedAction act = () -> { + try { + return System.getProperties(); + } catch (SecurityException e) { + return null; + } + }; + Properties sysProps = AccessController.doPrivileged(act); + if (sysProps == null) { + return null; + } + String[] jProps = new String[PROPS.length]; + for (int i = 0; i < PROPS.length; i++) { + jProps[i] = sysProps.getProperty(PROPS[i]); + } + return jProps; + } /* * Returns the resource of a given name associated with a particular * class (never null), or null if none can be found. */ - abstract InputStream getResourceAsStream(Class c, String name); + InputStream getResourceAsStream(Class c, String name) { + PrivilegedAction act = () -> c.getResourceAsStream(name); + return AccessController.doPrivileged(act); + } /* * Returns an input stream for a file in /lib, @@ -113,7 +168,22 @@ * * @param filename The file name, sans directory. */ - abstract InputStream getJavaHomeLibStream(String filename); + InputStream getJavaHomeLibStream(String filename) { + PrivilegedAction act = () -> { + try { + String javahome = System.getProperty("java.home"); + if (javahome == null) { + return null; + } + String pathname = javahome + File.separator + + "lib" + File.separator + filename; + return new FileInputStream(pathname); + } catch (Exception e) { + return null; + } + }; + return AccessController.doPrivileged(act); + } /* * Returns an enumeration (never null) of InputStreams of the @@ -121,17 +191,43 @@ * loader. Null represents the bootstrap class loader in some * Java implementations. */ - abstract NamingEnumeration getResources( + NamingEnumeration getResources( ClassLoader cl, String name) - throws IOException; + throws IOException { + Enumeration urls; + PrivilegedExceptionAction> act = () -> + (cl == null) + ? ClassLoader.getSystemResources(name) + : cl.getResources(name); + try { + urls = AccessController.doPrivileged(act); + } catch (PrivilegedActionException e) { + throw (IOException) e.getException(); + } + return new InputStreamEnumeration(urls); + } /* - * Returns the context class loader associated with the current thread. - * Null indicates the bootstrap class loader in some Java implementations. - * + * Package private. + *

+ * This internal method returns Thread Context Class Loader (TCCL), + * if null, returns the system Class Loader. + *

+ * Please don't expose this method as public. * @throws SecurityException if the class loader is not accessible. */ - abstract ClassLoader getContextClassLoader(); + ClassLoader getContextClassLoader() { + + PrivilegedAction act = () -> { + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + if (loader == null) { + // Don't use bootstrap class loader directly! + loader = ClassLoader.getSystemClassLoader(); + } + return loader; + }; + return AccessController.doPrivileged(act); + } static protected URL[] getUrlArray(String codebase) throws MalformedURLException { @@ -152,4 +248,70 @@ } return urlArray; } + + /** + * Given an enumeration of URLs, an instance of this class represents + * an enumeration of their InputStreams. Each operation on the URL + * enumeration is performed within a doPrivileged block. + * This is used to enumerate the resources under a foreign codebase. + * This class is not MT-safe. + */ + private class InputStreamEnumeration implements + NamingEnumeration { + + private final Enumeration urls; + + private InputStream nextElement; + + InputStreamEnumeration(Enumeration urls) { + this.urls = urls; + } + + /* + * Returns the next InputStream, or null if there are no more. + * An InputStream that cannot be opened is skipped. + */ + private InputStream getNextElement() { + PrivilegedAction act = () -> { + while (urls.hasMoreElements()) { + try { + return urls.nextElement().openStream(); + } catch (IOException e) { + // skip this URL + } + } + return null; + }; + return AccessController.doPrivileged(act); + } + + public boolean hasMore() { + if (nextElement != null) { + return true; + } + nextElement = getNextElement(); + return (nextElement != null); + } + + public boolean hasMoreElements() { + return hasMore(); + } + + public InputStream next() { + if (hasMore()) { + InputStream res = nextElement; + nextElement = null; + return res; + } else { + throw new NoSuchElementException(); + } + } + + public InputStream nextElement() { + return next(); + } + + public void close() { + } + } } --- old/src/share/classes/com/sun/jndi/ldap/VersionHelper12.java 2014-07-25 13:54:01.000000000 +0100 +++ /dev/null 2014-07-25 13:54:01.000000000 +0100 @@ -1,98 +0,0 @@ -/* - * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.jndi.ldap; - -import java.net.URLClassLoader; -import java.net.MalformedURLException; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.PrivilegedAction; -import sun.misc.SharedSecrets; - -final class VersionHelper12 extends VersionHelper { - - // System property to control whether classes may be loaded from an - // arbitrary URL code base. - private static final String TRUST_URL_CODEBASE_PROPERTY = - "com.sun.jndi.ldap.object.trustURLCodebase"; - - // Determine whether classes may be loaded from an arbitrary URL code base. - private static final String trustURLCodebase = - AccessController.doPrivileged( - new PrivilegedAction() { - public String run() { - return System.getProperty(TRUST_URL_CODEBASE_PROPERTY, - "false"); - } - } - ); - - VersionHelper12() {} // Disallow external from creating one of these. - - ClassLoader getURLClassLoader(String[] url) - throws MalformedURLException { - ClassLoader parent = getContextClassLoader(); - /* - * Classes may only be loaded from an arbitrary URL code base when - * the system property com.sun.jndi.ldap.object.trustURLCodebase - * has been set to "true". - */ - if (url != null && "true".equalsIgnoreCase(trustURLCodebase)) { - return URLClassLoader.newInstance(getUrlArray(url), parent); - } else { - return parent; - } - } - - Class loadClass(String className) throws ClassNotFoundException { - ClassLoader cl = getContextClassLoader(); - return Class.forName(className, true, cl); - } - - private ClassLoader getContextClassLoader() { - return AccessController.doPrivileged( - new PrivilegedAction() { - public ClassLoader run() { - return Thread.currentThread().getContextClassLoader(); - } - } - ); - } - - Thread createThread(final Runnable r) { - final AccessControlContext acc = AccessController.getContext(); - // 4290486: doPrivileged is needed to create a thread in - // an environment that restricts "modifyThreadGroup". - return AccessController.doPrivileged( - new PrivilegedAction() { - public Thread run() { - return SharedSecrets.getJavaLangAccess() - .newThreadWithAcc(r, acc); - } - } - ); - } -} --- old/src/share/classes/com/sun/naming/internal/VersionHelper12.java 2014-07-25 13:54:01.000000000 +0100 +++ /dev/null 2014-07-25 13:54:01.000000000 +0100 @@ -1,268 +0,0 @@ -/* - * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.naming.internal; - -import java.io.InputStream; -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URLClassLoader; -import java.net.URL; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; -import java.util.Enumeration; -import java.util.NoSuchElementException; -import java.util.Properties; - -import javax.naming.*; - -/** - * VersionHelper was used by JNDI to accommodate differences between - * JDK 1.1.x and the Java 2 platform. As this is no longer necessary - * since JNDI's inclusion in the platform, this class currently - * serves as a set of utilities for performing system-level things, - * such as class-loading and reading system properties. - * - * @author Rosanna Lee - * @author Scott Seligman - */ - -final class VersionHelper12 extends VersionHelper { - - // Disallow external from creating one of these. - VersionHelper12() { - } - - public Class loadClass(String className) throws ClassNotFoundException { - return loadClass(className, getContextClassLoader()); - } - - /** - * Package private. - * - * This internal method is used with Thread Context Class Loader (TCCL), - * please don't expose this method as public. - */ - Class loadClass(String className, ClassLoader cl) - throws ClassNotFoundException { - Class cls = Class.forName(className, true, cl); - return cls; - } - - /** - * @param className A non-null fully qualified class name. - * @param codebase A non-null, space-separated list of URL strings. - */ - public Class loadClass(String className, String codebase) - throws ClassNotFoundException, MalformedURLException { - - ClassLoader parent = getContextClassLoader(); - ClassLoader cl = - URLClassLoader.newInstance(getUrlArray(codebase), parent); - - return loadClass(className, cl); - } - - String getJndiProperty(final int i) { - return AccessController.doPrivileged( - new PrivilegedAction() { - public String run() { - try { - return System.getProperty(PROPS[i]); - } catch (SecurityException e) { - return null; - } - } - } - ); - } - - String[] getJndiProperties() { - Properties sysProps = AccessController.doPrivileged( - new PrivilegedAction() { - public Properties run() { - try { - return System.getProperties(); - } catch (SecurityException e) { - return null; - } - } - } - ); - if (sysProps == null) { - return null; - } - String[] jProps = new String[PROPS.length]; - for (int i = 0; i < PROPS.length; i++) { - jProps[i] = sysProps.getProperty(PROPS[i]); - } - return jProps; - } - - InputStream getResourceAsStream(final Class c, final String name) { - return AccessController.doPrivileged( - new PrivilegedAction() { - public InputStream run() { - return c.getResourceAsStream(name); - } - } - ); - } - - InputStream getJavaHomeLibStream(final String filename) { - return AccessController.doPrivileged( - new PrivilegedAction() { - public InputStream run() { - try { - String javahome = System.getProperty("java.home"); - if (javahome == null) { - return null; - } - String pathname = javahome + java.io.File.separator + - "lib" + java.io.File.separator + filename; - return new java.io.FileInputStream(pathname); - } catch (Exception e) { - return null; - } - } - } - ); - } - - NamingEnumeration getResources(final ClassLoader cl, - final String name) throws IOException { - Enumeration urls; - try { - urls = AccessController.doPrivileged( - new PrivilegedExceptionAction>() { - public Enumeration run() throws IOException { - return (cl == null) - ? ClassLoader.getSystemResources(name) - : cl.getResources(name); - } - } - ); - } catch (PrivilegedActionException e) { - throw (IOException)e.getException(); - } - return new InputStreamEnumeration(urls); - } - - /** - * Package private. - * - * This internal method returns Thread Context Class Loader (TCCL), - * if null, returns the system Class Loader. - * - * Please don't expose this method as public. - */ - ClassLoader getContextClassLoader() { - - return AccessController.doPrivileged( - new PrivilegedAction() { - public ClassLoader run() { - ClassLoader loader = - Thread.currentThread().getContextClassLoader(); - if (loader == null) { - // Don't use bootstrap class loader directly! - loader = ClassLoader.getSystemClassLoader(); - } - - return loader; - } - } - ); - } - - /** - * Given an enumeration of URLs, an instance of this class represents - * an enumeration of their InputStreams. Each operation on the URL - * enumeration is performed within a doPrivileged block. - * This is used to enumerate the resources under a foreign codebase. - * This class is not MT-safe. - */ - class InputStreamEnumeration implements NamingEnumeration { - - private final Enumeration urls; - - private InputStream nextElement = null; - - InputStreamEnumeration(Enumeration urls) { - this.urls = urls; - } - - /* - * Returns the next InputStream, or null if there are no more. - * An InputStream that cannot be opened is skipped. - */ - private InputStream getNextElement() { - return AccessController.doPrivileged( - new PrivilegedAction() { - public InputStream run() { - while (urls.hasMoreElements()) { - try { - return urls.nextElement().openStream(); - } catch (IOException e) { - // skip this URL - } - } - return null; - } - } - ); - } - - public boolean hasMore() { - if (nextElement != null) { - return true; - } - nextElement = getNextElement(); - return (nextElement != null); - } - - public boolean hasMoreElements() { - return hasMore(); - } - - public InputStream next() { - if (hasMore()) { - InputStream res = nextElement; - nextElement = null; - return res; - } else { - throw new NoSuchElementException(); - } - } - - public InputStream nextElement() { - return next(); - } - - public void close() { - } - } -}