ActivationGroup
is responsible for creating new
@@ -436,11 +437,14 @@
{
if (currSystem == null) {
try {
+ String host = AccessController.doPrivileged(
+ new GetPropertyAction("sun.rmi.activation.host",
+ ""));
int port = AccessController.doPrivileged(
new GetIntegerAction("java.rmi.activation.port",
ActivationSystem.SYSTEM_PORT));
currSystem = (ActivationSystem)
- Naming.lookup("//:" + port +
+ Naming.lookup("//" + host + ":" + port +
"/java.rmi.activation.ActivationSystem");
} catch (Exception e) {
throw new ActivationException(
--- old/src/share/classes/sun/rmi/server/Activation.java 2013-07-16 00:14:14.584019882 -0400
+++ new/src/share/classes/sun/rmi/server/Activation.java 2013-07-16 00:14:14.584019882 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -74,6 +74,7 @@
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.RemoteObject;
import java.rmi.server.RemoteServer;
+import java.rmi.server.ServerNotActiveException;
import java.rmi.server.UnicastRemoteObject;
import java.security.AccessControlException;
import java.security.AccessController;
@@ -84,6 +85,7 @@
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.text.MessageFormat;
@@ -107,6 +109,7 @@
import sun.rmi.runtime.NewThreadAction;
import sun.rmi.server.UnicastServerRef;
import sun.rmi.transport.LiveRef;
+import sun.rmi.transport.tcp.TCPTransport;
import sun.security.action.GetBooleanAction;
import sun.security.action.GetIntegerAction;
import sun.security.action.GetPropertyAction;
@@ -182,6 +185,31 @@
private static final Object initLock = new Object();
private static boolean initDone = false;
+ private static final InetAddress remoteClientAddress;
+ static {
+ remoteClientAddress = java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction
+ * Use the default policy as implemented in RegistryImpl.checkAccess,
+ * unless the sun.rmi.activation.remoteClient property is set, and in
+ * that case only allow access from that host.
+ *
+ * @param op name of operation used to create a meaningful exception
+ * message, the parameter is not used to determine access
+ */
+ static void checkAccess(String op) throws AccessException {
+ if (remoteClientAddress == null) {
+ /*
+ * Note, the op arg to checkAccess is only used to build an
+ * access exception message if needed.
+ */
+ RegistryImpl.checkAccess(op);
+ return;
+ }
+
+ InetAddress clientHost;
+
+ try {
+ // Get client host that this operation was made from.
+ final String clientHostName = TCPTransport.getClientHost();
+
+ try {
+ clientHost = java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedExceptionAction