src/share/classes/sun/rmi/registry/RegistryImpl.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 27,36 ****
--- 27,37 ----
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
+ import java.io.FilePermission;
import java.io.IOException;
import java.net.*;
import java.rmi.*;
import java.rmi.server.ObjID;
import java.rmi.server.RemoteServer;
*** 52,62 ****
import sun.rmi.server.UnicastServerRef;
import sun.rmi.server.UnicastServerRef2;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.ObjectTable;
import sun.rmi.transport.Target;
- import sun.security.action.GetPropertyAction;
/**
* A "registry" exists on every node that allows RMI connections to
* servers on that node. The registry on a particular node contains a
* transient database that maps names to remote objects. When the
--- 53,62 ----
*** 333,355 ****
envcp = "."; // preserve old default behavior
}
URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp);
ClassLoader cl = new URLClassLoader(urls);
- String codebaseProperty = null;
- String prop = java.security.AccessController.doPrivileged(
- new GetPropertyAction("java.rmi.server.codebase"));
- if (prop != null && prop.trim().length() > 0) {
- codebaseProperty = prop;
- }
- URL[] codebaseURLs = null;
- if (codebaseProperty != null) {
- codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty);
- } else {
- codebaseURLs = new URL[0];
- }
-
/*
* Fix bugid 4242317: Classes defined by this class loader should
* be annotated with the value of the "java.rmi.server.codebase"
* property, not the "file:" URLs for the CLASSPATH elements.
*/
--- 333,342 ----
*** 363,373 ****
registry = AccessController.doPrivileged(
new PrivilegedExceptionAction<RegistryImpl>() {
public RegistryImpl run() throws RemoteException {
return new RegistryImpl(regPort);
}
! }, getAccessControlContext(codebaseURLs));
} catch (PrivilegedActionException ex) {
throw (RemoteException) ex.getException();
}
// prevent registry from exiting
--- 350,360 ----
registry = AccessController.doPrivileged(
new PrivilegedExceptionAction<RegistryImpl>() {
public RegistryImpl run() throws RemoteException {
return new RegistryImpl(regPort);
}
! }, getAccessControlContext());
} catch (PrivilegedActionException ex) {
throw (RemoteException) ex.getException();
}
// prevent registry from exiting
*** 389,403 ****
}
System.exit(1);
}
/**
! * Generates an AccessControlContext from several URLs.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
! private static AccessControlContext getAccessControlContext(URL[] urls) {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
--- 376,390 ----
}
System.exit(1);
}
/**
! * Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
! private static AccessControlContext getAccessControlContext() {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
*** 418,436 ****
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
! // add permissions required to load from codebase URL path
! LoaderHandler.addPermissionsForURLs(urls, perms, false);
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
! new CodeSource((urls.length > 0 ? urls[0] : null),
! (java.security.cert.Certificate[]) null),
! perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
}
--- 405,421 ----
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
! perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
! new CodeSource(null,
! (java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
}