src/share/classes/sun/rmi/registry/RegistryImpl.java
Print this page
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 1996, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -27,10 +27,11 @@
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
+import java.io.FilePermission;
import java.io.IOException;
import java.net.*;
import java.rmi.*;
import java.rmi.server.ObjID;
import java.rmi.server.RemoteServer;
@@ -52,11 +53,10 @@
import sun.rmi.server.UnicastServerRef;
import sun.rmi.server.UnicastServerRef2;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.ObjectTable;
import sun.rmi.transport.Target;
-import sun.security.action.GetPropertyAction;
/**
* A "registry" exists on every node that allows RMI connections to
* servers on that node. The registry on a particular node contains a
* transient database that maps names to remote objects. When the
@@ -333,23 +333,10 @@
envcp = "."; // preserve old default behavior
}
URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp);
ClassLoader cl = new URLClassLoader(urls);
- String codebaseProperty = null;
- String prop = java.security.AccessController.doPrivileged(
- new GetPropertyAction("java.rmi.server.codebase"));
- if (prop != null && prop.trim().length() > 0) {
- codebaseProperty = prop;
- }
- URL[] codebaseURLs = null;
- if (codebaseProperty != null) {
- codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty);
- } else {
- codebaseURLs = new URL[0];
- }
-
/*
* Fix bugid 4242317: Classes defined by this class loader should
* be annotated with the value of the "java.rmi.server.codebase"
* property, not the "file:" URLs for the CLASSPATH elements.
*/
@@ -363,11 +350,11 @@
registry = AccessController.doPrivileged(
new PrivilegedExceptionAction<RegistryImpl>() {
public RegistryImpl run() throws RemoteException {
return new RegistryImpl(regPort);
}
- }, getAccessControlContext(codebaseURLs));
+ }, getAccessControlContext());
} catch (PrivilegedActionException ex) {
throw (RemoteException) ex.getException();
}
// prevent registry from exiting
@@ -389,15 +376,15 @@
}
System.exit(1);
}
/**
- * Generates an AccessControlContext from several URLs.
+ * Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
- private static AccessControlContext getAccessControlContext(URL[] urls) {
+ private static AccessControlContext getAccessControlContext() {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
public PermissionCollection run() {
CodeSource codesource = new CodeSource(null,
@@ -418,19 +405,17 @@
*/
perms.add(new SocketPermission("*", "connect,accept"));
perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
- // add permissions required to load from codebase URL path
- LoaderHandler.addPermissionsForURLs(urls, perms, false);
+ perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
- new CodeSource((urls.length > 0 ? urls[0] : null),
- (java.security.cert.Certificate[]) null),
- perms);
+ new CodeSource(null,
+ (java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
}