< prev index next >
src/java.desktop/share/classes/sun/applet/AppletSecurity.java
Print this page
rev 15908 : 8165271: Fix use of reflection to gain access to private fields
Reviewed-by:
*** 1,7 ****
/*
! * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 38,77 ****
import java.util.Iterator;
import java.util.HashSet;
import java.util.StringTokenizer;
import java.security.*;
import java.lang.reflect.*;
import sun.awt.AWTSecurityManager;
import sun.awt.AppContext;
import sun.awt.AWTPermissions;
import sun.security.util.SecurityConstants;
/**
* This class defines an applet security policy
*
*/
public
class AppletSecurity extends AWTSecurityManager {
!
! //URLClassLoader.acc
! private static Field facc = null;
!
! //AccessControlContext.context;
! private static Field fcontext = null;
!
! static {
! try {
! facc = URLClassLoader.class.getDeclaredField("acc");
! facc.setAccessible(true);
! fcontext = AccessControlContext.class.getDeclaredField("context");
! fcontext.setAccessible(true);
! } catch (NoSuchFieldException e) {
! throw new UnsupportedOperationException(e);
! }
! }
!
/**
* Construct and initialize.
*/
public AppletSecurity() {
--- 38,66 ----
import java.util.Iterator;
import java.util.HashSet;
import java.util.StringTokenizer;
import java.security.*;
import java.lang.reflect.*;
+ import jdk.internal.misc.JavaNetUrlClassLoaderAccess;
+ import jdk.internal.misc.JavaSecurityAccess;
+ import jdk.internal.misc.SharedSecrets;
import sun.awt.AWTSecurityManager;
import sun.awt.AppContext;
import sun.awt.AWTPermissions;
import sun.security.util.SecurityConstants;
+
/**
* This class defines an applet security policy
*
*/
public
class AppletSecurity extends AWTSecurityManager {
! private static final JavaNetUrlClassLoaderAccess JNUCLA
! = SharedSecrets.getJavaNetUrlClassLoaderAccess();
! private static final JavaSecurityAccess JSA = SharedSecrets.getJavaSecurityAccess();
/**
* Construct and initialize.
*/
public AppletSecurity() {
*** 146,169 ****
*/
for (int i = 0; i < context.length; i++) {
final ClassLoader currentLoader = context[i].getClassLoader();
if (currentLoader instanceof URLClassLoader) {
loader = AccessController.doPrivileged(
new PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
AccessControlContext acc = null;
ProtectionDomain[] pds = null;
try {
! acc = (AccessControlContext) facc.get(currentLoader);
if (acc == null) {
return null;
}
! pds = (ProtectionDomain[]) fcontext.get(acc);
if (pds == null) {
return null;
}
} catch (Exception e) {
throw new UnsupportedOperationException(e);
--- 135,159 ----
*/
for (int i = 0; i < context.length; i++) {
final ClassLoader currentLoader = context[i].getClassLoader();
if (currentLoader instanceof URLClassLoader) {
+ URLClassLoader ld = (URLClassLoader)currentLoader;
loader = AccessController.doPrivileged(
new PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
AccessControlContext acc = null;
ProtectionDomain[] pds = null;
try {
! acc = JNUCLA.getAccessControlContext(ld);
if (acc == null) {
return null;
}
! pds = JSA.getProtectDomains(acc);
if (pds == null) {
return null;
}
} catch (Exception e) {
throw new UnsupportedOperationException(e);
< prev index next >