modules/web/src/main/java/com/sun/webkit/network/NetworkContext.java
Print this page
rev 8410 : RT-39421: Security exception in Service.cancel when running sandboxed applet
@@ -38,10 +38,11 @@
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import java.util.logging.Logger;
import com.sun.webkit.WebPage;
+import java.security.Permission;
final class NetworkContext {
private static final Logger logger =
Logger.getLogger(NetworkContext.class.getName());
@@ -191,23 +192,36 @@
*/
private static final class URLLoaderThreadFactory implements ThreadFactory {
private final ThreadGroup group;
private final AtomicInteger index = new AtomicInteger(1);
+ // Need to assert the modifyThread and modifyThreadGroup permission when
+ // creating the thread from the URLLoaderThreadFactory, so we can
+ // create the thread with the desired ThreadGroup.
+ // Note that this is needed when running as an applet or a web start app.
+ private static final Permission modifyThreadGroupPerm = new RuntimePermission("modifyThreadGroup");
+ private static final Permission modifyThreadPerm = new RuntimePermission("modifyThread");
+
private URLLoaderThreadFactory() {
SecurityManager sm = System.getSecurityManager();
group = (sm != null) ? sm.getThreadGroup()
: Thread.currentThread().getThreadGroup();
}
@Override
public Thread newThread(Runnable r) {
+ // Assert the modifyThread and modifyThreadGroup permissions
+ return
+ AccessController.doPrivileged((PrivilegedAction<Thread>) () -> {
Thread t = new Thread(group, r,
"URL-Loader-" + index.getAndIncrement());
t.setDaemon(true);
if (t.getPriority() != Thread.NORM_PRIORITY) {
t.setPriority(Thread.NORM_PRIORITY);
}
return t;
+ },
+ null,
+ modifyThreadGroupPerm, modifyThreadPerm);
}
}
}