19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.rmi.server;
27
28 import java.io.IOException;
29 import java.io.InputStream;
30 import java.io.ObjectInputStream;
31 import java.io.ObjectStreamClass;
32 import java.io.StreamCorruptedException;
33 import java.net.URL;
34 import java.util.*;
35 import java.security.AccessControlException;
36 import java.security.Permission;
37
38 import java.rmi.server.RMIClassLoader;
39
40 /**
41 * MarshalInputStream is an extension of ObjectInputStream. When resolving
42 * a class, it reads an object from the stream written by a corresponding
43 * MarshalOutputStream. If the class to be resolved is not available
44 * locally, from the first class loader on the execution stack, or from the
45 * context class loader of the current thread, it will attempt to load the
46 * class from the location annotated by the sending MarshalOutputStream.
47 * This location object must be a string representing a path of URLs.
48 *
49 * A new MarshalInputStream should be created to deserialize remote objects or
50 * graphs containing remote objects. Objects are created from the stream
51 * using the ObjectInputStream.readObject method.
52 *
53 * @author Peter Jones
54 */
55 public class MarshalInputStream extends ObjectInputStream {
56
57 /**
58 * Value of "java.rmi.server.useCodebaseOnly" property,
59 * as cached at class initialization time.
60 *
61 * The default value is true. That is, the value is true
62 * if the property is absent or is not equal to "false".
63 * The value is only false when the property is present
64 * and is equal to "false".
65 */
66 private static final boolean useCodebaseOnlyProperty =
67 ! java.security.AccessController.doPrivileged(
68 new sun.security.action.GetPropertyAction(
69 "java.rmi.server.useCodebaseOnly", "true"))
70 .equalsIgnoreCase("false");
71
72 /** table to hold sun classes to which access is explicitly permitted */
73 protected static Map<String, Class<?>> permittedSunClasses
74 = new HashMap<>(3);
75
76 /** if true, don't try superclass first in resolveClass() */
77 private boolean skipDefaultResolveClass = false;
78
79 /** callbacks to make when done() called: maps Object to Runnable */
80 private final Map<Object, Runnable> doneCallbacks
81 = new HashMap<>(3);
82
83 /**
84 * if true, load classes (if not available locally) only from the
85 * URL specified by the "java.rmi.server.codebase" property.
86 */
87 private boolean useCodebaseOnly = useCodebaseOnlyProperty;
88
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.rmi.server;
27
28 import java.io.IOException;
29 import java.io.InputStream;
30 import java.io.ObjectInputStream;
31 import java.io.ObjectStreamClass;
32 import java.io.StreamCorruptedException;
33 import java.net.URL;
34 import java.util.*;
35 import java.security.AccessControlException;
36 import java.security.Permission;
37
38 import java.rmi.server.RMIClassLoader;
39 import java.security.PrivilegedAction;
40
41 /**
42 * MarshalInputStream is an extension of ObjectInputStream. When resolving
43 * a class, it reads an object from the stream written by a corresponding
44 * MarshalOutputStream. If the class to be resolved is not available
45 * locally, from the first class loader on the execution stack, or from the
46 * context class loader of the current thread, it will attempt to load the
47 * class from the location annotated by the sending MarshalOutputStream.
48 * This location object must be a string representing a path of URLs.
49 *
50 * A new MarshalInputStream should be created to deserialize remote objects or
51 * graphs containing remote objects. Objects are created from the stream
52 * using the ObjectInputStream.readObject method.
53 *
54 * @author Peter Jones
55 */
56 public class MarshalInputStream extends ObjectInputStream {
57
58 /**
59 * Value of "java.rmi.server.useCodebaseOnly" property,
60 * as cached at class initialization time.
61 *
62 * The default value is true. That is, the value is true
63 * if the property is absent or is not equal to "false".
64 * The value is only false when the property is present
65 * and is equal to "false".
66 */
67 private static final boolean useCodebaseOnlyProperty =
68 ! java.security.AccessController.doPrivileged(
69 (PrivilegedAction<String>) () -> System.getProperty(
70 "java.rmi.server.useCodebaseOnly", "true"))
71 .equalsIgnoreCase("false");
72
73 /** table to hold sun classes to which access is explicitly permitted */
74 protected static Map<String, Class<?>> permittedSunClasses
75 = new HashMap<>(3);
76
77 /** if true, don't try superclass first in resolveClass() */
78 private boolean skipDefaultResolveClass = false;
79
80 /** callbacks to make when done() called: maps Object to Runnable */
81 private final Map<Object, Runnable> doneCallbacks
82 = new HashMap<>(3);
83
84 /**
85 * if true, load classes (if not available locally) only from the
86 * URL specified by the "java.rmi.server.codebase" property.
87 */
88 private boolean useCodebaseOnly = useCodebaseOnlyProperty;
89
|