src/share/classes/com/sun/jndi/ldap/VersionHelper.java
Print this page
@@ -25,32 +25,78 @@
package com.sun.jndi.ldap;
import java.net.MalformedURLException;
import java.net.URL;
+import sun.misc.SharedSecrets;
+import java.net.URLClassLoader;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
-abstract class VersionHelper {
+public class VersionHelper {
- private static final VersionHelper helper = new VersionHelper12();
+ private static final VersionHelper helper = new VersionHelper();
VersionHelper() {} // Disallow anyone from creating one of these.
static VersionHelper getVersionHelper() {
return helper;
}
- abstract ClassLoader getURLClassLoader(String[] url)
- throws MalformedURLException;
+ ClassLoader getURLClassLoader(String[] url)
+ throws MalformedURLException {
+ ClassLoader parent = getContextClassLoader();
+ /*
+ * Classes may only be loaded from an arbitrary URL code base when
+ * the system property com.sun.jndi.ldap.object.trustURLCodebase
+ * has been set to "true".
+ */
+ if (url != null && trustURLCodebase) {
+ return URLClassLoader.newInstance(getUrlArray(url), parent);
+ } else {
+ return parent;
+ }
+ }
static protected URL[] getUrlArray(String[] url) throws MalformedURLException {
URL[] urlArray = new URL[url.length];
for (int i = 0; i < urlArray.length; i++) {
urlArray[i] = new URL(url[i]);
}
return urlArray;
}
- abstract Class<?> loadClass(String className) throws ClassNotFoundException;
+ Class<?> loadClass(String className) throws ClassNotFoundException {
+ return Class.forName(className, true, getContextClassLoader());
+ }
+
+ Thread createThread(Runnable r) {
+ AccessControlContext acc = AccessController.getContext();
+ // 4290486: doPrivileged is needed to create a thread in
+ // an environment that restricts "modifyThreadGroup".
+ PrivilegedAction<Thread> act =
+ () -> SharedSecrets.getJavaLangAccess().newThreadWithAcc(r, acc);
+ return AccessController.doPrivileged(act);
+ }
+
+ private ClassLoader getContextClassLoader() {
+ PrivilegedAction<ClassLoader> act =
+ Thread.currentThread()::getContextClassLoader;
+ return AccessController.doPrivileged(act);
+ }
- abstract Thread createThread(Runnable r);
+ /**
+ * Determines whether classes may be loaded from an arbitrary URL code base.
+ */
+ private static final boolean trustURLCodebase;
+
+ static {
+ // System property to control whether classes may be loaded from an
+ // arbitrary URL code base
+ PrivilegedAction<String> act =
+ () -> System.getProperty("com.sun.jndi.ldap.object.trustURLCodebase", "false");
+ String trust = AccessController.doPrivileged(act);
+ trustURLCodebase = "true".equalsIgnoreCase(trust);
+ }
}