From 455cd24c9541114abe0a297a27be30c219fe399c Mon Sep 17 00:00:00 2001
From: Dmitry Samersoff <dsamersoff@openjdk.org>
Date: Mon, 8 Jul 2013 16:15:39 +0400
Subject: [PATCH] 8008589: Better MBean permission validation

Better MBean permission validation

Reviewed-by: skoivu, dfuchs, mchung, sjiang
---
 .../management/MBeanTrustPermission.java      | 35 ++++++++++++++-----
 1 file changed, 27 insertions(+), 8 deletions(-)

diff --git a/jdk/src/share/classes/javax/management/MBeanTrustPermission.java b/jdk/src/share/classes/javax/management/MBeanTrustPermission.java
index 040f0ddd653..605201a9f8d 100644
--- a/jdk/src/share/classes/javax/management/MBeanTrustPermission.java
+++ b/jdk/src/share/classes/javax/management/MBeanTrustPermission.java
@@ -26,6 +26,9 @@
 package javax.management;
 
 import java.security.BasicPermission;
+import java.io.IOException;
+import java.io.InvalidObjectException;
+import java.io.ObjectInputStream;
 
 /**
  * This permission represents "trust" in a signer or codebase.
@@ -75,15 +78,31 @@ public class MBeanTrustPermission extends BasicPermission {
      */
     public MBeanTrustPermission(String name, String actions) {
         super(name, actions);
-        /* Check that actions is a null empty string */
-        if (actions != null && actions.length() > 0)
-            throw new IllegalArgumentException("MBeanTrustPermission " +
-                                               "actions must be null: " +
-                                               actions);
+        validate(name,actions);
+    }
 
-        if (!name.equals("register") && !name.equals("*"))
-            throw new IllegalArgumentException("MBeanTrustPermission: " +
-                                               "Unknown target name " +
+    private static void validate(String name, String actions) {
+        /* Check that actions is a null empty string */
+        if (actions != null && actions.length() > 0) {
+            throw new IllegalArgumentException("MBeanTrustPermission actions must be null: " +
+                                               actions);
+        }
+
+        if (!name.equals("register") && !name.equals("*")) {
+            throw new IllegalArgumentException("MBeanTrustPermission: Unknown target name " +
                                                "[" + name + "]");
+        }
+    }
+
+    private void readObject(ObjectInputStream in)
+         throws IOException, ClassNotFoundException {
+
+        // Reading private fields of base class
+        in.defaultReadObject();
+        try {
+            validate(super.getName(),super.getActions());
+        } catch (IllegalArgumentException e) {
+            throw new InvalidObjectException(e.getMessage());
+        }
     }
 }