stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Lana Steuck 2014-07-30 11:49:27 -07:00
commit 6c3cdfab32
13 changed files with 163 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
jaxws/src/share/jaf_classes/javax/activation/CommandMap.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -93,10 +93,11 @@ public abstract class CommandMap {
// otherwise, we also allow it if this code and the
// factory come from the same (non-system) class loader (e.g.,
// the JAF classes were loaded with the applet classes).
if (CommandMap.class.getClassLoader() == null ||
CommandMap.class.getClassLoader() !=
commandMap.getClass().getClassLoader())
ClassLoader cl = CommandMap.class.getClassLoader();
if (cl == null || cl.getParent() == null ||
cl != commandMap.getClass().getClassLoader()) {
throw ex;
}
}
}
// remove any per-thread-context-class-loader CommandMap

8
jaxws/src/share/jaf_classes/javax/activation/FileTypeMap.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -96,9 +96,9 @@ public abstract class FileTypeMap {
// otherwise, we also allow it if this code and the
// factory come from the same (non-system) class loader (e.g.,
// the JAF classes were loaded with the applet classes).
if (FileTypeMap.class.getClassLoader() == null ||
FileTypeMap.class.getClassLoader() !=
fileTypeMap.getClass().getClassLoader())
ClassLoader cl = FileTypeMap.class.getClassLoader();
if (cl == null || cl.getParent() == null ||
cl != fileTypeMap.getClass().getClassLoader())
throw ex;
}
}

78
jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/model/nav/ReflectionNavigator.java
View File

@ -35,6 +35,8 @@ import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.lang.reflect.TypeVariable;
import java.lang.reflect.WildcardType;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collection;
@ -264,20 +266,38 @@ import com.sun.xml.internal.bind.v2.runtime.Location;
return clazz.getSimpleName();
}
public Collection<? extends Field> getDeclaredFields(Class clazz) {
return Arrays.asList(clazz.getDeclaredFields());
public Collection<? extends Field> getDeclaredFields(final Class clazz) {
Field[] fields = AccessController.doPrivileged(new PrivilegedAction<Field[]>() {
@Override
public Field[] run() {
return clazz.getDeclaredFields();
}
});
return Arrays.asList(fields);
}
public Field getDeclaredField(Class clazz, String fieldName) {
try {
return clazz.getDeclaredField(fieldName);
} catch (NoSuchFieldException e) {
return null;
}
public Field getDeclaredField(final Class clazz, final String fieldName) {
return AccessController.doPrivileged(new PrivilegedAction<Field>() {
@Override
public Field run() {
try {
return clazz.getDeclaredField(fieldName);
} catch (NoSuchFieldException e) {
return null;
}
}
});
}
public Collection<? extends Method> getDeclaredMethods(Class clazz) {
return Arrays.asList(clazz.getDeclaredMethods());
public Collection<? extends Method> getDeclaredMethods(final Class clazz) {
Method[] methods =
AccessController.doPrivileged(new PrivilegedAction<Method[]>() {
@Override
public Method[] run() {
return clazz.getDeclaredMethods();
}
});
return Arrays.asList(methods);
}
public Class getDeclaringClassForField(Field field) {
@ -565,7 +585,7 @@ import com.sun.xml.internal.bind.v2.runtime.Location;
return method.isBridge();
}
public boolean isOverriding(Method method, Class base) {
public boolean isOverriding(Method method, final Class base) {
// this isn't actually correct,
// as the JLS considers
// class Derived extends Base<Integer> {
@ -576,22 +596,30 @@ import com.sun.xml.internal.bind.v2.runtime.Location;
// }
// to be overrided. Handling this correctly needs a careful implementation
String name = method.getName();
Class[] params = method.getParameterTypes();
final String name = method.getName();
final Class[] params = method.getParameterTypes();
while (base != null) {
try {
if (base.getDeclaredMethod(name, params) != null) {
return true;
return AccessController.doPrivileged(
new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
Class clazz = base;
while (clazz != null) {
try {
Method m = clazz.getDeclaredMethod(name, params);
if (m != null) {
return Boolean.TRUE;
}
} catch (NoSuchMethodException ignored) {
// recursively go into the base class
}
clazz = clazz.getSuperclass();
}
return Boolean.FALSE;
}
}
} catch (NoSuchMethodException e) {
// recursively go into the base class
}
base = base.getSuperclass();
}
return false;
);
}
public boolean isInterface(Class clazz) {

17
jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/JaxBeanInfo.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,6 +28,8 @@ package com.sun.xml.internal.bind.v2.runtime;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
@ -415,6 +417,15 @@ public abstract class JaxBeanInfo<BeanT> {
private static final Class[] unmarshalEventParams = { Unmarshaller.class, Object.class };
private static Class[] marshalEventParams = { Marshaller.class };
private Method[] getDeclaredMethods(final Class<BeanT> c) {
return AccessController.doPrivileged(new PrivilegedAction<Method[]>() {
@Override
public Method[] run() {
return c.getDeclaredMethods();
}
});
}
/**
* use reflection to determine which of the 4 object lifecycle methods exist on
* the JAXB bound type.
@ -428,7 +439,7 @@ public abstract class JaxBeanInfo<BeanT> {
}
while (jt != null) {
for (Method m : jt.getDeclaredMethods()) {
for (Method m : getDeclaredMethods(jt)) {
String name = m.getName();
if (lcm.beforeUnmarshal == null) {
@ -468,7 +479,7 @@ public abstract class JaxBeanInfo<BeanT> {
} catch (SecurityException e) {
// this happens when we don't have enough permission.
logger.log(Level.WARNING, Messages.UNABLE_TO_DISCOVER_EVENTHANDLER.format(
jaxbType.getName(), e));
jaxbType.getName(), e), e);
}
}

3
jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/Accessor.java
View File

@ -229,8 +229,7 @@ public abstract class Accessor<BeanT, ValueT> implements Receiver {
if (!Modifier.isPublic(mod) || Modifier.isFinal(mod) || !Modifier.isPublic(f.getDeclaringClass().getModifiers())) {
try {
// attempt to make it accessible, but do so in the security context of the calling application.
// don't do this in the doPrivilege block, as that would create a security hole for anyone
// to make any field accessible.
// don't do this in the doPrivilege block
f.setAccessible(true);
} catch (SecurityException e) {
if ((!accessWarned) && (!supressAccessorWarnings)) {

39
jaxws/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/runtime/reflect/opt/Injector.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -146,26 +146,31 @@ final class Injector {
private static final Method findLoadedClass;
static {
Method[] m = AccessController.doPrivileged(
new PrivilegedAction<Method[]>() {
@Override
public Method[] run() {
return new Method[]{
getMethod(ClassLoader.class, "defineClass", String.class, byte[].class, Integer.TYPE, Integer.TYPE),
getMethod(ClassLoader.class, "resolveClass", Class.class),
getMethod(ClassLoader.class, "findLoadedClass", String.class)
};
}
}
);
defineClass = m[0];
resolveClass = m[1];
findLoadedClass = m[2];
}
private static Method getMethod(final Class<?> c, final String methodname, final Class<?>... params) {
try {
defineClass = ClassLoader.class.getDeclaredMethod("defineClass", String.class, byte[].class, Integer.TYPE, Integer.TYPE);
resolveClass = ClassLoader.class.getDeclaredMethod("resolveClass", Class.class);
findLoadedClass = ClassLoader.class.getDeclaredMethod("findLoadedClass", String.class);
Method m = c.getDeclaredMethod(methodname, params);
m.setAccessible(true);
return m;
} catch (NoSuchMethodException e) {
// impossible
throw new NoSuchMethodError(e.getMessage());
}
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
// TODO: check security implication
// do these setAccessible allow anyone to call these methods freely?s
defineClass.setAccessible(true);
resolveClass.setAccessible(true);
findLoadedClass.setAccessible(true);
return null;
}
});
}
private Injector(ClassLoader parent) {

28
jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/api/streaming/XMLStreamWriterFactory.java
View File

@ -42,6 +42,8 @@ import java.io.OutputStream;
import java.io.StringWriter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.logging.Level;
import java.util.logging.Logger;
@ -91,8 +93,6 @@ public abstract class XMLStreamWriterFactory {
}
} catch (XMLStreamException ex) {
Logger.getLogger(XMLStreamWriterFactory.class.getName()).log(Level.INFO, null, ex);
} catch (NoSuchMethodException ex) {
Logger.getLogger(XMLStreamWriterFactory.class.getName()).log(Level.INFO, null, ex);
}
}
@ -282,17 +282,31 @@ public abstract class XMLStreamWriterFactory {
return new Zephyr(xof,clazz);
} catch (XMLStreamException e) {
return null; // impossible
} catch (NoSuchMethodException e) {
return null; // this xof wasn't Zephyr
}
}
private Zephyr(XMLOutputFactory xof, Class clazz) throws NoSuchMethodException {
private Zephyr(XMLOutputFactory xof, Class clazz) {
this.xof = xof;
zephyrClass = clazz;
setOutputMethod = clazz.getMethod("setOutput", StreamResult.class, String.class);
resetMethod = clazz.getMethod("reset");
setOutputMethod = getMethod(clazz, "setOutput", StreamResult.class, String.class);
resetMethod = getMethod(clazz, "reset");
}
private static Method getMethod(final Class<?> c, final String methodname, final Class<?>... params) {
return AccessController.doPrivileged(
new PrivilegedAction<Method>() {
@Override
public Method run() {
try {
return c.getMethod(methodname, params);
} catch (NoSuchMethodException e) {
// impossible
throw new NoSuchMethodError(e.getMessage());
}
}
}
);
}
/**

20
jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/assembler/MetroConfigLoader.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,13 +42,12 @@ import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLInputFactory;
import javax.xml.ws.WebServiceException;
import java.lang.reflect.Method;
import java.lang.reflect.ReflectPermission;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.*;
import java.util.PropertyPermission;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.logging.Level;
/**
@ -258,24 +257,13 @@ class MetroConfigLoader {
public JAXBContext run() throws Exception {
return JAXBContext.newInstance(MetroConfig.class.getPackage().getName());
}
}, createSecurityContext()
);
});
} else {
// usage from JAX-WS/Metro/Glassfish
return JAXBContext.newInstance(MetroConfig.class.getPackage().getName());
}
}
private static AccessControlContext createSecurityContext() {
PermissionCollection perms = new Permissions();
perms.add(new RuntimePermission("accessClassInPackage.com" + ".sun.xml.internal.ws.runtime.config")); // avoid repackaging
perms.add(new ReflectPermission("suppressAccessChecks"));
return new AccessControlContext(
new ProtectionDomain[]{
new ProtectionDomain(null, perms),
});
}
private static boolean isJDKInternal() {
// avoid "string repackaging"
return MetroConfigLoader.class.getName().startsWith("com." + "sun.xml.internal.ws");

4
jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/assembler/TubeCreator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -49,7 +49,7 @@ final class TubeCreator {
try {
Class<?> factoryClass;
if (isJDKInternal(className)) {
factoryClass = Class.forName(className, true, null);
factoryClass = Class.forName(className, true, TubeCreator.class.getClassLoader());
} else {
factoryClass = Class.forName(className, true, tubeFactoryClassLoader);
}

7
jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/assembler/TubelineAssemblyController.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -109,11 +109,12 @@ final class TubelineAssemblyController {
}
private Collection<TubeCreator> initializeTubeCreators(TubeFactoryList tfl) {
final ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
ClassLoader tccl = Thread.currentThread().getContextClassLoader();
ClassLoader classLoader = tccl != null ? tccl : TubelineAssemblyController.class.getClassLoader();
LinkedList<TubeCreator> tubeCreators = new LinkedList<TubeCreator>();
for (TubeFactoryConfig tubeFactoryConfig : tfl.getTubeFactoryConfigs()) {
tubeCreators.addFirst(new TubeCreator(tubeFactoryConfig, contextClassLoader));
tubeCreators.addFirst(new TubeCreator(tubeFactoryConfig, classLoader));
}
return tubeCreators;
}

18
jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/client/WSServiceDelegate.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -91,7 +91,8 @@ import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Proxy;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
@ -715,11 +716,6 @@ public class WSServiceDelegate extends WSService {
final ClassLoader loader = getDelegatingLoader(portInterface.getClassLoader(),
WSServiceDelegate.class.getClassLoader());
// accessClassInPackage privilege needs to be granted ...
RuntimePermission perm = new RuntimePermission("accessClassInPackage.com.sun." + "xml.internal.*");
PermissionCollection perms = perm.newPermissionCollection();
perms.add(perm);
return AccessController.doPrivileged(
new PrivilegedAction<T>() {
@Override
@ -728,12 +724,8 @@ public class WSServiceDelegate extends WSService {
new Class[]{portInterface, WSBindingProvider.class, Closeable.class}, pis);
return portInterface.cast(proxy);
}
},
new AccessControlContext(
new ProtectionDomain[]{
new ProtectionDomain(null, perms)
})
);
});
}
private WSDLService getWSDLModelfromSEI(final Class sei) {

13
jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/fault/SOAPFaultBuilder.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -58,12 +58,8 @@ import javax.xml.ws.soap.SOAPFaultException;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.lang.reflect.ReflectPermission;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
@ -569,9 +565,6 @@ public abstract class SOAPFaultBuilder {
// in jdk runtime doPrivileged is necessary since JAX-WS internal classes are in restricted packages
if (isJDKRuntime()) {
Permissions permissions = new Permissions();
permissions.add(new RuntimePermission("accessClassInPackage.com.sun." + "xml.internal.ws.fault"));
permissions.add(new ReflectPermission("suppressAccessChecks"));
return AccessController.doPrivileged(
new PrivilegedAction<JAXBContext>() {
@Override
@ -582,9 +575,7 @@ public abstract class SOAPFaultBuilder {
throw new Error(e);
}
}
},
new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null, permissions)})
);
});
} else {
try {

44
jaxws/src/share/jaxws_classes/com/sun/xml/internal/ws/model/Injector.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -50,28 +50,36 @@ final class Injector {
private static final Method definePackage;
static {
Method[] m = AccessController.doPrivileged(
new PrivilegedAction<Method[]>() {
@Override
public Method[] run() {
return new Method[]{
getMethod(ClassLoader.class, "defineClass", String.class, byte[].class, Integer.TYPE, Integer.TYPE),
getMethod(ClassLoader.class, "resolveClass", Class.class),
getMethod(ClassLoader.class, "getPackage", String.class),
getMethod(ClassLoader.class, "definePackage",
String.class, String.class, String.class, String.class,
String.class, String.class, String.class, URL.class)
};
}
}
);
defineClass = m[0];
resolveClass = m[1];
getPackage = m[2];
definePackage = m[3];
}
private static Method getMethod(final Class<?> c, final String methodname, final Class<?>... params) {
try {
defineClass = ClassLoader.class.getDeclaredMethod("defineClass",String.class,byte[].class,Integer.TYPE,Integer.TYPE);
resolveClass = ClassLoader.class.getDeclaredMethod("resolveClass",Class.class);
getPackage = ClassLoader.class.getDeclaredMethod("getPackage", String.class);
definePackage = ClassLoader.class.getDeclaredMethod("definePackage",
String.class, String.class, String.class, String.class,
String.class, String.class, String.class, URL.class);
Method m = c.getDeclaredMethod(methodname, params);
m.setAccessible(true);
return m;
} catch (NoSuchMethodException e) {
// impossible
throw new NoSuchMethodError(e.getMessage());
}
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
// TODO: check security implication
// do these setAccessible allow anyone to call these methods freely?s
defineClass.setAccessible(true);
resolveClass.setAccessible(true);
getPackage.setAccessible(true);
definePackage.setAccessible(true);
return null;
}
});
}
static synchronized Class inject(ClassLoader cl, String className, byte[] image) {