stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Lana Steuck 2011-03-21 17:22:16 -07:00
commit 76ed3a763b
27 changed files with 636 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jdk/make/sun/net/FILES_java.gmk
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
# Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@ -34,6 +34,7 @@ FILES_java = \
sun/net/ProgressListener.java \
sun/net/ProgressMeteringPolicy.java \
sun/net/SocksProxy.java \
sun/net/ResourceManager.java \
sun/net/TelnetInputStream.java \
sun/net/TelnetOutputStream.java \
sun/net/TelnetProtocolException.java \
@ -100,6 +101,7 @@ FILES_java = \
sun/net/www/protocol/http/NegotiateAuthentication.java \
sun/net/www/protocol/http/Negotiator.java \
sun/net/www/protocol/http/ntlm/NTLMAuthentication.java \
sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java \
sun/net/www/protocol/http/spnego/NegotiatorImpl.java \
sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java \
sun/net/www/protocol/http/logging/HttpLogFormatter.java \

9
jdk/src/share/classes/com/sun/org/apache/xml/internal/security/transforms/Transform.java
View File

@ -210,6 +210,8 @@ public final class Transform extends SignatureElementProxy {
public static void init() {
if (!alreadyInitialized) {
transformClassHash = new HashMap(10);
// make sure builtin algorithms are all registered first
com.sun.org.apache.xml.internal.security.Init.init();
alreadyInitialized = true;
}
}
@ -236,12 +238,7 @@ public final class Transform extends SignatureElementProxy {
"algorithm.alreadyRegistered", exArgs);
}
ClassLoader cl = (ClassLoader) AccessController.doPrivileged(
new PrivilegedAction() {
public Object run() {
return Thread.currentThread().getContextClassLoader();
}
});
ClassLoader cl = Thread.currentThread().getContextClassLoader();
try {
transformClassHash.put

25
jdk/src/share/classes/java/awt/AWTEvent.java
View File

@ -33,6 +33,11 @@ import java.lang.reflect.Field;
import sun.awt.AWTAccessor;
import sun.util.logging.PlatformLogger;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.io.ObjectInputStream;
import java.io.IOException;
/**
* The root event class for all AWT events.
* This class and its subclasses supercede the original
@ -97,6 +102,22 @@ public abstract class AWTEvent extends EventObject {
*/
protected boolean consumed = false;
/*
* The event's AccessControlContext.
*/
private transient volatile AccessControlContext acc =
AccessController.getContext();
/*
* Returns the acc this event was constructed with.
*/
final AccessControlContext getAccessControlContext() {
if (acc == null) {
throw new SecurityException("AWTEvent is missing AccessControlContext");
}
return acc;
}
transient boolean focusManagerIsDispatching = false;
transient boolean isPosted;
@ -247,6 +268,10 @@ public abstract class AWTEvent extends EventObject {
public boolean isSystemGenerated(AWTEvent ev) {
return ev.isSystemGenerated;
}
public AccessControlContext getAccessControlContext(AWTEvent ev) {
return ev.getAccessControlContext();
}
});
}

23
jdk/src/share/classes/java/awt/Component.java
View File

@ -59,6 +59,7 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.AccessControlContext;
import javax.accessibility.*;
import java.applet.Applet;
@ -471,6 +472,12 @@ public abstract class Component implements ImageObserver, MenuContainer,
static final Object LOCK = new AWTTreeLock();
static class AWTTreeLock {}
/*
* The component's AccessControlContext.
*/
private transient volatile AccessControlContext acc =
AccessController.getContext();
/**
* Minimum size.
* (This field perhaps should have been transient).
@ -671,6 +678,16 @@ public abstract class Component implements ImageObserver, MenuContainer,
return objectLock;
}
/*
* Returns the acc this component was constructed with.
*/
final AccessControlContext getAccessControlContext() {
if (acc == null) {
throw new SecurityException("Component is missing AccessControlContext");
}
return acc;
}
boolean isPacked = false;
/**
@ -950,6 +967,10 @@ public abstract class Component implements ImageObserver, MenuContainer,
public void processEvent(Component comp, AWTEvent e) {
comp.processEvent(e);
}
public AccessControlContext getAccessControlContext(Component comp) {
return comp.getAccessControlContext();
}
});
}
@ -8613,6 +8634,8 @@ public abstract class Component implements ImageObserver, MenuContainer,
{
objectLock = new Object();
acc = AccessController.getContext();
s.defaultReadObject();
appContext = AppContext.getAppContext();

51
jdk/src/share/classes/java/awt/EventQueue.java
View File

@ -48,6 +48,12 @@ import sun.awt.AWTAccessor;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.Lock;
import java.security.AccessControlContext;
import java.security.ProtectionDomain;
import sun.misc.SharedSecrets;
import sun.misc.JavaSecurityAccess;
/**
* <code>EventQueue</code> is a platform-independent class
* that queues events, both from the underlying peer classes
@ -612,6 +618,9 @@ public class EventQueue {
return null;
}
private static final JavaSecurityAccess javaSecurityAccess =
SharedSecrets.getJavaSecurityAccess();
/**
* Dispatches an event. The manner in which the event is
* dispatched depends upon the type of the event and the
@ -650,13 +659,49 @@ public class EventQueue {
* @throws NullPointerException if <code>event</code> is <code>null</code>
* @since 1.2
*/
protected void dispatchEvent(AWTEvent event) {
protected void dispatchEvent(final AWTEvent event) {
final Object src = event.getSource();
final PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
public Void run() {
dispatchEventImpl(event, src);
return null;
}
};
final AccessControlContext stack = AccessController.getContext();
final AccessControlContext srcAcc = getAccessControlContextFrom(src);
final AccessControlContext eventAcc = event.getAccessControlContext();
if (srcAcc == null) {
javaSecurityAccess.doIntersectionPrivilege(action, stack, eventAcc);
} else {
javaSecurityAccess.doIntersectionPrivilege(
new PrivilegedAction<Void>() {
public Void run() {
javaSecurityAccess.doIntersectionPrivilege(action, eventAcc);
return null;
}
}, stack, srcAcc);
}
}
private static AccessControlContext getAccessControlContextFrom(Object src) {
return src instanceof Component ?
((Component)src).getAccessControlContext() :
src instanceof MenuComponent ?
((MenuComponent)src).getAccessControlContext() :
src instanceof TrayIcon ?
((TrayIcon)src).getAccessControlContext() :
null;
}
/**
* Called from dispatchEvent() under a correct AccessControlContext
*/
private void dispatchEventImpl(final AWTEvent event, final Object src) {
event.isPosted = true;
Object src = event.getSource();
if (event instanceof ActiveEvent) {
// This could become the sole method of dispatching in time.
setCurrentEventAndMostRecentTimeImpl(event);
((ActiveEvent)event).dispatch();
} else if (src instanceof Component) {
((Component)src).dispatchEvent(event);

23
jdk/src/share/classes/java/awt/MenuComponent.java
View File

@ -33,6 +33,9 @@ import sun.awt.SunToolkit;
import sun.awt.AWTAccessor;
import javax.accessibility.*;
import java.security.AccessControlContext;
import java.security.AccessController;
/**
* The abstract class <code>MenuComponent</code> is the superclass
* of all menu-related components. In this respect, the class
@ -99,6 +102,23 @@ public abstract class MenuComponent implements java.io.Serializable {
*/
boolean newEventsOnly = false;
/*
* The menu's AccessControlContext.
*/
private transient volatile AccessControlContext acc =
AccessController.getContext();
/*
* Returns the acc this menu component was constructed with.
*/
final AccessControlContext getAccessControlContext() {
if (acc == null) {
throw new SecurityException(
"MenuComponent is missing AccessControlContext");
}
return acc;
}
/*
* Internal constants for serialization.
*/
@ -402,6 +422,9 @@ public abstract class MenuComponent implements java.io.Serializable {
throws ClassNotFoundException, IOException, HeadlessException
{
GraphicsEnvironment.checkHeadless();
acc = AccessController.getContext();
s.defaultReadObject();
appContext = AppContext.getAppContext();

21
jdk/src/share/classes/java/awt/TrayIcon.java
View File

@ -40,6 +40,8 @@ import sun.awt.AppContext;
import sun.awt.SunToolkit;
import sun.awt.HeadlessToolkit;
import java.util.EventObject;
import java.security.AccessControlContext;
import java.security.AccessController;
/**
* A <code>TrayIcon</code> object represents a tray icon that can be
@ -90,6 +92,7 @@ import java.util.EventObject;
* @author Anton Tarasov
*/
public class TrayIcon {
private Image image;
private String tooltip;
private PopupMenu popup;
@ -103,6 +106,24 @@ public class TrayIcon {
transient MouseMotionListener mouseMotionListener;
transient ActionListener actionListener;
/*
* The tray icon's AccessControlContext.
*
* Unlike the acc in Component, this field is made final
* because TrayIcon is not serializable.
*/
private final AccessControlContext acc = AccessController.getContext();
/*
* Returns the acc this tray icon was constructed with.
*/
final AccessControlContext getAccessControlContext() {
if (acc == null) {
throw new SecurityException("TrayIcon is missing AccessControlContext");
}
return acc;
}
static {
Toolkit.loadLibraries();
if (!GraphicsEnvironment.isHeadless()) {

11
jdk/src/share/classes/java/net/AbstractPlainDatagramSocketImpl.java
View File

@ -28,6 +28,7 @@ import java.io.FileDescriptor;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.util.Enumeration;
import sun.net.ResourceManager;
/**
* Abstract datagram and multicast socket implementation base class.
@ -66,7 +67,14 @@ abstract class AbstractPlainDatagramSocketImpl extends DatagramSocketImpl
*/
protected synchronized void create() throws SocketException {
fd = new FileDescriptor();
datagramSocketCreate();
ResourceManager.beforeUdpCreate();
try {
datagramSocketCreate();
} catch (SocketException ioe) {
ResourceManager.afterUdpClose();
fd = null;
throw ioe;
}
}
/**
@ -211,6 +219,7 @@ abstract class AbstractPlainDatagramSocketImpl extends DatagramSocketImpl
protected void close() {
if (fd != null) {
datagramSocketClose();
ResourceManager.afterUdpClose();
fd = null;
}
}

22
jdk/src/share/classes/java/net/AbstractPlainSocketImpl.java
View File

@ -32,6 +32,7 @@ import java.io.FileDescriptor;
import sun.net.ConnectionResetException;
import sun.net.NetHooks;
import sun.net.ResourceManager;
/**
* Default Socket Implementation. This implementation does
@ -68,6 +69,10 @@ abstract class AbstractPlainSocketImpl extends SocketImpl
private int resetState;
private final Object resetLock = new Object();
/* whether this Socket is a stream (TCP) socket or not (UDP)
*/
private boolean stream;
/**
* Load net library into runtime.
*/
@ -82,7 +87,19 @@ abstract class AbstractPlainSocketImpl extends SocketImpl
*/
protected synchronized void create(boolean stream) throws IOException {
fd = new FileDescriptor();
socketCreate(stream);
this.stream = stream;
if (!stream) {
ResourceManager.beforeUdpCreate();
try {
socketCreate(false);
} catch (IOException ioe) {
ResourceManager.afterUdpClose();
fd = null;
throw ioe;
}
} else {
socketCreate(true);
}
if (socket != null)
socket.setCreated();
if (serverSocket != null)
@ -479,6 +496,9 @@ abstract class AbstractPlainSocketImpl extends SocketImpl
protected void close() throws IOException {
synchronized(fdLock) {
if (fd != null) {
if (!stream) {
ResourceManager.afterUdpClose();
}
if (fdUseCount == 0) {
if (closePending) {
return;

21
jdk/src/share/classes/java/security/AccessControlContext.java
View File

@ -29,6 +29,9 @@ import java.util.ArrayList;
import java.util.List;
import sun.security.util.Debug;
import sun.security.util.SecurityConstants;
import sun.misc.JavaSecurityAccess;
import sun.misc.SharedSecrets;
/**
* An AccessControlContext is used to make system resource access decisions
@ -196,6 +199,24 @@ public final class AccessControlContext {
this.isPrivileged = isPrivileged;
}
/**
* Constructor for JavaSecurityAccess.doIntersectionPrivilege()
*/
AccessControlContext(ProtectionDomain[] context,
AccessControlContext privilegedContext)
{
this.context = context;
this.privilegedContext = privilegedContext;
this.isPrivileged = true;
}
/**
* Returns this context's context.
*/
ProtectionDomain[] getContext() {
return context;
}
/**
* Returns true if this context is privileged.
*/

32
jdk/src/share/classes/java/security/ProtectionDomain.java
View File

@ -36,6 +36,8 @@ import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
import sun.misc.SharedSecrets;
import sun.security.util.Debug;
import sun.security.util.SecurityConstants;
import sun.misc.JavaSecurityAccess;
import sun.misc.SharedSecrets;
/**
*
@ -59,6 +61,36 @@ import sun.security.util.SecurityConstants;
public class ProtectionDomain {
static {
// Set up JavaSecurityAccess in SharedSecrets
SharedSecrets.setJavaSecurityAccess(
new JavaSecurityAccess() {
public <T> T doIntersectionPrivilege(
PrivilegedAction<T> action,
final AccessControlContext stack,
final AccessControlContext context)
{
if (action == null) {
throw new NullPointerException();
}
return AccessController.doPrivileged(
action,
new AccessControlContext(
stack.getContext(), context).optimize()
);
}
public <T> T doIntersectionPrivilege(
PrivilegedAction<T> action,
AccessControlContext context)
{
return doIntersectionPrivilege(action,
AccessController.getContext(), context);
}
}
);
}
/* CodeSource */
private CodeSource codesource ;

36
jdk/src/share/classes/javax/swing/Timer.java
View File

@ -35,6 +35,10 @@ import java.util.concurrent.locks.*;
import java.awt.*;
import java.awt.event.*;
import java.io.Serializable;
import java.io.*;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.swing.event.EventListenerList;
@ -208,6 +212,22 @@ public class Timer implements Serializable
}
}
/*
* The timer's AccessControlContext.
*/
private transient volatile AccessControlContext acc =
AccessController.getContext();
/**
* Returns the acc this timer was constructed with.
*/
final AccessControlContext getAccessControlContext() {
if (acc == null) {
throw new SecurityException(
"Timer is missing AccessControlContext");
}
return acc;
}
/**
* DoPostEvent is a runnable class that fires actionEvents to
@ -587,8 +607,13 @@ public class Timer implements Serializable
void post() {
if (notify.compareAndSet(false, true) || !coalesce) {
SwingUtilities.invokeLater(doPostEvent);
if (notify.compareAndSet(false, true) || !coalesce) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
SwingUtilities.invokeLater(doPostEvent);
return null;
}
}, getAccessControlContext());
}
}
@ -596,6 +621,13 @@ public class Timer implements Serializable
return lock;
}
private void readObject(ObjectInputStream in)
throws ClassNotFoundException, IOException
{
this.acc = AccessController.getContext();
in.defaultReadObject();
}
/*
* We have to use readResolve because we can not initialize final
* fields for deserialized object otherwise

42
jdk/src/share/classes/javax/swing/TransferHandler.java
View File

@ -42,6 +42,16 @@ import sun.awt.AppContext;
import sun.swing.*;
import sun.awt.SunToolkit;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.AccessControlContext;
import java.security.ProtectionDomain;
import sun.misc.SharedSecrets;
import sun.misc.JavaSecurityAccess;
import sun.awt.AWTAccessor;
/**
* This class is used to handle the transfer of a <code>Transferable</code>
* to and from Swing components. The <code>Transferable</code> is used to
@ -1686,7 +1696,37 @@ public class TransferHandler implements Serializable {
return true;
}
public void actionPerformed(ActionEvent e) {
private static final JavaSecurityAccess javaSecurityAccess =
SharedSecrets.getJavaSecurityAccess();
public void actionPerformed(final ActionEvent e) {
final Object src = e.getSource();
final PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
public Void run() {
actionPerformedImpl(e);
return null;
}
};
final AccessControlContext stack = AccessController.getContext();
final AccessControlContext srcAcc = AWTAccessor.getComponentAccessor().getAccessControlContext((Component)src);
final AccessControlContext eventAcc = AWTAccessor.getAWTEventAccessor().getAccessControlContext(e);
if (srcAcc == null) {
javaSecurityAccess.doIntersectionPrivilege(action, stack, eventAcc);
} else {
javaSecurityAccess.doIntersectionPrivilege(
new PrivilegedAction<Void>() {
public Void run() {
javaSecurityAccess.doIntersectionPrivilege(action, eventAcc);
return null;
}
}, stack, srcAcc);
}
}
private void actionPerformedImpl(ActionEvent e) {
Object src = e.getSource();
if (src instanceof JComponent) {
JComponent c = (JComponent) src;

17
jdk/src/share/classes/sun/awt/AWTAccessor.java
View File

@ -33,6 +33,9 @@ import java.awt.image.BufferedImage;
import sun.misc.Unsafe;
import java.awt.peer.ComponentPeer;
import java.security.AccessController;
import java.security.AccessControlContext;
/**
* The AWTAccessor utility class.
* The main purpose of this class is to enable accessing
@ -221,6 +224,13 @@ public final class AWTAccessor {
* Processes events occurring on this component.
*/
void processEvent(Component comp, AWTEvent e);
/*
* Returns the acc this component was constructed with.
*/
AccessControlContext getAccessControlContext(Component comp);
}
/*
@ -323,6 +333,13 @@ public final class AWTAccessor {
* Indicates whether this AWTEvent was generated by the system.
*/
boolean isSystemGenerated(AWTEvent ev);
/*
* Returns the acc this event was constructed with.
*/
AccessControlContext getAccessControlContext(AWTEvent ev);
}
public interface InputEventAccessor {

60
jdk/src/share/classes/sun/font/FileFont.java
View File

@ -32,22 +32,13 @@ import java.awt.geom.Point2D;
import java.awt.geom.Rectangle2D;
import java.io.File;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import sun.java2d.Disposer;
import sun.java2d.DisposerRecord;
import java.lang.ref.WeakReference;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.io.UnsupportedEncodingException;
import java.nio.ByteOrder;
import java.nio.MappedByteBuffer;
import java.nio.BufferUnderflowException;
import java.nio.channels.ClosedChannelException;
import java.util.HashSet;
import java.util.HashMap;
import java.awt.Font;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
public abstract class FileFont extends PhysicalFont {
@ -286,4 +277,49 @@ public abstract class FileFont extends PhysicalFont {
});
}
}
protected String getPublicFileName() {
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return platName;
}
boolean canReadProperty = true;
try {
sm.checkPropertyAccess("java.io.tmpdir");
} catch (SecurityException e) {
canReadProperty = false;
}
if (canReadProperty) {
return platName;
}
final File f = new File(platName);
Boolean isTmpFile = Boolean.FALSE;
try {
isTmpFile = AccessController.doPrivileged(
new PrivilegedExceptionAction<Boolean>() {
public Boolean run() {
File tmp = new File(System.getProperty("java.io.tmpdir"));
try {
String tpath = tmp.getCanonicalPath();
String fpath = f.getCanonicalPath();
return (fpath == null) || fpath.startsWith(tpath);
} catch (IOException e) {
return Boolean.TRUE;
}
}
}
);
} catch (PrivilegedActionException e) {
// unable to verify whether value of java.io.tempdir will be
// exposed, so return only a name of the font file.
isTmpFile = Boolean.TRUE;
}
return isTmpFile ? "temp file" : platName;
}
}

6
jdk/src/share/classes/sun/font/TrueTypeFont.java
View File

@ -519,7 +519,8 @@ public class TrueTypeFont extends FileFont {
break;
default:
throw new FontFormatException("Unsupported sfnt " + platName);
throw new FontFormatException("Unsupported sfnt " +
getPublicFileName());
}
/* Now have the offset of this TT font (possibly within a TTC)
@ -1680,7 +1681,6 @@ public class TrueTypeFont extends FileFont {
@Override
public String toString() {
return "** TrueType Font: Family="+familyName+ " Name="+fullName+
" style="+style+" fileName="+platName;
" style="+style+" fileName="+getPublicFileName();
}
}

2
jdk/src/share/classes/sun/font/Type1Font.java
View File

@ -677,6 +677,6 @@ public class Type1Font extends FileFont {
public String toString() {
return "** Type1 Font: Family="+familyName+ " Name="+fullName+
" style="+style+" fileName="+platName;
" style="+style+" fileName="+getPublicFileName();
}
}

40
jdk/src/share/classes/sun/misc/JavaSecurityAccess.java Normal file
View File

@ -0,0 +1,40 @@
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.misc;
import java.security.AccessControlContext;
import java.security.PrivilegedAction;
public interface JavaSecurityAccess {
<T> T doIntersectionPrivilege(PrivilegedAction<T> action,
AccessControlContext stack,
AccessControlContext context);
<T> T doIntersectionPrivilege(PrivilegedAction<T> action,
AccessControlContext context);
}

14
jdk/src/share/classes/sun/misc/SharedSecrets.java
View File

@ -30,6 +30,8 @@ import java.io.Console;
import java.io.FileDescriptor;
import java.security.ProtectionDomain;
import java.security.AccessController;
/** A repository of "shared secrets", which are a mechanism for
calling implementation-private methods in another package without
using reflection. A package-private class implements a public
@ -48,6 +50,7 @@ public class SharedSecrets {
private static JavaNioAccess javaNioAccess;
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
private static JavaSecurityAccess javaSecurityAccess;
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
@ -125,4 +128,15 @@ public class SharedSecrets {
unsafe.ensureClassInitialized(ProtectionDomain.class);
return javaSecurityProtectionDomainAccess;
}
public static void setJavaSecurityAccess(JavaSecurityAccess jsa) {
javaSecurityAccess = jsa;
}
public static JavaSecurityAccess getJavaSecurityAccess() {
if (javaSecurityAccess == null) {
unsafe.ensureClassInitialized(AccessController.class);
}
return javaSecurityAccess;
}
}

82
jdk/src/share/classes/sun/net/ResourceManager.java Normal file
View File

@ -0,0 +1,82 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.net;
import java.net.SocketException;
import java.util.concurrent.atomic.AtomicInteger;
import sun.security.action.GetPropertyAction;
/**
* Manages count of total number of UDP sockets and ensures
* that exception is thrown if we try to create more than the
* configured limit.
*
* This functionality could be put in NetHooks some time in future.
*/
public class ResourceManager {
/* default maximum number of udp sockets per VM
* when a security manager is enabled.
* The default is 1024 which is high enough to be useful
* but low enough to be well below the maximum number
* of port numbers actually available on all OSes for
* such sockets (5000 on some versions of windows)
*/
private static final int DEFAULT_MAX_SOCKETS = 1024;
private static final int maxSockets;
private static final AtomicInteger numSockets;
static {
String prop = java.security.AccessController.doPrivileged(
new GetPropertyAction("sun.net.maxDatagramSockets")
);
int defmax = DEFAULT_MAX_SOCKETS;
try {
if (prop != null) {
defmax = Integer.parseInt(prop);
}
} catch (NumberFormatException e) {}
maxSockets = defmax;
numSockets = new AtomicInteger(0);
}
public static void beforeUdpCreate() throws SocketException {
if (System.getSecurityManager() != null) {
if (numSockets.incrementAndGet() > maxSockets) {
numSockets.decrementAndGet();
throw new SocketException("maximum number of DatagramSockets reached");
}
}
}
public static void afterUdpClose() {
if (System.getSecurityManager() != null) {
numSockets.decrementAndGet();
}
}
}

7
jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
View File

@ -2173,6 +2173,13 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (tryTransparentNTLMServer) {
tryTransparentNTLMServer =
NTLMAuthenticationProxy.proxy.supportsTransparentAuth;
/* If the platform supports transparent authentication
* then check if we are in a secure environment
* whether, or not, we should try transparent authentication.*/
if (tryTransparentNTLMServer) {
tryTransparentNTLMServer =
NTLMAuthenticationProxy.proxy.isTrustedSite(url);
}
}
a = null;
if (tryTransparentNTLMServer) {

22
jdk/src/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java
View File

@ -36,12 +36,14 @@ import sun.util.logging.PlatformLogger;
*/
class NTLMAuthenticationProxy {
private static Method supportsTA;
private static Method isTrustedSite;
private static final String clazzStr = "sun.net.www.protocol.http.ntlm.NTLMAuthentication";
private static final String supportsTAStr = "supportsTransparentAuth";
private static final String isTrustedSiteStr = "isTrustedSite";
static final NTLMAuthenticationProxy proxy = tryLoadNTLMAuthentication();
static final boolean supported = proxy != null ? true : false;
static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth(supportsTA) : false;
static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth() : false;
private final Constructor<? extends AuthenticationInfo> threeArgCtr;
private final Constructor<? extends AuthenticationInfo> fiveArgCtr;
@ -82,9 +84,22 @@ class NTLMAuthenticationProxy {
* authentication (try with the current users credentials before
* prompting for username and password, etc).
*/
private static boolean supportsTransparentAuth(Method method) {
private static boolean supportsTransparentAuth() {
try {
return (Boolean)method.invoke(null);
return (Boolean)supportsTA.invoke(null);
} catch (ReflectiveOperationException roe) {
finest(roe);
}
return false;
}
/* Transparent authentication should only be tried with a trusted
* site ( when running in a secure environment ).
*/
public static boolean isTrustedSite(URL url) {
try {
return (Boolean)isTrustedSite.invoke(null, url);
} catch (ReflectiveOperationException roe) {
finest(roe);
}
@ -112,6 +127,7 @@ class NTLMAuthenticationProxy {
int.class,
PasswordAuthentication.class);
supportsTA = cl.getDeclaredMethod(supportsTAStr);
isTrustedSite = cl.getDeclaredMethod(isTrustedSiteStr, java.net.URL.class);
return new NTLMAuthenticationProxy(threeArg,
fiveArg);
}

59
jdk/src/share/classes/sun/net/www/protocol/http/ntlm/NTLMAuthenticationCallback.java Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.net.www.protocol.http.ntlm;
import java.net.URL;
/**
* This class is used to call back to deployment to determine if a given
* URL is trusted. Transparent authentication (try with logged in users
* credentials without prompting) should only be tried with trusted sites.
*/
public abstract class NTLMAuthenticationCallback {
private static volatile NTLMAuthenticationCallback callback =
new DefaultNTLMAuthenticationCallback();
public static void setNTLMAuthenticationCallback(
NTLMAuthenticationCallback callback) {
NTLMAuthenticationCallback.callback = callback;
}
public static NTLMAuthenticationCallback getNTLMAuthenticationCallback() {
return callback;
}
/**
* Returns true if the given site is trusted, i.e. we can try
* transparent Authentication.
*/
public abstract boolean isTrustedSite(URL url);
static class DefaultNTLMAuthenticationCallback extends NTLMAuthenticationCallback {
@Override
public boolean isTrustedSite(URL url) { return true; }
}
}

22
jdk/src/share/classes/sun/nio/ch/DatagramChannelImpl.java
View File

@ -32,6 +32,7 @@ import java.nio.ByteBuffer;
import java.nio.channels.*;
import java.nio.channels.spi.*;
import java.util.*;
import sun.net.ResourceManager;
/**
@ -101,14 +102,22 @@ class DatagramChannelImpl
throws IOException
{
super(sp);
this.family = Net.isIPv6Available() ?
StandardProtocolFamily.INET6 : StandardProtocolFamily.INET;
this.fd = Net.socket(family, false);
this.fdVal = IOUtil.fdVal(fd);
this.state = ST_UNCONNECTED;
ResourceManager.beforeUdpCreate();
try {
this.family = Net.isIPv6Available() ?
StandardProtocolFamily.INET6 : StandardProtocolFamily.INET;
this.fd = Net.socket(family, false);
this.fdVal = IOUtil.fdVal(fd);
this.state = ST_UNCONNECTED;
} catch (IOException ioe) {
ResourceManager.afterUdpClose();
throw ioe;
}
}
public DatagramChannelImpl(SelectorProvider sp, ProtocolFamily family) {
public DatagramChannelImpl(SelectorProvider sp, ProtocolFamily family)
throws IOException
{
super(sp);
if ((family != StandardProtocolFamily.INET) &&
(family != StandardProtocolFamily.INET6))
@ -957,6 +966,7 @@ class DatagramChannelImpl
protected void implCloseSelectableChannel() throws IOException {
synchronized (stateLock) {
nd.preClose(fd);
ResourceManager.afterUdpClose();
// if member of mulitcast group then invalidate all keys
if (registry != null)

5
jdk/src/share/classes/sun/nio/ch/Net.java
View File

@ -312,11 +312,12 @@ class Net { // package-private
private static native boolean canJoin6WithIPv4Group0();
static FileDescriptor socket(boolean stream) {
static FileDescriptor socket(boolean stream) throws IOException {
return socket(UNSPEC, stream);
}
static FileDescriptor socket(ProtocolFamily family, boolean stream) {
static FileDescriptor socket(ProtocolFamily family, boolean stream)
throws IOException {
boolean preferIPv6 = isIPv6Available() &&
(family != StandardProtocolFamily.INET);
return IOUtil.newFD(socket0(preferIPv6, stream, false));

11
jdk/src/solaris/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
View File

@ -68,6 +68,9 @@ import sun.net.www.protocol.http.HttpURLConnection;
public class NTLMAuthentication extends AuthenticationInfo {
private static final long serialVersionUID = 170L;
private static final NTLMAuthenticationCallback NTLMAuthCallback =
NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
private String hostname;
private static String defaultDomain; /* Domain to use if not specified by user */
@ -81,6 +84,14 @@ public class NTLMAuthentication extends AuthenticationInfo {
return false;
}
/**
* Returns true if the given site is trusted, i.e. we can try
* transparent Authentication.
*/
public static boolean isTrustedSite(URL url) {
return NTLMAuthCallback.isTrustedSite(url);
}
private void init0() {
hostname = java.security.AccessController.doPrivileged(

11
jdk/src/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
View File

@ -45,6 +45,9 @@ public class NTLMAuthentication extends AuthenticationInfo {
private static final long serialVersionUID = 100L;
private static final NTLMAuthenticationCallback NTLMAuthCallback =
NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
private String hostname;
private static String defaultDomain; /* Domain to use if not specified by user */
@ -142,6 +145,14 @@ public class NTLMAuthentication extends AuthenticationInfo {
return true;
}
/**
* Returns true if the given site is trusted, i.e. we can try
* transparent Authentication.
*/
public static boolean isTrustedSite(URL url) {
return NTLMAuthCallback.isTrustedSite(url);
}
/**
* Not supported. Must use the setHeaders() method
*/