From 87b698f39432d8d4550b39356eca77248b58682e Mon Sep 17 00:00:00 2001
From: Weijun Wang <weijun@openjdk.org>
Date: Sat, 23 Mar 2013 11:49:28 +0800
Subject: [PATCH] 8009970: Several LoginModule classes need extra permission to
 load AuthResources

Reviewed-by: mullan
---
 .../security/auth/module/JndiLoginModule.java | 13 +++++++--
 .../auth/module/KeyStoreLoginModule.java      | 27 ++++++++-----------
 .../security/auth/module/Krb5LoginModule.java | 12 +++++++--
 3 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java b/jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java
index cb68cfc2a3f..b6b8660a2e4 100644
--- a/jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java
+++ b/jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java
@@ -32,8 +32,11 @@ import javax.security.auth.spi.*;
 import javax.naming.*;
 import javax.naming.directory.*;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.LinkedList;
+import java.util.ResourceBundle;
 
 import com.sun.security.auth.UnixPrincipal;
 import com.sun.security.auth.UnixNumericUserPrincipal;
@@ -150,8 +153,14 @@ import com.sun.security.auth.UnixNumericGroupPrincipal;
  */
 public class JndiLoginModule implements LoginModule {
 
-    static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+    private static final ResourceBundle rb = AccessController.doPrivileged(
+            new PrivilegedAction<ResourceBundle>() {
+                public ResourceBundle run() {
+                    return ResourceBundle.getBundle(
+                            "sun.security.util.AuthResources");
+                }
+            }
+    );
 
     /** JNDI Provider */
     public final String USER_PROVIDER = "user.provider.url";
diff --git a/jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java b/jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java
index e5d88cf8e1f..70f74d65a22 100644
--- a/jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java
+++ b/jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java
@@ -30,22 +30,11 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.security.AuthProvider;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.UnrecoverableKeyException;
+import java.security.*;
 import java.security.cert.*;
+import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.Map;
+import java.util.*;
 import javax.security.auth.Destroyable;
 import javax.security.auth.DestroyFailedException;
 import javax.security.auth.Subject;
@@ -123,8 +112,14 @@ import sun.security.util.Password;
  */
 public class KeyStoreLoginModule implements LoginModule {
 
-   static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+    private static final ResourceBundle rb = AccessController.doPrivileged(
+            new PrivilegedAction<ResourceBundle>() {
+                public ResourceBundle run() {
+                    return ResourceBundle.getBundle(
+                            "sun.security.util.AuthResources");
+                }
+            }
+    );
 
     /* -- Fields -- */
 
diff --git a/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java b/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
index 719aeee76d4..cd60c6ac790 100644
--- a/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
+++ b/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
@@ -27,6 +27,8 @@
 package com.sun.security.auth.module;
 
 import java.io.*;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.text.MessageFormat;
 import java.util.*;
 
@@ -429,8 +431,14 @@ public class Krb5LoginModule implements LoginModule {
 
     private static final String NAME = "javax.security.auth.login.name";
     private static final String PWD = "javax.security.auth.login.password";
-    static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+    private static final ResourceBundle rb = AccessController.doPrivileged(
+            new PrivilegedAction<ResourceBundle>() {
+                public ResourceBundle run() {
+                    return ResourceBundle.getBundle(
+                            "sun.security.util.AuthResources");
+                }
+            }
+    );
 
     /**
      * Initialize this <code>LoginModule</code>.