8009970: Several LoginModule classes need extra permission to load AuthResources

Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2013-03-23 11:49:28 +08:00
parent 1c46d9bac2
commit 87b698f394
3 changed files with 32 additions and 20 deletions

View File

@ -32,8 +32,11 @@ import javax.security.auth.spi.*;
import javax.naming.*; import javax.naming.*;
import javax.naming.directory.*; import javax.naming.directory.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map; import java.util.Map;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.ResourceBundle;
import com.sun.security.auth.UnixPrincipal; import com.sun.security.auth.UnixPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal; import com.sun.security.auth.UnixNumericUserPrincipal;
@ -150,8 +153,14 @@ import com.sun.security.auth.UnixNumericGroupPrincipal;
*/ */
public class JndiLoginModule implements LoginModule { public class JndiLoginModule implements LoginModule {
static final java.util.ResourceBundle rb = private static final ResourceBundle rb = AccessController.doPrivileged(
java.util.ResourceBundle.getBundle("sun.security.util.AuthResources"); new PrivilegedAction<ResourceBundle>() {
public ResourceBundle run() {
return ResourceBundle.getBundle(
"sun.security.util.AuthResources");
}
}
);
/** JNDI Provider */ /** JNDI Provider */
public final String USER_PROVIDER = "user.provider.url"; public final String USER_PROVIDER = "user.provider.url";

View File

@ -30,22 +30,11 @@ import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URL; import java.net.URL;
import java.security.AuthProvider; import java.security.*;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.*; import java.security.cert.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Arrays; import java.util.*;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.security.auth.Destroyable; import javax.security.auth.Destroyable;
import javax.security.auth.DestroyFailedException; import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject; import javax.security.auth.Subject;
@ -123,8 +112,14 @@ import sun.security.util.Password;
*/ */
public class KeyStoreLoginModule implements LoginModule { public class KeyStoreLoginModule implements LoginModule {
static final java.util.ResourceBundle rb = private static final ResourceBundle rb = AccessController.doPrivileged(
java.util.ResourceBundle.getBundle("sun.security.util.AuthResources"); new PrivilegedAction<ResourceBundle>() {
public ResourceBundle run() {
return ResourceBundle.getBundle(
"sun.security.util.AuthResources");
}
}
);
/* -- Fields -- */ /* -- Fields -- */

View File

@ -27,6 +27,8 @@
package com.sun.security.auth.module; package com.sun.security.auth.module;
import java.io.*; import java.io.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.text.MessageFormat; import java.text.MessageFormat;
import java.util.*; import java.util.*;
@ -429,8 +431,14 @@ public class Krb5LoginModule implements LoginModule {
private static final String NAME = "javax.security.auth.login.name"; private static final String NAME = "javax.security.auth.login.name";
private static final String PWD = "javax.security.auth.login.password"; private static final String PWD = "javax.security.auth.login.password";
static final java.util.ResourceBundle rb = private static final ResourceBundle rb = AccessController.doPrivileged(
java.util.ResourceBundle.getBundle("sun.security.util.AuthResources"); new PrivilegedAction<ResourceBundle>() {
public ResourceBundle run() {
return ResourceBundle.getBundle(
"sun.security.util.AuthResources");
}
}
);
/** /**
* Initialize this <code>LoginModule</code>. * Initialize this <code>LoginModule</code>.