From bf2d40f6db3d1c6de21501b21c9f9c8f84bb54ac Mon Sep 17 00:00:00 2001 From: Jaroslav Bachorik Date: Thu, 21 Mar 2013 09:26:55 +0100 Subject: [PATCH] 8008623: Better handling of MBeanServers Reviewed-by: dfuchs, dholmes, skoivu --- .../DefaultMBeanServerInterceptor.java | 15 ++++++++----- .../sun/jmx/mbeanserver/JmxMBeanServer.java | 21 ++++++++++++++++--- .../jmx/mbeanserver/MBeanInstantiator.java | 15 +++++++++++-- 3 files changed, 41 insertions(+), 10 deletions(-) diff --git a/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java b/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java index 1c998a08125..b1f5ab2eb65 100644 --- a/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java +++ b/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java @@ -1973,8 +1973,7 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor { * does not add it to the list that is consulted by * ClassLoaderRepository.loadClass. */ - final ModifiableClassLoaderRepository clr = - instantiator.getClassLoaderRepository(); + final ModifiableClassLoaderRepository clr = getInstantiatorCLR(); if (clr == null) { final RuntimeException wrapped = new IllegalArgumentException( @@ -2000,8 +1999,7 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor { * Removes the MBean from the default loader repository. */ if (loader != server.getClass().getClassLoader()) { - final ModifiableClassLoaderRepository clr = - instantiator.getClassLoaderRepository(); + final ModifiableClassLoaderRepository clr = getInstantiatorCLR(); if (clr != null) { clr.removeClassLoader(logicalName); } @@ -2060,5 +2058,12 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor { return ResourceContext.NONE; } - + private ModifiableClassLoaderRepository getInstantiatorCLR() { + return AccessController.doPrivileged(new PrivilegedAction() { + @Override + public ModifiableClassLoaderRepository run() { + return instantiator != null ? instantiator.getClassLoaderRepository() : null; + } + }); + } } diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java index 69228b766c0..6a3e770d4a5 100644 --- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java +++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java @@ -32,6 +32,7 @@ import static com.sun.jmx.defaults.JmxProperties.MBEANSERVER_LOGGER; import java.io.ObjectInputStream; import java.security.AccessController; import java.security.Permission; +import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; import java.util.List; import java.util.Set; @@ -227,8 +228,16 @@ public final class JmxMBeanServer clr = new ClassLoaderRepositorySupport(); instantiator = new MBeanInstantiator(clr); } + + final MBeanInstantiator fInstantiator = instantiator; this.secureClr = new - SecureClassLoaderRepository(instantiator.getClassLoaderRepository()); + SecureClassLoaderRepository(AccessController.doPrivileged(new PrivilegedAction() { + @Override + public ClassLoaderRepository run() { + return fInstantiator.getClassLoaderRepository(); + } + }) + ); if (delegate == null) delegate = new MBeanServerDelegateImpl(); if (outer == null) @@ -1242,8 +1251,14 @@ public final class JmxMBeanServer class loader. The ClassLoaderRepository knows how to handle that case. */ ClassLoader myLoader = outerShell.getClass().getClassLoader(); - final ModifiableClassLoaderRepository loaders = - instantiator.getClassLoaderRepository(); + final ModifiableClassLoaderRepository loaders = AccessController.doPrivileged(new PrivilegedAction() { + + @Override + public ModifiableClassLoaderRepository run() { + return instantiator.getClassLoaderRepository(); + } + }); + if (loaders != null) { loaders.addClassLoader(myLoader); diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java index 1adb4dd9373..6e7bb89f921 100644 --- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java +++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java @@ -622,6 +622,7 @@ public class MBeanInstantiator { * Return the Default Loader Repository used by this instantiator object. **/ public ModifiableClassLoaderRepository getClassLoaderRepository() { + checkMBeanPermission((String)null, null, null, "getClassLoaderRepository"); return clr; } @@ -733,9 +734,19 @@ public class MBeanInstantiator { String member, ObjectName objectName, String actions) { + if (clazz != null) { + checkMBeanPermission(clazz.getName(), member, objectName, actions); + } + } + + private static void checkMBeanPermission(String classname, + String member, + ObjectName objectName, + String actions) + throws SecurityException { SecurityManager sm = System.getSecurityManager(); - if (clazz != null && sm != null) { - Permission perm = new MBeanPermission(clazz.getName(), + if (sm != null) { + Permission perm = new MBeanPermission(classname, member, objectName, actions);