8344365
: SecurityManager cleanups in java.sql and java.sql.rowset modules
Reviewed-by: rriggs, bchristi
This commit is contained in:
parent
9e92a9e2ba
commit
d85dd77edf
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -31,16 +31,12 @@ import java.io.*;
|
|||||||
import java.math.*;
|
import java.math.*;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
import java.text.*;
|
import java.text.*;
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.PrivilegedActionException;
|
|
||||||
import java.security.PrivilegedExceptionAction;
|
|
||||||
|
|
||||||
import javax.sql.rowset.*;
|
import javax.sql.rowset.*;
|
||||||
import javax.sql.rowset.spi.*;
|
import javax.sql.rowset.spi.*;
|
||||||
import javax.sql.rowset.serial.*;
|
import javax.sql.rowset.serial.*;
|
||||||
import com.sun.rowset.internal.*;
|
import com.sun.rowset.internal.*;
|
||||||
import com.sun.rowset.providers.*;
|
import com.sun.rowset.providers.*;
|
||||||
import sun.reflect.misc.ReflectUtil;
|
|
||||||
|
|
||||||
import static java.nio.charset.StandardCharsets.US_ASCII;
|
import static java.nio.charset.StandardCharsets.US_ASCII;
|
||||||
|
|
||||||
@ -357,7 +353,6 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
|
|||||||
* <P>
|
* <P>
|
||||||
* @throws SQLException if an error occurs
|
* @throws SQLException if an error occurs
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("removal")
|
|
||||||
public CachedRowSetImpl() throws SQLException {
|
public CachedRowSetImpl() throws SQLException {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -367,16 +362,7 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
|
|||||||
}
|
}
|
||||||
|
|
||||||
// set the Reader, this maybe overridden latter
|
// set the Reader, this maybe overridden latter
|
||||||
try {
|
provider = SyncFactory.getInstance(DEFAULT_SYNC_PROVIDER);
|
||||||
provider = AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
|
|
||||||
@Override
|
|
||||||
public SyncProvider run() throws SyncFactoryException {
|
|
||||||
return SyncFactory.getInstance(DEFAULT_SYNC_PROVIDER);
|
|
||||||
}
|
|
||||||
}, null, new RuntimePermission("accessClassInPackage.com.sun.rowset.providers"));
|
|
||||||
} catch (PrivilegedActionException pae) {
|
|
||||||
throw (SyncFactoryException) pae.getException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!(provider instanceof RIOptimisticProvider)) {
|
if (!(provider instanceof RIOptimisticProvider)) {
|
||||||
throw new SQLException(resBundle.handleGetObject("cachedrowsetimpl.invalidp").toString());
|
throw new SQLException(resBundle.handleGetObject("cachedrowsetimpl.invalidp").toString());
|
||||||
@ -2976,7 +2962,6 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
|
|||||||
// create new instance of the class
|
// create new instance of the class
|
||||||
SQLData obj = null;
|
SQLData obj = null;
|
||||||
try {
|
try {
|
||||||
ReflectUtil.checkPackageAccess(c);
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
Object tmp = c.newInstance();
|
Object tmp = c.newInstance();
|
||||||
obj = (SQLData) tmp;
|
obj = (SQLData) tmp;
|
||||||
@ -5726,7 +5711,6 @@ public class CachedRowSetImpl extends BaseRowSet implements RowSet, RowSetIntern
|
|||||||
// create new instance of the class
|
// create new instance of the class
|
||||||
SQLData obj = null;
|
SQLData obj = null;
|
||||||
try {
|
try {
|
||||||
ReflectUtil.checkPackageAccess(c);
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
Object tmp = c.newInstance();
|
Object tmp = c.newInstance();
|
||||||
obj = (SQLData) tmp;
|
obj = (SQLData) tmp;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -29,7 +29,6 @@ import java.sql.*;
|
|||||||
import javax.sql.*;
|
import javax.sql.*;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
import java.io.*;
|
import java.io.*;
|
||||||
import sun.reflect.misc.ReflectUtil;
|
|
||||||
|
|
||||||
import com.sun.rowset.*;
|
import com.sun.rowset.*;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
@ -575,7 +574,6 @@ public class CachedRowSetWriter implements TransactionalWriter, Serializable {
|
|||||||
// create new instance of the class
|
// create new instance of the class
|
||||||
SQLData obj = null;
|
SQLData obj = null;
|
||||||
try {
|
try {
|
||||||
ReflectUtil.checkPackageAccess(c);
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
Object tmp = c.newInstance();
|
Object tmp = c.newInstance();
|
||||||
obj = (SQLData)tmp;
|
obj = (SQLData)tmp;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -25,13 +25,9 @@
|
|||||||
|
|
||||||
package javax.sql.rowset;
|
package javax.sql.rowset;
|
||||||
|
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.util.PropertyPermission;
|
|
||||||
import java.util.ServiceConfigurationError;
|
import java.util.ServiceConfigurationError;
|
||||||
import java.util.ServiceLoader;
|
import java.util.ServiceLoader;
|
||||||
import sun.reflect.misc.ReflectUtil;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A factory API that enables applications to obtain a
|
* A factory API that enables applications to obtain a
|
||||||
@ -68,7 +64,7 @@ public class RowSetProvider {
|
|||||||
|
|
||||||
static {
|
static {
|
||||||
// Check to see if the debug property is set
|
// Check to see if the debug property is set
|
||||||
String val = getSystemProperty(ROWSET_DEBUG_PROPERTY);
|
String val = System.getProperty(ROWSET_DEBUG_PROPERTY);
|
||||||
// Allow simply setting the prop to turn on debug
|
// Allow simply setting the prop to turn on debug
|
||||||
debug = val != null && !"false".equals(val);
|
debug = val != null && !"false".equals(val);
|
||||||
}
|
}
|
||||||
@ -128,7 +124,8 @@ public class RowSetProvider {
|
|||||||
String factoryClassName = null;
|
String factoryClassName = null;
|
||||||
try {
|
try {
|
||||||
trace("Checking for Rowset System Property...");
|
trace("Checking for Rowset System Property...");
|
||||||
factoryClassName = getSystemProperty(ROWSET_FACTORY_NAME);
|
|
||||||
|
factoryClassName = System.getProperty(ROWSET_FACTORY_NAME);
|
||||||
if (factoryClassName != null) {
|
if (factoryClassName != null) {
|
||||||
trace("Found system property, value=" + factoryClassName);
|
trace("Found system property, value=" + factoryClassName);
|
||||||
if (factoryClassName.equals(ROWSET_FACTORY_IMPL)) {
|
if (factoryClassName.equals(ROWSET_FACTORY_IMPL)) {
|
||||||
@ -193,11 +190,6 @@ public class RowSetProvider {
|
|||||||
if(factoryClassName == null) {
|
if(factoryClassName == null) {
|
||||||
throw new SQLException("Error: factoryClassName cannot be null");
|
throw new SQLException("Error: factoryClassName cannot be null");
|
||||||
}
|
}
|
||||||
try {
|
|
||||||
ReflectUtil.checkPackageAccess(factoryClassName);
|
|
||||||
} catch (@SuppressWarnings("removal") java.security.AccessControlException e) {
|
|
||||||
throw new SQLException("Access Exception",e);
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// getFactoryClass takes care of adding the read edge if
|
// getFactoryClass takes care of adding the read edge if
|
||||||
@ -225,14 +217,8 @@ public class RowSetProvider {
|
|||||||
* @return The ClassLoader to use.
|
* @return The ClassLoader to use.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("removal")
|
private static ClassLoader getContextClassLoader() {
|
||||||
private static ClassLoader getContextClassLoader() throws SecurityException {
|
ClassLoader cl = Thread.currentThread().getContextClassLoader();
|
||||||
return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
|
|
||||||
|
|
||||||
public ClassLoader run() {
|
|
||||||
ClassLoader cl = null;
|
|
||||||
|
|
||||||
cl = Thread.currentThread().getContextClassLoader();
|
|
||||||
|
|
||||||
if (cl == null) {
|
if (cl == null) {
|
||||||
cl = ClassLoader.getSystemClassLoader();
|
cl = ClassLoader.getSystemClassLoader();
|
||||||
@ -240,8 +226,6 @@ public class RowSetProvider {
|
|||||||
|
|
||||||
return cl;
|
return cl;
|
||||||
}
|
}
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Attempt to load a class using the class loader supplied. If that fails
|
* Attempt to load a class using the class loader supplied. If that fails
|
||||||
@ -276,7 +260,6 @@ public class RowSetProvider {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ReflectUtil.checkPackageAccess(factoryClass);
|
|
||||||
return factoryClass;
|
return factoryClass;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -302,32 +285,6 @@ public class RowSetProvider {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the requested System Property. If a {@code SecurityException}
|
|
||||||
* occurs, just return NULL
|
|
||||||
* @param propName - System property to retrieve
|
|
||||||
* @return The System property value or NULL if the property does not exist
|
|
||||||
* or a {@code SecurityException} occurs.
|
|
||||||
*/
|
|
||||||
@SuppressWarnings("removal")
|
|
||||||
private static String getSystemProperty(final String propName) {
|
|
||||||
String property = null;
|
|
||||||
try {
|
|
||||||
property = AccessController.doPrivileged(new PrivilegedAction<String>() {
|
|
||||||
|
|
||||||
public String run() {
|
|
||||||
return System.getProperty(propName);
|
|
||||||
}
|
|
||||||
}, null, new PropertyPermission(propName, "read"));
|
|
||||||
} catch (SecurityException se) {
|
|
||||||
trace("error getting " + propName + ": "+ se);
|
|
||||||
if (debug) {
|
|
||||||
se.printStackTrace();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return property;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Debug routine which will output tracing if the System Property
|
* Debug routine which will output tracing if the System Property
|
||||||
* -Djavax.sql.rowset.RowSetFactory.debug is set
|
* -Djavax.sql.rowset.RowSetFactory.debug is set
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -27,7 +27,6 @@ package javax.sql.rowset.serial;
|
|||||||
import java.sql.*;
|
import java.sql.*;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import sun.reflect.misc.ReflectUtil;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An input stream used for custom mapping user-defined types (UDTs).
|
* An input stream used for custom mapping user-defined types (UDTs).
|
||||||
@ -477,7 +476,6 @@ public class SQLInputImpl implements SQLInput {
|
|||||||
// create new instance of the class
|
// create new instance of the class
|
||||||
SQLData obj = null;
|
SQLData obj = null;
|
||||||
try {
|
try {
|
||||||
ReflectUtil.checkPackageAccess(c);
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
Object tmp = c.newInstance();
|
Object tmp = c.newInstance();
|
||||||
obj = (SQLData)tmp;
|
obj = (SQLData)tmp;
|
||||||
|
@ -30,9 +30,6 @@ import java.lang.reflect.*;
|
|||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Vector;
|
import java.util.Vector;
|
||||||
import javax.sql.rowset.RowSetWarning;
|
import javax.sql.rowset.RowSetWarning;
|
||||||
import jdk.internal.reflect.CallerSensitive;
|
|
||||||
import jdk.internal.reflect.Reflection;
|
|
||||||
import sun.reflect.misc.ReflectUtil;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A serializable mapping in the Java programming language of an SQL
|
* A serializable mapping in the Java programming language of an SQL
|
||||||
@ -125,23 +122,9 @@ public class SerialJavaObject implements Serializable, Cloneable {
|
|||||||
* the serialized object
|
* the serialized object
|
||||||
* @see Class#getFields
|
* @see Class#getFields
|
||||||
*/
|
*/
|
||||||
@CallerSensitive
|
|
||||||
public Field[] getFields() throws SerialException {
|
public Field[] getFields() throws SerialException {
|
||||||
if (fields != null) {
|
if (fields != null) {
|
||||||
Class<?> c = this.obj.getClass();
|
Class<?> c = this.obj.getClass();
|
||||||
@SuppressWarnings("removal")
|
|
||||||
SecurityManager sm = System.getSecurityManager();
|
|
||||||
if (sm != null) {
|
|
||||||
/*
|
|
||||||
* Check if the caller is allowed to access the specified class's package.
|
|
||||||
* If access is denied, throw a SecurityException.
|
|
||||||
*/
|
|
||||||
Class<?> caller = Reflection.getCallerClass();
|
|
||||||
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
|
|
||||||
c.getClassLoader())) {
|
|
||||||
ReflectUtil.checkPackageAccess(c);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return c.getFields();
|
return c.getFields();
|
||||||
} else {
|
} else {
|
||||||
throw new SerialException("SerialJavaObject does not contain" +
|
throw new SerialException("SerialJavaObject does not contain" +
|
||||||
|
@ -35,13 +35,8 @@ import java.io.FileInputStream;
|
|||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.security.PrivilegedActionException;
|
|
||||||
import java.security.PrivilegedExceptionAction;
|
|
||||||
|
|
||||||
import javax.naming.*;
|
import javax.naming.*;
|
||||||
import sun.reflect.misc.ReflectUtil;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The Service Provider Interface (SPI) mechanism that generates <code>SyncProvider</code>
|
* The Service Provider Interface (SPI) mechanism that generates <code>SyncProvider</code>
|
||||||
@ -236,11 +231,6 @@ public class SyncFactory {
|
|||||||
*/
|
*/
|
||||||
private static String ROWSET_PROPERTIES = "rowset.properties";
|
private static String ROWSET_PROPERTIES = "rowset.properties";
|
||||||
|
|
||||||
/**
|
|
||||||
* Permission required to invoke setJNDIContext and setLogger
|
|
||||||
*/
|
|
||||||
private static final SQLPermission SET_SYNCFACTORY_PERMISSION =
|
|
||||||
new SQLPermission("setSyncFactory");
|
|
||||||
/**
|
/**
|
||||||
* The initial JNDI context where <code>SyncProvider</code> implementations can
|
* The initial JNDI context where <code>SyncProvider</code> implementations can
|
||||||
* be stored and from which they can be invoked.
|
* be stored and from which they can be invoked.
|
||||||
@ -355,17 +345,7 @@ public class SyncFactory {
|
|||||||
/*
|
/*
|
||||||
* Dependent on application
|
* Dependent on application
|
||||||
*/
|
*/
|
||||||
String strRowsetProperties;
|
String strRowsetProperties = System.getProperty("rowset.properties");
|
||||||
try {
|
|
||||||
strRowsetProperties = AccessController.doPrivileged(new PrivilegedAction<String>() {
|
|
||||||
public String run() {
|
|
||||||
return System.getProperty("rowset.properties");
|
|
||||||
}
|
|
||||||
}, null, new PropertyPermission("rowset.properties", "read"));
|
|
||||||
} catch (Exception ex) {
|
|
||||||
System.out.println("errorget rowset.properties: " + ex);
|
|
||||||
strRowsetProperties = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
if (strRowsetProperties != null) {
|
if (strRowsetProperties != null) {
|
||||||
// Load user's implementation of SyncProvider
|
// Load user's implementation of SyncProvider
|
||||||
@ -385,7 +365,6 @@ public class SyncFactory {
|
|||||||
"rowset.properties";
|
"rowset.properties";
|
||||||
|
|
||||||
try {
|
try {
|
||||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
|
||||||
InputStream in = SyncFactory.class.getModule().getResourceAsStream(ROWSET_PROPERTIES);
|
InputStream in = SyncFactory.class.getModule().getResourceAsStream(ROWSET_PROPERTIES);
|
||||||
if (in == null) {
|
if (in == null) {
|
||||||
throw new SyncFactoryException("Resource " + ROWSET_PROPERTIES + " not found");
|
throw new SyncFactoryException("Resource " + ROWSET_PROPERTIES + " not found");
|
||||||
@ -393,18 +372,11 @@ public class SyncFactory {
|
|||||||
try (in) {
|
try (in) {
|
||||||
properties.load(in);
|
properties.load(in);
|
||||||
}
|
}
|
||||||
return null;
|
} catch (IOException e) {
|
||||||
});
|
|
||||||
} catch (PrivilegedActionException ex) {
|
|
||||||
Throwable e = ex.getException();
|
|
||||||
if (e instanceof SyncFactoryException) {
|
|
||||||
throw (SyncFactoryException) e;
|
|
||||||
} else {
|
|
||||||
SyncFactoryException sfe = new SyncFactoryException();
|
SyncFactoryException sfe = new SyncFactoryException();
|
||||||
sfe.initCause(ex.getException());
|
sfe.initCause(e);
|
||||||
throw sfe;
|
throw sfe;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
parseProperties(properties);
|
parseProperties(properties);
|
||||||
|
|
||||||
@ -421,17 +393,7 @@ public class SyncFactory {
|
|||||||
* load additional properties from -D command line
|
* load additional properties from -D command line
|
||||||
*/
|
*/
|
||||||
properties.clear();
|
properties.clear();
|
||||||
String providerImpls;
|
String providerImpls = System.getProperty(ROWSET_SYNC_PROVIDER);
|
||||||
try {
|
|
||||||
providerImpls = AccessController.doPrivileged(new PrivilegedAction<String>() {
|
|
||||||
public String run() {
|
|
||||||
return System.getProperty(ROWSET_SYNC_PROVIDER);
|
|
||||||
}
|
|
||||||
}, null, new PropertyPermission(ROWSET_SYNC_PROVIDER, "read"));
|
|
||||||
} catch (Exception ex) {
|
|
||||||
providerImpls = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (providerImpls != null) {
|
if (providerImpls != null) {
|
||||||
int i = 0;
|
int i = 0;
|
||||||
if (providerImpls.indexOf(colon) > 0) {
|
if (providerImpls.indexOf(colon) > 0) {
|
||||||
@ -563,14 +525,6 @@ public class SyncFactory {
|
|||||||
return new com.sun.rowset.providers.RIOptimisticProvider();
|
return new com.sun.rowset.providers.RIOptimisticProvider();
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
|
||||||
ReflectUtil.checkPackageAccess(providerID);
|
|
||||||
} catch (@SuppressWarnings("removal") java.security.AccessControlException e) {
|
|
||||||
SyncFactoryException sfe = new SyncFactoryException();
|
|
||||||
sfe.initCause(e);
|
|
||||||
throw sfe;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Attempt to invoke classname from registered SyncProvider list
|
// Attempt to invoke classname from registered SyncProvider list
|
||||||
Class<?> c = null;
|
Class<?> c = null;
|
||||||
try {
|
try {
|
||||||
@ -626,12 +580,6 @@ public class SyncFactory {
|
|||||||
*/
|
*/
|
||||||
public static void setLogger(Logger logger) {
|
public static void setLogger(Logger logger) {
|
||||||
|
|
||||||
@SuppressWarnings("removal")
|
|
||||||
SecurityManager sec = System.getSecurityManager();
|
|
||||||
if (sec != null) {
|
|
||||||
sec.checkPermission(SET_SYNCFACTORY_PERMISSION);
|
|
||||||
}
|
|
||||||
|
|
||||||
if(logger == null){
|
if(logger == null){
|
||||||
throw new NullPointerException("You must provide a Logger");
|
throw new NullPointerException("You must provide a Logger");
|
||||||
}
|
}
|
||||||
@ -652,12 +600,6 @@ public class SyncFactory {
|
|||||||
*/
|
*/
|
||||||
public static void setLogger(Logger logger, Level level) {
|
public static void setLogger(Logger logger, Level level) {
|
||||||
// singleton
|
// singleton
|
||||||
@SuppressWarnings("removal")
|
|
||||||
SecurityManager sec = System.getSecurityManager();
|
|
||||||
if (sec != null) {
|
|
||||||
sec.checkPermission(SET_SYNCFACTORY_PERMISSION);
|
|
||||||
}
|
|
||||||
|
|
||||||
if(logger == null){
|
if(logger == null){
|
||||||
throw new NullPointerException("You must provide a Logger");
|
throw new NullPointerException("You must provide a Logger");
|
||||||
}
|
}
|
||||||
@ -692,11 +634,7 @@ public class SyncFactory {
|
|||||||
*/
|
*/
|
||||||
public static synchronized void setJNDIContext(javax.naming.Context ctx)
|
public static synchronized void setJNDIContext(javax.naming.Context ctx)
|
||||||
throws SyncFactoryException {
|
throws SyncFactoryException {
|
||||||
@SuppressWarnings("removal")
|
|
||||||
SecurityManager sec = System.getSecurityManager();
|
|
||||||
if (sec != null) {
|
|
||||||
sec.checkPermission(SET_SYNCFACTORY_PERMISSION);
|
|
||||||
}
|
|
||||||
if (ctx == null) {
|
if (ctx == null) {
|
||||||
throw new SyncFactoryException("Invalid JNDI context supplied");
|
throw new SyncFactoryException("Invalid JNDI context supplied");
|
||||||
}
|
}
|
||||||
|
@ -31,8 +31,6 @@ import java.util.Enumeration;
|
|||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.ServiceLoader;
|
import java.util.ServiceLoader;
|
||||||
import java.security.AccessController;
|
|
||||||
import java.security.PrivilegedAction;
|
|
||||||
import java.util.concurrent.CopyOnWriteArrayList;
|
import java.util.concurrent.CopyOnWriteArrayList;
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
@ -98,22 +96,6 @@ public class DriverManager {
|
|||||||
/* Prevent the DriverManager class from being instantiated. */
|
/* Prevent the DriverManager class from being instantiated. */
|
||||||
private DriverManager(){}
|
private DriverManager(){}
|
||||||
|
|
||||||
/**
|
|
||||||
* The {@code SQLPermission} constant that allows the
|
|
||||||
* setting of the logging stream.
|
|
||||||
* @since 1.3
|
|
||||||
*/
|
|
||||||
static final SQLPermission SET_LOG_PERMISSION =
|
|
||||||
new SQLPermission("setLog");
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The {@code SQLPermission} constant that allows the
|
|
||||||
* un-register a registered JDBC driver.
|
|
||||||
* @since 1.8
|
|
||||||
*/
|
|
||||||
static final SQLPermission DEREGISTER_DRIVER_PERMISSION =
|
|
||||||
new SQLPermission("deregisterDriver");
|
|
||||||
|
|
||||||
//--------------------------JDBC 2.0-----------------------------
|
//--------------------------JDBC 2.0-----------------------------
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -140,12 +122,6 @@ public class DriverManager {
|
|||||||
* @since 1.2
|
* @since 1.2
|
||||||
*/
|
*/
|
||||||
public static void setLogWriter(java.io.PrintWriter out) {
|
public static void setLogWriter(java.io.PrintWriter out) {
|
||||||
|
|
||||||
@SuppressWarnings("removal")
|
|
||||||
SecurityManager sec = System.getSecurityManager();
|
|
||||||
if (sec != null) {
|
|
||||||
sec.checkPermission(SET_LOG_PERMISSION);
|
|
||||||
}
|
|
||||||
logStream = null;
|
logStream = null;
|
||||||
logWriter = out;
|
logWriter = out;
|
||||||
}
|
}
|
||||||
@ -367,12 +343,6 @@ public class DriverManager {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@SuppressWarnings("removal")
|
|
||||||
SecurityManager sec = System.getSecurityManager();
|
|
||||||
if (sec != null) {
|
|
||||||
sec.checkPermission(DEREGISTER_DRIVER_PERMISSION);
|
|
||||||
}
|
|
||||||
|
|
||||||
println("DriverManager.deregisterDriver: " + driver);
|
println("DriverManager.deregisterDriver: " + driver);
|
||||||
|
|
||||||
DriverInfo aDriver = new DriverInfo(driver, null);
|
DriverInfo aDriver = new DriverInfo(driver, null);
|
||||||
@ -477,13 +447,6 @@ public class DriverManager {
|
|||||||
*/
|
*/
|
||||||
@Deprecated(since="1.2")
|
@Deprecated(since="1.2")
|
||||||
public static void setLogStream(java.io.PrintStream out) {
|
public static void setLogStream(java.io.PrintStream out) {
|
||||||
|
|
||||||
@SuppressWarnings("removal")
|
|
||||||
SecurityManager sec = System.getSecurityManager();
|
|
||||||
if (sec != null) {
|
|
||||||
sec.checkPermission(SET_LOG_PERMISSION);
|
|
||||||
}
|
|
||||||
|
|
||||||
logStream = out;
|
logStream = out;
|
||||||
if ( out != null )
|
if ( out != null )
|
||||||
logWriter = new java.io.PrintWriter(out);
|
logWriter = new java.io.PrintWriter(out);
|
||||||
@ -549,7 +512,6 @@ public class DriverManager {
|
|||||||
* Load the initial JDBC drivers by checking the System property
|
* Load the initial JDBC drivers by checking the System property
|
||||||
* jdbc.drivers and then use the {@code ServiceLoader} mechanism
|
* jdbc.drivers and then use the {@code ServiceLoader} mechanism
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("removal")
|
|
||||||
private static void ensureDriversInitialized() {
|
private static void ensureDriversInitialized() {
|
||||||
if (driversInitialized) {
|
if (driversInitialized) {
|
||||||
return;
|
return;
|
||||||
@ -561,11 +523,7 @@ public class DriverManager {
|
|||||||
}
|
}
|
||||||
String drivers;
|
String drivers;
|
||||||
try {
|
try {
|
||||||
drivers = AccessController.doPrivileged(new PrivilegedAction<String>() {
|
drivers = System.getProperty(JDBC_DRIVERS_PROPERTY);
|
||||||
public String run() {
|
|
||||||
return System.getProperty(JDBC_DRIVERS_PROPERTY);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
drivers = null;
|
drivers = null;
|
||||||
}
|
}
|
||||||
@ -574,8 +532,6 @@ public class DriverManager {
|
|||||||
// exposed as a java.sql.Driver.class service.
|
// exposed as a java.sql.Driver.class service.
|
||||||
// ServiceLoader.load() replaces the sun.misc.Providers()
|
// ServiceLoader.load() replaces the sun.misc.Providers()
|
||||||
|
|
||||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
|
||||||
public Void run() {
|
|
||||||
|
|
||||||
ServiceLoader<Driver> loadedDrivers = ServiceLoader.load(Driver.class);
|
ServiceLoader<Driver> loadedDrivers = ServiceLoader.load(Driver.class);
|
||||||
Iterator<Driver> driversIterator = loadedDrivers.iterator();
|
Iterator<Driver> driversIterator = loadedDrivers.iterator();
|
||||||
@ -599,9 +555,6 @@ public class DriverManager {
|
|||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
// Do nothing
|
// Do nothing
|
||||||
}
|
}
|
||||||
return null;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
println("DriverManager.initialize: jdbc.drivers = " + drivers);
|
println("DriverManager.initialize: jdbc.drivers = " + drivers);
|
||||||
|
|
||||||
|
@ -1,150 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2014, 2021, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
||||||
*
|
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License version 2 only, as
|
|
||||||
* published by the Free Software Foundation.
|
|
||||||
*
|
|
||||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
||||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
||||||
* version 2 for more details (a copy is included in the LICENSE file that
|
|
||||||
* accompanied this code).
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License version
|
|
||||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
||||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
*
|
|
||||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
||||||
* or visit www.oracle.com if you need additional information or have any
|
|
||||||
* questions.
|
|
||||||
*/
|
|
||||||
package util;
|
|
||||||
|
|
||||||
import java.io.FilePermission;
|
|
||||||
import java.lang.reflect.ReflectPermission;
|
|
||||||
import java.security.AllPermission;
|
|
||||||
import java.security.CodeSource;
|
|
||||||
import java.security.Permission;
|
|
||||||
import java.security.PermissionCollection;
|
|
||||||
import java.security.Permissions;
|
|
||||||
import java.security.Policy;
|
|
||||||
import java.security.ProtectionDomain;
|
|
||||||
import java.security.SecurityPermission;
|
|
||||||
import java.sql.SQLPermission;
|
|
||||||
import java.util.Enumeration;
|
|
||||||
import java.util.PropertyPermission;
|
|
||||||
import java.util.StringJoiner;
|
|
||||||
import java.util.logging.LoggingPermission;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Simple Policy class that supports the required Permissions to validate the
|
|
||||||
* JDBC concrete classes
|
|
||||||
*/
|
|
||||||
public class TestPolicy extends Policy {
|
|
||||||
static final Policy DEFAULT_POLICY = Policy.getPolicy();
|
|
||||||
|
|
||||||
final PermissionCollection permissions = new Permissions();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructor which sets the minimum permissions allowing testNG to work
|
|
||||||
* with a SecurityManager
|
|
||||||
*/
|
|
||||||
public TestPolicy() {
|
|
||||||
setMinimalPermissions();
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Constructor which determines which permissions are defined for this
|
|
||||||
* Policy used by the JDBC tests Possible values are: all (ALLPermissions),
|
|
||||||
* setLog (SQLPemission("setLog"), deregisterDriver
|
|
||||||
* (SQLPermission("deregisterDriver") (SQLPermission("deregisterDriver"),
|
|
||||||
* setSyncFactory(SQLPermission(setSyncFactory), and also
|
|
||||||
* LoggerPermission("control", null) when setting a Level
|
|
||||||
*
|
|
||||||
* @param policy Permissions to set
|
|
||||||
*/
|
|
||||||
public TestPolicy(String policy) {
|
|
||||||
|
|
||||||
switch (policy) {
|
|
||||||
case "all":
|
|
||||||
permissions.add(new AllPermission());
|
|
||||||
break;
|
|
||||||
case "setLog":
|
|
||||||
setMinimalPermissions();
|
|
||||||
permissions.add(new SQLPermission("setLog"));
|
|
||||||
break;
|
|
||||||
case "deregisterDriver":
|
|
||||||
setMinimalPermissions();
|
|
||||||
permissions.add(new SQLPermission("deregisterDriver"));
|
|
||||||
break;
|
|
||||||
case "setSyncFactory":
|
|
||||||
setMinimalPermissions();
|
|
||||||
permissions.add(new SQLPermission("setSyncFactory"));
|
|
||||||
break;
|
|
||||||
case "setSyncFactoryLogger":
|
|
||||||
setMinimalPermissions();
|
|
||||||
permissions.add(new SQLPermission("setSyncFactory"));
|
|
||||||
permissions.add(new LoggingPermission("control", null));
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
setMinimalPermissions();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Defines the minimal permissions required by testNG when running these
|
|
||||||
* tests
|
|
||||||
*/
|
|
||||||
private void setMinimalPermissions() {
|
|
||||||
permissions.add(new SecurityPermission("getPolicy"));
|
|
||||||
permissions.add(new SecurityPermission("setPolicy"));
|
|
||||||
permissions.add(new RuntimePermission("getClassLoader"));
|
|
||||||
permissions.add(new RuntimePermission("setSecurityManager"));
|
|
||||||
permissions.add(new RuntimePermission("createSecurityManager"));
|
|
||||||
permissions.add(new PropertyPermission("line.separator", "read"));
|
|
||||||
permissions.add(new PropertyPermission("fileStringBuffer", "read"));
|
|
||||||
permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
|
|
||||||
permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
|
|
||||||
permissions.add(new PropertyPermission("testng.show.stack.frames",
|
|
||||||
"read"));
|
|
||||||
permissions.add(new PropertyPermission("testng.thread.affinity", "read"));
|
|
||||||
permissions.add(new PropertyPermission("testng.memory.friendly", "read"));
|
|
||||||
permissions.add(new PropertyPermission("testng.mode.dryrun", "read"));
|
|
||||||
permissions.add(new PropertyPermission("testng.report.xml.name", "read"));
|
|
||||||
permissions.add(new PropertyPermission("testng.timezone", "read"));
|
|
||||||
permissions.add(new ReflectPermission("suppressAccessChecks"));
|
|
||||||
permissions.add(new FilePermission("<<ALL FILES>>",
|
|
||||||
"read, write, delete"));
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Overloaded methods from the Policy class
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public String toString() {
|
|
||||||
StringJoiner sj = new StringJoiner("\n", "policy: ", "");
|
|
||||||
Enumeration<Permission> perms = permissions.elements();
|
|
||||||
while (perms.hasMoreElements()) {
|
|
||||||
sj.add(perms.nextElement().toString());
|
|
||||||
}
|
|
||||||
return sj.toString();
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public PermissionCollection getPermissions(ProtectionDomain domain) {
|
|
||||||
return permissions;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public PermissionCollection getPermissions(CodeSource codesource) {
|
|
||||||
return permissions;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean implies(ProtectionDomain domain, Permission perm) {
|
|
||||||
return permissions.implies(perm) || DEFAULT_POLICY.implies(domain, perm);
|
|
||||||
}
|
|
||||||
}
|
|
@ -71,16 +71,12 @@ public class CheckCSMs {
|
|||||||
// over time. Do not add any new one to this list.
|
// over time. Do not add any new one to this list.
|
||||||
private static final Set<String> KNOWN_NON_FINAL_CSMS =
|
private static final Set<String> KNOWN_NON_FINAL_CSMS =
|
||||||
Set.of("java/lang/Runtime#load (Ljava/lang/String;)V",
|
Set.of("java/lang/Runtime#load (Ljava/lang/String;)V",
|
||||||
"java/lang/Runtime#loadLibrary (Ljava/lang/String;)V",
|
"java/lang/Runtime#loadLibrary (Ljava/lang/String;)V"
|
||||||
"javax/sql/rowset/serial/SerialJavaObject#getFields ()[Ljava/lang/reflect/Field;"
|
|
||||||
);
|
);
|
||||||
|
|
||||||
// These non-static non-final methods must not have @CallerSensitiveAdapter
|
// These non-static non-final methods must not have @CallerSensitiveAdapter
|
||||||
// methods that takes an additional caller class parameter.
|
// methods that takes an additional caller class parameter.
|
||||||
private static Set<String> UNSUPPORTED_VIRTUAL_METHODS =
|
private static Set<String> UNSUPPORTED_VIRTUAL_METHODS = Set.of();
|
||||||
Set.of("java/io/ObjectStreamField#getType (Ljava/lang/Class;)Ljava/lang/Class;",
|
|
||||||
"javax/sql/rowset/serial/SerialJavaObject#getFields (Ljava/lang/Class;)[Ljava/lang/reflect/Field;"
|
|
||||||
);
|
|
||||||
|
|
||||||
public static void main(String[] args) throws Exception {
|
public static void main(String[] args) throws Exception {
|
||||||
if (args.length > 0 && args[0].equals("--list")) {
|
if (args.length > 0 && args[0].equals("--list")) {
|
||||||
|
Loading…
Reference in New Issue
Block a user