infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-04-08 14:08:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

8025014: Enhance Security Policy

Browse Source 
6727821: Enhance JAAS Configuration

Reviewed-by: xuelei, hawtin
This commit is contained in:
Weijun Wang 2013-10-17 09:58:42 +08:00
parent 388f28f83b
commit 37dccda2c4
2 changed files with 54 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
jdk/src/share/classes/javax/security/auth/Policy.java
View File

@ -26,6 +26,10 @@
package javax.security.auth;
import java.security.Security;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Objects;
import sun.security.util.Debug;
/**
@ -155,22 +159,15 @@ import sun.security.util.Debug;
public abstract class Policy {
private static Policy policy;
private static ClassLoader contextClassLoader;
private final static String AUTH_POLICY =
"sun.security.provider.AuthPolicyFile";
private final java.security.AccessControlContext acc =
java.security.AccessController.getContext();
// true if a custom (not AUTH_POLICY) system-wide policy object is set
private static boolean isCustomPolicy;
static {
contextClassLoader = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
return Thread.currentThread().getContextClassLoader();
}
});
};
/**
* Sole constructor. (For invocation by subclass constructors, typically
* implicit.)
@ -213,8 +210,8 @@ public abstract class Policy {
if (policy == null) {
String policy_class = null;
policy_class = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<String>() {
policy_class = AccessController.doPrivileged
(new PrivilegedAction<String>() {
public String run() {
return java.security.Security.getProperty
("auth.policy.provider");
@ -226,18 +223,28 @@ public abstract class Policy {
try {
final String finalClass = policy_class;
policy = java.security.AccessController.doPrivileged
(new java.security.PrivilegedExceptionAction<Policy>() {
public Policy run() throws ClassNotFoundException,
InstantiationException,
IllegalAccessException {
return (Policy) Class.forName
(finalClass,
true,
contextClassLoader).newInstance();
}
});
isCustomPolicy = !finalClass.equals(AUTH_POLICY);
Policy untrustedImpl = AccessController.doPrivileged(
new PrivilegedExceptionAction<Policy>() {
public Policy run() throws ClassNotFoundException,
InstantiationException,
IllegalAccessException {
Class<? extends Policy> implClass = Class.forName(
finalClass, false,
Thread.currentThread().getContextClassLoader()
).asSubclass(Policy.class);
return implClass.newInstance();
}
});
AccessController.doPrivileged(
new PrivilegedExceptionAction<Void>() {
public Void run() {
setPolicy(untrustedImpl);
isCustomPolicy = !finalClass.equals(AUTH_POLICY);
return null;
}
}, Objects.requireNonNull(untrustedImpl.acc)
);
} catch (Exception e) {
throw new SecurityException
(sun.security.util.ResourcesMgr.getString

47
jdk/src/share/classes/javax/security/auth/login/Configuration.java
View File

@ -27,9 +27,6 @@ package javax.security.auth.login;
import javax.security.auth.AuthPermission;
import java.io.*;
import java.util.*;
import java.net.URI;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
@ -38,7 +35,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.SecurityPermission;
import java.util.Objects;
import sun.security.jca.GetInstance;
@ -191,16 +188,9 @@ import sun.security.jca.GetInstance;
public abstract class Configuration {
private static Configuration configuration;
private static ClassLoader contextClassLoader;
static {
contextClassLoader = AccessController.doPrivileged
(new PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
return Thread.currentThread().getContextClassLoader();
}
});
};
private final java.security.AccessControlContext acc =
java.security.AccessController.getContext();
private static void checkPermission(String type) {
SecurityManager sm = System.getSecurityManager();
@ -253,17 +243,26 @@ public abstract class Configuration {
try {
final String finalClass = config_class;
configuration = AccessController.doPrivileged
(new PrivilegedExceptionAction<Configuration>() {
public Configuration run() throws ClassNotFoundException,
InstantiationException,
IllegalAccessException {
return (Configuration)Class.forName
(finalClass,
true,
contextClassLoader).newInstance();
}
});
Configuration untrustedImpl = AccessController.doPrivileged(
new PrivilegedExceptionAction<Configuration>() {
public Configuration run() throws ClassNotFoundException,
InstantiationException,
IllegalAccessException {
Class<? extends Configuration> implClass = Class.forName(
finalClass, false,
Thread.currentThread().getContextClassLoader()
).asSubclass(Configuration.class);
return implClass.newInstance();
}
});
AccessController.doPrivileged(
new PrivilegedExceptionAction<Void>() {
public Void run() {
setConfiguration(untrustedImpl);
return null;
}
}, Objects.requireNonNull(untrustedImpl.acc)
);
} catch (PrivilegedActionException e) {
Exception ee = e.getException();
if (ee instanceof InstantiationException) {