From 60a88657a769ff69c9df6cf8d39e1cc88e4f3d05 Mon Sep 17 00:00:00 2001
From: Jaroslav Bachorik <jbachorik@openjdk.org>
Date: Mon, 23 Dec 2013 14:29:27 +0100
Subject: [PATCH] 8029286: Enhance subject delegation

Reviewed-by: dfuchs, ahgross
---
 .../jmx/remote/security/SubjectDelegator.java | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java b/jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java
index 4e8608a9694..a69c501d272 100644
--- a/jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java
+++ b/jdk/src/share/classes/com/sun/jmx/remote/security/SubjectDelegator.java
@@ -35,6 +35,8 @@ import javax.security.auth.Subject;
 import javax.management.remote.SubjectDelegationPermission;
 
 import com.sun.jmx.remote.util.CacheMap;
+import java.util.ArrayList;
+import java.util.Collection;
 
 public class SubjectDelegator {
     private static final int PRINCIPALS_CACHE_SIZE = 10;
@@ -53,11 +55,14 @@ public class SubjectDelegator {
                          boolean removeCallerContext)
             throws SecurityException {
 
+        if (System.getSecurityManager() != null && authenticatedACC == null) {
+            throw new SecurityException("Illegal AccessControlContext: null");
+        }
         if (principalsCache == null || accCache == null) {
             principalsCache =
-                    new CacheMap<Subject, Principal[]>(PRINCIPALS_CACHE_SIZE);
+                    new CacheMap<>(PRINCIPALS_CACHE_SIZE);
             accCache =
-                    new CacheMap<Subject, AccessControlContext>(ACC_CACHE_SIZE);
+                    new CacheMap<>(ACC_CACHE_SIZE);
         }
 
         // Retrieve the principals for the given
@@ -101,14 +106,15 @@ public class SubjectDelegator {
         // principal in the delegated subject
         //
         final Principal[] dp = delegatedPrincipals;
+        final Collection<Permission> permissions = new ArrayList<>(dp.length);
+        for(Principal p : dp) {
+            final String pname = p.getClass().getName() + "." + p.getName();
+            permissions.add(new SubjectDelegationPermission(pname));
+        }
         PrivilegedAction<Void> action =
             new PrivilegedAction<Void>() {
                 public Void run() {
-                    for (int i = 0 ; i < dp.length ; i++) {
-                        final String pname =
-                            dp[i].getClass().getName() + "." + dp[i].getName();
-                        Permission sdp =
-                            new SubjectDelegationPermission(pname);
+                    for (Permission sdp : permissions) {
                         AccessController.checkPermission(sdp);
                     }
                     return null;