infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-18 06:15:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Sean Mullan 2010-11-22 11:27:14 -05:00
commit e9d88cabcd
2 changed files with 55 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
jdk/src/share/classes/javax/security/auth/Policy.java
View File

@ -25,6 +25,9 @@
package javax.security.auth;
import java.security.Security;
import sun.security.util.Debug;
/**
* <p> This is an abstract class for representing the system policy for
* Subject-based authorization. A subclass implementation
@ -159,6 +162,10 @@ public abstract class Policy {
private static Policy policy;
private static ClassLoader contextClassLoader;
// true if a custom (not com.sun.security.auth.PolicyFile) system-wide
// policy object is set
private static boolean isCustomPolicy;
static {
contextClassLoader = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<ClassLoader>() {
@ -234,6 +241,8 @@ public abstract class Policy {
contextClassLoader).newInstance();
}
});
isCustomPolicy =
!finalClass.equals("com.sun.security.auth.PolicyFile");
} catch (Exception e) {
throw new SecurityException
(sun.security.util.ResourcesMgr.getString
@ -265,6 +274,46 @@ public abstract class Policy {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
Policy.policy = policy;
// all non-null policy objects are assumed to be custom
isCustomPolicy = policy != null ? true : false;
}
/**
* Returns true if a custom (not com.sun.security.auth.PolicyFile)
* system-wide policy object has been set or installed. This method is
* called by SubjectDomainCombiner to provide backwards compatibility for
* developers that provide their own javax.security.auth.Policy
* implementations.
*
* @return true if a custom (not com.sun.security.auth.PolicyFile)
* system-wide policy object has been set; false otherwise
*/
static boolean isCustomPolicySet(Debug debug) {
if (policy != null) {
if (debug != null && isCustomPolicy) {
debug.println("Providing backwards compatibility for " +
"javax.security.auth.policy implementation: " +
policy.toString());
}
return isCustomPolicy;
}
// check if custom policy has been set using auth.policy.provider prop
String policyClass = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<String>() {
public String run() {
return Security.getProperty("auth.policy.provider");
}
});
if (policyClass != null
&& !policyClass.equals("com.sun.security.auth.PolicyFile")) {
if (debug != null) {
debug.println("Providing backwards compatibility for " +
"javax.security.auth.policy implementation: " +
policyClass);
}
return true;
}
return false;
}
/**

39
jdk/src/share/classes/javax/security/auth/SubjectDomainCombiner.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,8 +26,6 @@
package javax.security.auth;
import java.security.AccessController;
import java.security.AccessControlContext;
import java.security.AllPermission;
import java.security.Permission;
import java.security.Permissions;
import java.security.PermissionCollection;
@ -35,10 +33,8 @@ import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.lang.ClassLoader;
import java.security.Security;
import java.util.Set;
import java.util.Iterator;
import java.util.WeakHashMap;
import java.lang.ref.WeakReference;
@ -61,7 +57,8 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
"\t[SubjectDomainCombiner]");
// Note: check only at classloading time, not dynamically during combine()
private static final boolean useJavaxPolicy = compatPolicy();
private static final boolean useJavaxPolicy =
javax.security.auth.Policy.isCustomPolicySet(debug);
// Relevant only when useJavaxPolicy is true
private static final boolean allowCaching =
@ -202,8 +199,8 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
return null;
}
// maintain backwards compatibility for people who provide
// their own javax.security.auth.Policy implementations
// maintain backwards compatibility for developers who provide
// their own custom javax.security.auth.Policy implementations
if (useJavaxPolicy) {
return combineJavaxPolicy(currentDomains, assignedDomains);
}
@ -476,8 +473,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
String s = AccessController.doPrivileged
(new PrivilegedAction<String>() {
public String run() {
return java.security.Security.getProperty
("cache.auth.policy");
return Security.getProperty("cache.auth.policy");
}
});
if (s != null) {
@ -488,29 +484,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
return true;
}
// maintain backwards compatibility for people who provide
// their own javax.security.auth.Policy implementations
private static boolean compatPolicy() {
javax.security.auth.Policy javaxPolicy = AccessController.doPrivileged
(new PrivilegedAction<javax.security.auth.Policy>() {
public javax.security.auth.Policy run() {
return javax.security.auth.Policy.getPolicy();
}
});
if (!(javaxPolicy instanceof com.sun.security.auth.PolicyFile)) {
if (debug != null) {
debug.println("Providing backwards compatibility for " +
"javax.security.auth.policy implementation: " +
javaxPolicy.toString());
}
return true;
} else {
return false;
}
}
private static void printInputDomains(ProtectionDomain[] currentDomains,
ProtectionDomain[] assignedDomains) {
if (currentDomains == null || currentDomains.length == 0) {