diff options
| author | Mark Wielaard <mark@klomp.org> | 2005-02-17 00:39:09 +0000 |
|---|---|---|
| committer | Mark Wielaard <mark@klomp.org> | 2005-02-17 00:39:09 +0000 |
| commit | 60c74bce2fecfd6af8264528055c5c3fd7c62f6d (patch) | |
| tree | fe92a5fb06c8ef12a5fa8a4515689c0c745c453b | |
| parent | 4122b1bb312879f2394a1dddbc6c827d4004dd5e (diff) | |
| download | classpath-60c74bce2fecfd6af8264528055c5c3fd7c62f6d.tar.gz | |
2005-02-16 Andrew Haley <aph@redhat.com>
* javax/security/auth/Subject.java (doAsPrivileged): If acc is
null, create a new AccessControlContext.
* java/security/SecureClassLoader.java (protectionDomainCache):
new field.
(defineClass): Create a new protection domain and add it to our
cache.
* java/rmi/server/UnicastRemoteObject.java (exportObject): Call
addStub() to keep track of the stub we've exported.
(unexportObject): Call deleteStub().
* java/rmi/server/RemoteObject.java (stubs): New field.
(addStub): New method.
(deleteStub): New method.
(toStub): Rewrite.
* java/security/Permissions.java (PermissionsHash.implies):
Iterate over the collection and invoke implies() on each
element.
| -rw-r--r-- | ChangeLog | 21 | ||||
| -rw-r--r-- | java/rmi/server/RemoteObject.java | 32 | ||||
| -rw-r--r-- | java/rmi/server/UnicastRemoteObject.java | 11 | ||||
| -rw-r--r-- | java/security/Permissions.java | 11 | ||||
| -rw-r--r-- | java/security/SecureClassLoader.java | 26 | ||||
| -rw-r--r-- | javax/security/auth/Subject.java | 4 |
6 files changed, 84 insertions, 21 deletions
@@ -1,3 +1,24 @@ +2005-02-16 Andrew Haley <aph@redhat.com> + + * javax/security/auth/Subject.java (doAsPrivileged): If acc is + null, create a new AccessControlContext. + * java/security/SecureClassLoader.java (protectionDomainCache): + new field. + (defineClass): Create a new protection domain and add it to our + cache. + + * java/rmi/server/UnicastRemoteObject.java (exportObject): Call + addStub() to keep track of the stub we've exported. + (unexportObject): Call deleteStub(). + * java/rmi/server/RemoteObject.java (stubs): New field. + (addStub): New method. + (deleteStub): New method. + (toStub): Rewrite. + + * java/security/Permissions.java (PermissionsHash.implies): + Iterate over the collection and invoke implies() on each + element. + 2005-02-16 Julian Scheid <julian@sektor37.de> * gnu/java/nio/charset/UTF_8.java (decodeLoop): Set inPos to diff --git a/java/rmi/server/RemoteObject.java b/java/rmi/server/RemoteObject.java index 9c3422b6f..6dca07f8e 100644 --- a/java/rmi/server/RemoteObject.java +++ b/java/rmi/server/RemoteObject.java @@ -45,6 +45,7 @@ import java.lang.reflect.Constructor; import java.rmi.NoSuchObjectException; import java.rmi.Remote; import java.rmi.UnmarshalException; +import java.util.WeakHashMap; public abstract class RemoteObject implements Remote, Serializable { @@ -53,6 +54,8 @@ private static final long serialVersionUID = -3215090123894869218l; protected transient RemoteRef ref; +private static final WeakHashMap stubs = new WeakHashMap(); + protected RemoteObject() { this(null); } @@ -65,21 +68,24 @@ public RemoteRef getRef() { return (ref); } +synchronized static void addStub(Remote obj, Remote stub) +{ + stubs.put(obj, stub); +} + +synchronized static void deleteStub(Remote obj) +{ + stubs.remove(obj); +} + public static Remote toStub(Remote obj) throws NoSuchObjectException { - Class cls = obj.getClass(); - String classname = cls.getName(); - ClassLoader cl = cls.getClassLoader(); - try - { - Class scls = cl.loadClass(classname + "_Stub"); - // JDK 1.2 stubs - Class[] stubprototype = new Class[] { RemoteRef.class }; - Constructor con = scls.getConstructor(stubprototype); - return (Remote)(con.newInstance(new Object[]{obj})); - } - catch (Exception e) {} - throw new NoSuchObjectException(obj.getClass().getName()); + Remote stub = (Remote)stubs.get(obj); + + if (stub == null) + throw new NoSuchObjectException(obj.getClass().getName()); + + return stub; } public int hashCode() { diff --git a/java/rmi/server/UnicastRemoteObject.java b/java/rmi/server/UnicastRemoteObject.java index 6e8fb2538..ed296f033 100644 --- a/java/rmi/server/UnicastRemoteObject.java +++ b/java/rmi/server/UnicastRemoteObject.java @@ -98,7 +98,9 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException { { sref = new UnicastServerRef(new ObjID (), port, ssf); } - return (sref.exportObject (obj)); + Remote stub = sref.exportObject (obj); + addStub(obj, stub); + return stub; } /** @@ -116,12 +118,15 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException { { if (obj instanceof RemoteObject) { + deleteStub(obj); UnicastServerRef sref = (UnicastServerRef)((RemoteObject)obj).getRef(); return sref.unexportObject(obj, force); } else - //FIX ME - ; + { + //FIX ME + ; + } return true; } diff --git a/java/security/Permissions.java b/java/security/Permissions.java index d9be3af63..b603dedcf 100644 --- a/java/security/Permissions.java +++ b/java/security/Permissions.java @@ -227,9 +227,18 @@ public final class Permissions extends PermissionCollection * @param perm the permission to check * @return true if it is implied */ + // FIXME: Should this method be synchronized? public boolean implies(Permission perm) { - return perms.get(perm) != null; + Enumeration elements = elements(); + + while (elements.hasMoreElements()) + { + Permission p = (Permission)elements.nextElement(); + if (p.implies(perm)) + return true; + } + return false; } /** diff --git a/java/security/SecureClassLoader.java b/java/security/SecureClassLoader.java index 7546edc85..89b5e4eff 100644 --- a/java/security/SecureClassLoader.java +++ b/java/security/SecureClassLoader.java @@ -48,6 +48,8 @@ package java.security; */ public class SecureClassLoader extends ClassLoader { + java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap(); + protected SecureClassLoader(ClassLoader parent) { super(parent); @@ -80,11 +82,29 @@ public class SecureClassLoader extends ClassLoader protected final Class defineClass(String name, byte[] b, int off, int len, CodeSource cs) { - // FIXME: Need to cache ProtectionDomains according to 1.3 docs. if (cs != null) { - ProtectionDomain protectionDomain - = new ProtectionDomain(cs, getPermissions(cs), this, null); + ProtectionDomain protectionDomain; + + synchronized (protectionDomainCache) + { + protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs); + } + + if (protectionDomain == null) + { + protectionDomain + = new ProtectionDomain(cs, getPermissions(cs), this, null); + synchronized (protectionDomainCache) + { + ProtectionDomain domain + = (ProtectionDomain)protectionDomainCache.get(cs); + if (domain == null) + protectionDomainCache.put(cs, protectionDomain); + else + protectionDomain = domain; + } + } return super.defineClass(name, b, off, len, protectionDomain); } else diff --git a/javax/security/auth/Subject.java b/javax/security/auth/Subject.java index 5391acec8..37baecc8a 100644 --- a/javax/security/auth/Subject.java +++ b/javax/security/auth/Subject.java @@ -235,7 +235,7 @@ public final class Subject implements Serializable */ public static Object doAsPrivileged (final Subject subject, final PrivilegedExceptionAction action, - final AccessControlContext acc) + AccessControlContext acc) throws PrivilegedActionException { final SecurityManager sm = System.getSecurityManager(); @@ -243,6 +243,8 @@ public final class Subject implements Serializable { sm.checkPermission (new AuthPermission ("doAsPrivileged")); } + if (acc == null) + acc = new AccessControlContext (new java.security.ProtectionDomain[0]); AccessControlContext context = new AccessControlContext (acc, new SubjectDomainCombiner (subject)); return AccessController.doPrivileged (action, context); |