* javax/security/auth/Subject.java (doAsPrivileged): If acc is
null, create a new AccessControlContext.
* java/security/SecureClassLoader.java (protectionDomainCache):
new field.
(defineClass): Create a new protection domain and add it to our
cache.
* java/rmi/server/UnicastRemoteObject.java (exportObject): Call
addStub() to keep track of the stub we've exported.
(unexportObject): Call deleteStub().
* java/rmi/server/RemoteObject.java (stubs): New field.
(addStub): New method.
(deleteStub): New method.
(toStub): Rewrite.
* java/lang/VMCompiler.java (loadSharedLibrary): Pass
true to findHelper (tryParents).
* gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
Likewise.
* java/net/URLClassLoader.java (SoURLLoader): Likewise.
* gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
ProtectionDomain.
If tryParents is false, don't scan parent class loaders.
* java/security/Permissions.java (PermissionsHash.implies):
Iterate over the collection and invoke implies() on each
element.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@95111
138bc75d-0d04-0410-961f-
82ee72b054a4
2005-02-16 Andrew Haley <aph@redhat.com>
+
+2005-02-08 Andrew Haley <aph@redhat.com>
+
+ * javax/security/auth/Subject.java (doAsPrivileged): If acc is
+ null, create a new AccessControlContext.
+ * java/security/SecureClassLoader.java (protectionDomainCache):
+ new field.
+ (defineClass): Create a new protection domain and add it to our
+ cache.
+
+ * java/rmi/server/UnicastRemoteObject.java (exportObject): Call
+ addStub() to keep track of the stub we've exported.
+ (unexportObject): Call deleteStub().
+ * java/rmi/server/RemoteObject.java (stubs): New field.
+ (addStub): New method.
+ (deleteStub): New method.
+ (toStub): Rewrite.
+
+ * java/lang/VMCompiler.java (loadSharedLibrary): Pass
+ true to findHelper (tryParents).
+ * gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
+ Likewise.
+ * java/net/URLClassLoader.java (SoURLLoader): Likewise.
+ * gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
+ ProtectionDomain.
+ If tryParents is false, don't scan parent class loaders.
+
+ * java/security/Permissions.java (PermissionsHash.implies):
+ Iterate over the collection and invoke implies() on each
+ element.
+
+2005-02-16 Andrew Haley <aph@redhat.com>
+
* gnu/gcj/runtime/PersistentByteMap.java (name, values, fc): new
fields.
(PersistentByteMap): Set name
* @parem flags passed to dlopen
*/
SharedLibHelper(String libname, ClassLoader parent, CodeSource source,
- int flags)
+ ProtectionDomain domain, int flags)
{
// FIXME: ask security manager first.
loader = parent;
baseName = libname;
- domain = new ProtectionDomain(source,
- Policy.getPolicy().getPermissions(source));
+ if (domain == null)
+ domain = new ProtectionDomain(source,
+ Policy.getPolicy().getPermissions(source));
+ this.domain = domain;
this.flags = flags;
}
}
public static SharedLibHelper findHelper (ClassLoader loader, String libname,
- CodeSource source)
+ CodeSource source, boolean tryParents)
+ {
+ return findHelper (loader, libname, source, null, tryParents);
+ }
+
+ public static SharedLibHelper findHelper (ClassLoader loader, String libname,
+ CodeSource source, ProtectionDomain domain,
+ boolean tryParents)
{
synchronized (map)
{
return result;
l = l.getParent();
}
- while (l != null);
+ while (tryParents && l != null);
}
}
}
return null;
}
}
- result = new SharedLibHelper(libname, loader, source, 0);
+ result = new SharedLibHelper(libname, loader, source, domain, 0);
s.add(new WeakReference(result));
return result;
}
url = null;
}
helper = SharedLibHelper.findHelper(this, libname,
- new CodeSource(url, null));
+ new CodeSource(url, null), true);
}
/** Load a shared library, and asociate a ClassLoader with it.
{
Class c = null;
SharedLibHelper helper
- = SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource());
+ = SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource(),
+ domain, false);
c = helper.findClass (className);
if (c != null)
{
{
super(classloader, url, overrideURL);
helper = SharedLibHelper.findHelper(classloader, url.getFile(),
- noCertCodeSource);
+ noCertCodeSource, true);
}
Class getClass(String className)
import java.rmi.NoSuchObjectException;
import java.rmi.Remote;
import java.rmi.UnmarshalException;
+import java.util.WeakHashMap;
public abstract class RemoteObject
implements Remote, Serializable {
protected transient RemoteRef ref;
+private static final WeakHashMap stubs = new WeakHashMap();
+
protected RemoteObject() {
this(null);
}
return (ref);
}
+synchronized static void addStub(Remote obj, Remote stub)
+{
+ stubs.put(obj, stub);
+}
+
+synchronized static void deleteStub(Remote obj)
+{
+ stubs.remove(obj);
+}
+
public static Remote toStub(Remote obj) throws NoSuchObjectException
{
- Class cls = obj.getClass();
- String classname = cls.getName();
- ClassLoader cl = cls.getClassLoader();
- try
- {
- Class scls = cl.loadClass(classname + "_Stub");
- // JDK 1.2 stubs
- Class[] stubprototype = new Class[] { RemoteRef.class };
- Constructor con = scls.getConstructor(stubprototype);
- return (Remote)(con.newInstance(new Object[]{obj}));
- }
- catch (Exception e) {}
- throw new NoSuchObjectException(obj.getClass().getName());
+ Remote stub = (Remote)stubs.get(obj);
+
+ if (stub == null)
+ throw new NoSuchObjectException(obj.getClass().getName());
+
+ return stub;
}
public int hashCode() {
{
sref = new UnicastServerRef(new ObjID (), port, ssf);
}
- return (sref.exportObject (obj));
+ Remote stub = sref.exportObject (obj);
+ addStub(obj, stub);
+ return stub;
}
/**
{
if (obj instanceof RemoteObject)
{
+ deleteStub(obj);
UnicastServerRef sref = (UnicastServerRef)((RemoteObject)obj).getRef();
return sref.unexportObject(obj, force);
}
else
- //FIX ME
- ;
+ {
+ //FIX ME
+ ;
+ }
return true;
}
* @param perm the permission to check
* @return true if it is implied
*/
+ // FIXME: Should this method be synchronized?
public boolean implies(Permission perm)
{
- return perms.get(perm) != null;
+ Enumeration elements = elements();
+
+ while (elements.hasMoreElements())
+ {
+ Permission p = (Permission)elements.nextElement();
+ if (p.implies(perm))
+ return true;
+ }
+ return false;
}
/**
*/
public class SecureClassLoader extends ClassLoader
{
+ java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap();
+
protected SecureClassLoader(ClassLoader parent)
{
super(parent);
protected final Class defineClass(String name, byte[] b, int off, int len,
CodeSource cs)
{
- // FIXME: Need to cache ProtectionDomains according to 1.3 docs.
if (cs != null)
{
- ProtectionDomain protectionDomain
- = new ProtectionDomain(cs, getPermissions(cs), this, null);
+ ProtectionDomain protectionDomain;
+
+ synchronized (protectionDomainCache)
+ {
+ protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs);
+ }
+
+ if (protectionDomain == null)
+ {
+ protectionDomain
+ = new ProtectionDomain(cs, getPermissions(cs), this, null);
+ synchronized (protectionDomainCache)
+ {
+ ProtectionDomain domain
+ = (ProtectionDomain)protectionDomainCache.get(cs);
+ if (domain == null)
+ protectionDomainCache.put(cs, protectionDomain);
+ else
+ protectionDomain = domain;
+ }
+ }
return super.defineClass(name, b, off, len, protectionDomain);
}
else
*/
public static Object doAsPrivileged (final Subject subject,
final PrivilegedExceptionAction action,
- final AccessControlContext acc)
+ AccessControlContext acc)
throws PrivilegedActionException
{
final SecurityManager sm = System.getSecurityManager();
{
sm.checkPermission (new AuthPermission ("doAsPrivileged"));
}
+ if (acc == null)
+ acc = new AccessControlContext (new java.security.ProtectionDomain[0]);
AccessControlContext context =
new AccessControlContext (acc, new SubjectDomainCombiner (subject));
return AccessController.doPrivileged (action, context);
OSDN Git Service
