Author: ron.sigal(a)jboss.com Date: 2010-07-03 13:18:25 -0400 (Sat, 03 Jul 2010) New Revision: 5886 Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/InvokerRegistry.java Log: JBREM-1231: Added doSecurityCheck(). Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/InvokerRegistry.java =================================================================== --- remoting2/branches/2.x/src/main/org/jboss/remoting/InvokerRegistry.java 2010-07-03 17:16:08 UTC (rev 5885) +++ remoting2/branches/2.x/src/main/org/jboss/remoting/InvokerRegistry.java 2010-07-03 17:18:25 UTC (rev 5886) @@ -22,7 +22,6 @@ package org.jboss.remoting; - import org.jboss.logging.Logger; import org.jboss.remoting.serialization.ClassLoaderUtility; import org.jboss.remoting.transport.ClientFactory; @@ -69,6 +68,8 @@ private static final Map transportClientFactoryClasses = new HashMap(); private static final Map transportServerFactoryClasses = new HashMap(); + + private static final RuntimePermission INVOKER_REGISTRY_UPDATE_PERMISSION = new RuntimePermission("invokerRegistryUpdate"); /** * return an array of InvokerLocators that are local to this VM (server invokers) @@ -174,6 +175,7 @@ */ public static void registerInvokerFactories(String transport, Class clientFactory, Class serverFactory) { + doSecurityCheck(); synchronized (clientLock) { transportClientFactoryClasses.put(transport, clientFactory); @@ -191,6 +193,7 @@ */ public static void unregisterInvokerFactories(String transport) { + doSecurityCheck(); synchronized (clientLock) { transportClientFactoryClasses.remove(transport); @@ -203,6 +206,7 @@ public static void unregisterLocator(InvokerLocator locator) { + doSecurityCheck(); synchronized (serverLock) { serverLocators.remove(locator); @@ -230,6 +234,7 @@ */ public static void destroyClientInvoker(InvokerLocator locator, Map configuration) { + doSecurityCheck(); synchronized(clientLock) { if (trace) @@ -276,6 +281,8 @@ public static ClientInvoker createClientInvoker(InvokerLocator locator, Map configuration) throws Exception { + doSecurityCheck(); + if(locator == null) { throw new NullPointerException("locator cannot be null"); @@ -545,7 +552,7 @@ public static ServerInvoker createServerInvoker(InvokerLocator locator, Map configuration) throws Exception { - + doSecurityCheck(); ServerInvoker invoker = null; synchronized(serverLock) { @@ -568,6 +575,7 @@ public static void destroyServerInvoker(ServerInvoker invoker) { + doSecurityCheck(); if(invoker != null) { InvokerLocator locator = invoker.getLocator(); @@ -648,6 +656,7 @@ */ public static void updateServerInvokerLocator(InvokerLocator locator, InvokerLocator newLocator) { + doSecurityCheck(); synchronized (serverLock) { Object si = serverLocators.get(locator); @@ -669,6 +678,7 @@ */ public static boolean isSSLSupported(String transport) throws Exception { + doSecurityCheck(); boolean isSSLSupported = false; Class transportFactoryClass = null; try @@ -810,4 +820,17 @@ throw (NoSuchMethodException) e.getCause(); } } + + static private void doSecurityCheck() + { + // If there is no Security Manager, the issue is moot. + final SecurityManager sm = System.getSecurityManager(); + if (sm == null) + { + return; + } + + // If the calling code is not verifiably in Remoting, then require it to have InvokerRegistryUpdatePermission. + sm.checkPermission(INVOKER_REGISTRY_UPDATE_PERMISSION); + } }