[jboss-cvs] JBossAS SVN: r79034 - projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Oct 2 11:18:04 EDT 2008


Author: scott.stark at jboss.org
Date: 2008-10-02 11:18:04 -0400 (Thu, 02 Oct 2008)
New Revision: 79034

Modified:
   projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces/NamingContext.java
Log:
JBNAME-8, Isolate the creation of the MarshalledValuePair in a privileged block when running under a security manager so the following permissions can be isolated from the caller:
RuntimePermission("createClassLoader")
ReflectPermission("suppressAccessChecks")
SerializablePermission("enableSubstitution")


Modified: projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces/NamingContext.java
===================================================================
--- projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces/NamingContext.java	2008-10-02 15:17:01 UTC (rev 79033)
+++ projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces/NamingContext.java	2008-10-02 15:18:04 UTC (rev 79034)
@@ -24,9 +24,11 @@
 import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.io.ObjectInputStream;
+import java.io.SerializablePermission;
 import java.lang.ref.WeakReference;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.ReflectPermission;
 import java.net.DatagramPacket;
 import java.net.InetAddress;
 import java.net.MulticastSocket;
@@ -36,6 +38,9 @@
 import java.rmi.MarshalledObject;
 import java.rmi.NoSuchObjectException;
 import java.rmi.RemoteException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -534,8 +539,7 @@
          {
             if( obj != null )
                className = obj.getClass().getName();
-            // Normal object - serialize using a MarshalledValuePair
-            obj = new MarshalledValuePair(obj);
+            obj = createMarshalledValuePair(obj);
          }
          else
          {
@@ -608,7 +612,7 @@
                className = obj.getClass().getName();
 
             // Normal object - serialize using a MarshalledValuePair
-            obj = new MarshalledValuePair(obj);
+            obj = createMarshalledValuePair(obj);
          }
          else
          {
@@ -1304,6 +1308,47 @@
    // Private -------------------------------------------------------
 
    /**
+    * Isolate the creation of the MarshalledValuePair in a privileged block
+    * when running under a security manager so the following permissions can
+    * be isolated from the caller:
+    * RuntimePermission("createClassLoader")
+      ReflectPermission("suppressAccessChecks")
+      SerializablePermission("enableSubstitution")
+      @return the MarshalledValuePair wrapping obj
+    */
+   private Object createMarshalledValuePair(final Object obj)
+      throws IOException
+   {
+      MarshalledValuePair mvp = null;
+      SecurityManager sm = System.getSecurityManager();
+      if(sm != null)
+      {
+         try
+         {
+            mvp = AccessController.doPrivileged(new PrivilegedExceptionAction<MarshalledValuePair>()
+            {
+               public MarshalledValuePair run() throws Exception
+               {
+                  return new MarshalledValuePair(obj);
+               }
+            }
+            );
+         }
+         catch(PrivilegedActionException e)
+         {
+            IOException ioe = new IOException();
+            ioe.initCause(e.getException());
+            throw ioe;
+         }
+      }
+      else
+      {
+         mvp = new MarshalledValuePair(obj);
+      }
+      return mvp;
+   }
+
+   /**
     * Determine the form of the name to pass to the NamingManager operations.
     * This is supposed to be a context relative name according to the javaodcs
     * for NamingManager, but historically the absolute name of the target




More information about the jboss-cvs-commits mailing list