[jboss-cvs] JBossAS SVN: r79034 - projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Oct 2 11:18:04 EDT 2008
Author: scott.stark at jboss.org
Date: 2008-10-02 11:18:04 -0400 (Thu, 02 Oct 2008)
New Revision: 79034
Modified:
projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces/NamingContext.java
Log:
JBNAME-8, Isolate the creation of the MarshalledValuePair in a privileged block when running under a security manager so the following permissions can be isolated from the caller:
RuntimePermission("createClassLoader")
ReflectPermission("suppressAccessChecks")
SerializablePermission("enableSubstitution")
Modified: projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces/NamingContext.java
===================================================================
--- projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces/NamingContext.java 2008-10-02 15:17:01 UTC (rev 79033)
+++ projects/naming/trunk/jnpserver/src/main/java/org/jnp/interfaces/NamingContext.java 2008-10-02 15:18:04 UTC (rev 79034)
@@ -24,9 +24,11 @@
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
+import java.io.SerializablePermission;
import java.lang.ref.WeakReference;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.ReflectPermission;
import java.net.DatagramPacket;
import java.net.InetAddress;
import java.net.MulticastSocket;
@@ -36,6 +38,9 @@
import java.rmi.MarshalledObject;
import java.rmi.NoSuchObjectException;
import java.rmi.RemoteException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -534,8 +539,7 @@
{
if( obj != null )
className = obj.getClass().getName();
- // Normal object - serialize using a MarshalledValuePair
- obj = new MarshalledValuePair(obj);
+ obj = createMarshalledValuePair(obj);
}
else
{
@@ -608,7 +612,7 @@
className = obj.getClass().getName();
// Normal object - serialize using a MarshalledValuePair
- obj = new MarshalledValuePair(obj);
+ obj = createMarshalledValuePair(obj);
}
else
{
@@ -1304,6 +1308,47 @@
// Private -------------------------------------------------------
/**
+ * Isolate the creation of the MarshalledValuePair in a privileged block
+ * when running under a security manager so the following permissions can
+ * be isolated from the caller:
+ * RuntimePermission("createClassLoader")
+ ReflectPermission("suppressAccessChecks")
+ SerializablePermission("enableSubstitution")
+ @return the MarshalledValuePair wrapping obj
+ */
+ private Object createMarshalledValuePair(final Object obj)
+ throws IOException
+ {
+ MarshalledValuePair mvp = null;
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ {
+ try
+ {
+ mvp = AccessController.doPrivileged(new PrivilegedExceptionAction<MarshalledValuePair>()
+ {
+ public MarshalledValuePair run() throws Exception
+ {
+ return new MarshalledValuePair(obj);
+ }
+ }
+ );
+ }
+ catch(PrivilegedActionException e)
+ {
+ IOException ioe = new IOException();
+ ioe.initCause(e.getException());
+ throw ioe;
+ }
+ }
+ else
+ {
+ mvp = new MarshalledValuePair(obj);
+ }
+ return mvp;
+ }
+
+ /**
* Determine the form of the name to pass to the NamingManager operations.
* This is supposed to be a context relative name according to the javaodcs
* for NamingManager, but historically the absolute name of the target
More information about the jboss-cvs-commits
mailing list