[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cp-patches] Miscellaneous patches: RMI, AccessController, SharedLib
|
From: |
Mark Wielaard |
|
Subject: |
Re: [cp-patches] Miscellaneous patches: RMI, AccessController, SharedLibHelper, Permissions |
|
Date: |
Thu, 17 Feb 2005 01:37:55 +0100 |
Hi Andrew,
On Wed, 2005-02-16 at 18:47 +0000, Andrew Haley wrote:
> This is a batch of patches that I made while getting JOnAS to run on
> gcj.
Good stuff, very nice! Since I saw you already committed this to libgcj
I made sure to commit the parts that were relevant also to GNU Classpath
CVS:
2005-02-16 Andrew Haley <address@hidden>
* javax/security/auth/Subject.java (doAsPrivileged): If acc is
null, create a new AccessControlContext.
* java/security/SecureClassLoader.java (protectionDomainCache):
new field.
(defineClass): Create a new protection domain and add it to our
cache.
* java/rmi/server/UnicastRemoteObject.java (exportObject): Call
addStub() to keep track of the stub we've exported.
(unexportObject): Call deleteStub().
* java/rmi/server/RemoteObject.java (stubs): New field.
(addStub): New method.
(deleteStub): New method.
(toStub): Rewrite.
* java/security/Permissions.java (PermissionsHash.implies):
Iterate over the collection and invoke implies() on each
element.
Two questions though.
- Could you look at the review of the PermissionsHash.implies patch
http://lists.gnu.org/archive/html/classpath-patches/2005-02/msg00039.html
It explains how you can prevent the FIXME by checking the readonly flag.
- Should java.rmi.server.RemoteObject.toStub() be synchronized since it
acesses the WeakHashMap field stubs?
Thanks,
Mark
Index: javax/security/auth/Subject.java
===================================================================
RCS file: /cvsroot/classpath/classpath/javax/security/auth/Subject.java,v
retrieving revision 1.2
diff -u -r1.2 Subject.java
--- javax/security/auth/Subject.java 22 Oct 2004 17:15:58 -0000 1.2
+++ javax/security/auth/Subject.java 17 Feb 2005 00:28:32 -0000
@@ -235,7 +235,7 @@
*/
public static Object doAsPrivileged (final Subject subject,
final PrivilegedExceptionAction action,
- final AccessControlContext acc)
+ AccessControlContext acc)
throws PrivilegedActionException
{
final SecurityManager sm = System.getSecurityManager();
@@ -243,6 +243,8 @@
{
sm.checkPermission (new AuthPermission ("doAsPrivileged"));
}
+ if (acc == null)
+ acc = new AccessControlContext (new java.security.ProtectionDomain[0]);
AccessControlContext context =
new AccessControlContext (acc, new SubjectDomainCombiner (subject));
return AccessController.doPrivileged (action, context);
Index: java/security/SecureClassLoader.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/security/SecureClassLoader.java,v
retrieving revision 1.11
diff -u -r1.11 SecureClassLoader.java
--- java/security/SecureClassLoader.java 3 Jun 2004 06:43:11 -0000
1.11
+++ java/security/SecureClassLoader.java 17 Feb 2005 00:28:32 -0000
@@ -48,6 +48,8 @@
*/
public class SecureClassLoader extends ClassLoader
{
+ java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap();
+
protected SecureClassLoader(ClassLoader parent)
{
super(parent);
@@ -80,11 +82,29 @@
protected final Class defineClass(String name, byte[] b, int off, int len,
CodeSource cs)
{
- // FIXME: Need to cache ProtectionDomains according to 1.3 docs.
if (cs != null)
{
- ProtectionDomain protectionDomain
- = new ProtectionDomain(cs, getPermissions(cs), this, null);
+ ProtectionDomain protectionDomain;
+
+ synchronized (protectionDomainCache)
+ {
+ protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs);
+ }
+
+ if (protectionDomain == null)
+ {
+ protectionDomain
+ = new ProtectionDomain(cs, getPermissions(cs), this, null);
+ synchronized (protectionDomainCache)
+ {
+ ProtectionDomain domain
+ = (ProtectionDomain)protectionDomainCache.get(cs);
+ if (domain == null)
+ protectionDomainCache.put(cs, protectionDomain);
+ else
+ protectionDomain = domain;
+ }
+ }
return super.defineClass(name, b, off, len, protectionDomain);
}
else
Index: java/security/Permissions.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/security/Permissions.java,v
retrieving revision 1.11
diff -u -r1.11 Permissions.java
--- java/security/Permissions.java 16 Feb 2005 11:18:38 -0000 1.11
+++ java/security/Permissions.java 17 Feb 2005 00:28:32 -0000
@@ -227,9 +227,18 @@
* @param perm the permission to check
* @return true if it is implied
*/
+ // FIXME: Should this method be synchronized?
public boolean implies(Permission perm)
{
- return perms.get(perm) != null;
+ Enumeration elements = elements();
+
+ while (elements.hasMoreElements())
+ {
+ Permission p = (Permission)elements.nextElement();
+ if (p.implies(perm))
+ return true;
+ }
+ return false;
}
/**
Index: java/rmi/server/UnicastRemoteObject.java
===================================================================
RCS file:
/cvsroot/classpath/classpath/java/rmi/server/UnicastRemoteObject.java,v
retrieving revision 1.8
diff -u -r1.8 UnicastRemoteObject.java
--- java/rmi/server/UnicastRemoteObject.java 21 Oct 2004 20:14:51 -0000
1.8
+++ java/rmi/server/UnicastRemoteObject.java 17 Feb 2005 00:28:32 -0000
@@ -98,7 +98,9 @@
{
sref = new UnicastServerRef(new ObjID (), port, ssf);
}
- return (sref.exportObject (obj));
+ Remote stub = sref.exportObject (obj);
+ addStub(obj, stub);
+ return stub;
}
/**
@@ -116,12 +118,15 @@
{
if (obj instanceof RemoteObject)
{
+ deleteStub(obj);
UnicastServerRef sref = (UnicastServerRef)((RemoteObject)obj).getRef();
return sref.unexportObject(obj, force);
}
else
- //FIX ME
- ;
+ {
+ //FIX ME
+ ;
+ }
return true;
}
Index: java/rmi/server/RemoteObject.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/rmi/server/RemoteObject.java,v
retrieving revision 1.6
diff -u -r1.6 RemoteObject.java
--- java/rmi/server/RemoteObject.java 18 Jan 2005 09:52:43 -0000 1.6
+++ java/rmi/server/RemoteObject.java 17 Feb 2005 00:28:32 -0000
@@ -45,6 +45,7 @@
import java.rmi.NoSuchObjectException;
import java.rmi.Remote;
import java.rmi.UnmarshalException;
+import java.util.WeakHashMap;
public abstract class RemoteObject
implements Remote, Serializable {
@@ -53,6 +54,8 @@
protected transient RemoteRef ref;
+private static final WeakHashMap stubs = new WeakHashMap();
+
protected RemoteObject() {
this(null);
}
@@ -65,21 +68,24 @@
return (ref);
}
+synchronized static void addStub(Remote obj, Remote stub)
+{
+ stubs.put(obj, stub);
+}
+
+synchronized static void deleteStub(Remote obj)
+{
+ stubs.remove(obj);
+}
+
public static Remote toStub(Remote obj) throws NoSuchObjectException
{
- Class cls = obj.getClass();
- String classname = cls.getName();
- ClassLoader cl = cls.getClassLoader();
- try
- {
- Class scls = cl.loadClass(classname + "_Stub");
- // JDK 1.2 stubs
- Class[] stubprototype = new Class[] { RemoteRef.class };
- Constructor con = scls.getConstructor(stubprototype);
- return (Remote)(con.newInstance(new Object[]{obj}));
- }
- catch (Exception e) {}
- throw new NoSuchObjectException(obj.getClass().getName());
+ Remote stub = (Remote)stubs.get(obj);
+
+ if (stub == null)
+ throw new NoSuchObjectException(obj.getClass().getName());
+
+ return stub;
}
public int hashCode() {
signature.asc
Description: This is a digitally signed message part