--- a/src/share/classes/sun/rmi/registry/RegistryImpl.java Tue Nov 15 16:44:14 2011 -0800
+++ b/src/share/classes/sun/rmi/registry/RegistryImpl.java Wed Nov 16 13:14:57 2011 +0000
@@ -29,6 +29,7 @@ import java.util.Hashtable;
import java.util.Hashtable;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
+import java.io.FilePermission;
import java.io.IOException;
import java.net.*;
import java.rmi.*;
@@ -41,12 +42,12 @@ import java.security.AccessControlContex
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.CodeSource;
-import java.security.Policy;
+import java.security.Policy;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.PermissionCollection;
import java.security.Permissions;
-import java.security.ProtectionDomain;
+import java.security.ProtectionDomain;
import java.text.MessageFormat;
import sun.rmi.server.LoaderHandler;
import sun.rmi.server.UnicastServerRef;
@@ -54,7 +55,6 @@ import sun.rmi.transport.LiveRef;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.ObjectTable;
import sun.rmi.transport.Target;
-import sun.security.action.GetPropertyAction;
/**
* A "registry" exists on every node that allows RMI connections to
@@ -76,8 +76,10 @@ public class RegistryImpl extends java.r
/* indicate compatibility with JDK 1.1.x version of class */
private static final long serialVersionUID = 4666870661827494597L;
- private Hashtable bindings = new Hashtable(101);
- private static Hashtable allowedAccessCache = new Hashtable(3);
+ private Hashtable<String, Remote> bindings
+ = new Hashtable<String, Remote>(101);
+ private static Hashtable<InetAddress, InetAddress> allowedAccessCache
+ = new Hashtable<InetAddress, InetAddress>(3);
private static RegistryImpl registry;
private static ObjID id = new ObjID(ObjID.REGISTRY_ID);
@@ -129,7 +131,7 @@ public class RegistryImpl extends java.r
throws RemoteException, NotBoundException
{
synchronized (bindings) {
- Remote obj = (Remote)bindings.get(name);
+ Remote obj = bindings.get(name);
if (obj == null)
throw new NotBoundException(name);
return obj;
@@ -146,7 +148,7 @@ public class RegistryImpl extends java.r
{
checkAccess("Registry.bind");
synchronized (bindings) {
- Remote curr = (Remote)bindings.get(name);
+ Remote curr = bindings.get(name);
if (curr != null)
throw new AlreadyBoundException(name);
bindings.put(name, obj);
@@ -163,7 +165,7 @@ public class RegistryImpl extends java.r
{
checkAccess("Registry.unbind");
synchronized (bindings) {
- Remote obj = (Remote)bindings.get(name);
+ Remote obj = bindings.get(name);
if (obj == null)
throw new NotBoundException(name);
bindings.remove(name);
@@ -213,10 +215,9 @@ public class RegistryImpl extends java.r
InetAddress clientHost;
try {
- clientHost = (InetAddress)
- java.security.AccessController.doPrivileged(
- new java.security.PrivilegedExceptionAction() {
- public Object run()
+ clientHost = java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedExceptionAction<InetAddress>() {
+ public InetAddress run()
throws java.net.UnknownHostException
{
return InetAddress.getByName(clientHostName);
@@ -238,8 +239,8 @@ public class RegistryImpl extends java.r
final InetAddress finalClientHost = clientHost;
java.security.AccessController.doPrivileged(
- new java.security.PrivilegedExceptionAction() {
- public Object run() throws java.io.IOException {
+ new java.security.PrivilegedExceptionAction<Void>() {
+ public Void run() throws java.io.IOException {
/*
* if a ServerSocket can be bound to the client's
* address then that address must be local
@@ -334,19 +335,6 @@ public class RegistryImpl extends java.r
URL[] urls = sun.misc.URLClassPath.pathToURLs(envcp);
ClassLoader cl = new URLClassLoader(urls);
- String codebaseProperty = null;
- String prop = java.security.AccessController.doPrivileged(
- new GetPropertyAction("java.rmi.server.codebase"));
- if (prop != null && prop.trim().length() > 0) {
- codebaseProperty = prop;
- }
- URL[] codebaseURLs = null;
- if (codebaseProperty != null) {
- codebaseURLs = sun.misc.URLClassPath.pathToURLs(codebaseProperty);
- } else {
- codebaseURLs = new URL[0];
- }
-
/*
* Fix bugid 4242317: Classes defined by this class loader should
* be annotated with the value of the "java.rmi.server.codebase"
@@ -364,7 +352,7 @@ public class RegistryImpl extends java.r
public RegistryImpl run() throws RemoteException {
return new RegistryImpl(regPort);
}
- }, getAccessControlContext(codebaseURLs));
+ }, getAccessControlContext());
} catch (PrivilegedActionException ex) {
throw (RemoteException) ex.getException();
}
@@ -390,11 +378,11 @@ public class RegistryImpl extends java.r
}
/**
- * Generates an AccessControlContext from several URLs.
+ * Generates an AccessControlContext with minimal permissions.
* The approach used here is taken from the similar method
* getAccessControlContext() in the sun.applet.AppletPanel class.
*/
- private static AccessControlContext getAccessControlContext(URL[] urls) {
+ private static AccessControlContext getAccessControlContext() {
// begin with permissions granted to all code in current policy
PermissionCollection perms = AccessController.doPrivileged(
new java.security.PrivilegedAction<PermissionCollection>() {
@@ -419,17 +407,15 @@ public class RegistryImpl extends java.r
perms.add(new RuntimePermission("accessClassInPackage.sun.*"));
- // add permissions required to load from codebase URL path
- LoaderHandler.addPermissionsForURLs(urls, perms, false);
+ perms.add(new FilePermission("<<ALL FILES>>", "read"));
/*
* Create an AccessControlContext that consists of a single
* protection domain with only the permissions calculated above.
*/
ProtectionDomain pd = new ProtectionDomain(
- new CodeSource((urls.length > 0 ? urls[0] : null),
- (java.security.cert.Certificate[]) null),
- perms);
+ new CodeSource(null,
+ (java.security.cert.Certificate[]) null), perms);
return new AccessControlContext(new ProtectionDomain[] { pd });
}
}
--- a/src/share/classes/sun/rmi/server/LoaderHandler.java Tue Nov 15 16:44:14 2011 -0800
+++ b/src/share/classes/sun/rmi/server/LoaderHandler.java Wed Nov 16 13:14:57 2011 +0000
@@ -1028,7 +1028,7 @@ public final class LoaderHandler {
* loader. A given permission is only added to the collection if
* it is not already implied by the collection.
*/
- public static void addPermissionsForURLs(URL[] urls,
+ private static void addPermissionsForURLs(URL[] urls,
PermissionCollection perms,
boolean forLoader)
{
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/rmi/registry/readTest/readTest.java Wed Nov 16 13:14:57 2011 +0000
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.rmi.registry.Registry;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.RemoteException;
+import java.rmi.server.UnicastRemoteObject;
+
+
+public class readTest {
+
+ public static void main(String args[]) throws Exception {
+ int port = 7491;
+ try {
+ testPkg.Server obj = new testPkg.Server();
+ testPkg.Hello stub = (testPkg.Hello) UnicastRemoteObject.exportObject(obj, 0);
+ // Bind the remote object's stub in the registry
+ Registry registry = LocateRegistry.getRegistry(port);
+ registry.bind("Hello", stub);
+
+ System.err.println("Server ready");
+
+ // now, let's test client
+ testPkg.Client client = new testPkg.Client(port);
+ String testStubReturn = client.testStub();
+ if(!testStubReturn.equals(obj.hello)) {
+ throw new RuntimeException("Test Fails : unexpected string from stub call");
+ } else {
+ System.out.println("Test passed");
+ }
+ registry.unbind("Hello");
+
+ } catch (Exception e) {
+ System.err.println("Server exception: " + e.toString());
+ e.printStackTrace();
+ }
+
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/rmi/registry/readTest/readTest.sh Wed Nov 16 13:14:57 2011 +0000
@@ -0,0 +1,95 @@
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 7102369 7094468 7100592
+# @summary remove java.rmi.server.codebase property parsing from registyimpl
+# @run shell readTest.sh
+
+OS=`uname -s`
+case "$OS" in
+ SunOS | Linux )
+ PS=":"
+ FS="/"
+ FILEURL="file:"
+ ;;
+ Windows* | CYGWIN* )
+ PS=";"
+ FS="\\"
+ FILEURL="file:/"
+ ;;
+ * )
+ echo "Unrecognized system!"
+ exit 1;
+ ;;
+esac
+
+cp -r ${TESTSRC}${FS}* .
+${TESTJAVA}${FS}bin${FS}javac testPkg${FS}*java
+${TESTJAVA}${FS}bin${FS}javac readTest.java
+
+mkdir rmi_tmp
+RMIREG_OUT=rmi.out
+#start rmiregistry without any local classes on classpath
+cd rmi_tmp
+${TESTJAVA}${FS}bin${FS}rmiregistry 7491 > ..${FS}${RMIREG_OUT} 2>&1 &
+RMIREG_PID=$!
+# allow some time to start
+sleep 3
+cd ..
+
+# trailing / after code base is important for rmi codebase property.
+${TESTJAVA}${FS}bin${FS}java -Djava.rmi.server.codebase=${FILEURL}`pwd`/ readTest > OUT.TXT 2>&1 &
+TEST_PID=$!
+#bulk of testcase - let it run for a while
+sleep 5
+
+#we're done, kill processes first
+kill -9 ${RMIREG_PID} ${TEST_PID}
+sleep 3
+
+echo "Test output : "
+
+cat OUT.TXT
+echo "=============="
+echo "rmiregistry output : "
+cat ${RMIREG_OUT}
+echo "=============="
+
+grep "Server ready" OUT.TXT
+result1=$?
+grep "Test passed" OUT.TXT
+result2=$?
+
+if [ $result1 -eq 0 -a $result2 -eq 0 ]
+then
+ echo "Passed"
+ exitCode=0;
+else
+ echo "Failed"
+ exitCode=1
+fi
+rm -rf OUT.TXT ${RMIREG_OUT} rmi_tmp
+exit ${exitCode}
+
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/rmi/registry/readTest/testPkg/Client.java Wed Nov 16 13:14:57 2011 +0000
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package testPkg;
+
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+
+public class Client {
+ int port;
+
+ public Client(int p) {
+ port = p;
+ }
+
+ public String testStub() throws Exception {
+ try {
+ Registry registry = LocateRegistry.getRegistry(port);
+ Hello stub = (Hello) registry.lookup("Hello");
+ String response = stub.sayHello();
+ return response;
+ } catch (Exception e) {
+ System.err.println("Client exception: " + e.toString());
+ throw e;
+ }
+ }
+ }
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/rmi/registry/readTest/testPkg/Hello.java Wed Nov 16 13:14:57 2011 +0000
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package testPkg;
+
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+
+public interface Hello extends Remote {
+ String sayHello() throws RemoteException;
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/java/rmi/registry/readTest/testPkg/Server.java Wed Nov 16 13:14:57 2011 +0000
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package testPkg;
+
+public class Server implements Hello {
+
+ public String hello = "Hello, world!";
+
+ public Server() {}
+
+ public String sayHello() {
+ return hello;
+ }
+
+}