changeset 6296:0a3f502b1026

8008623: Better handling of MBeanServers Reviewed-by: dfuchs, dholmes, skoivu
author jbachorik
date Thu, 21 Mar 2013 09:26:55 +0100
parents 2c71b4f2104b
children 8ebdc80ffbc7 df597b1ebb4b
files src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
diffstat 3 files changed, 41 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java	Thu Mar 21 12:02:04 2013 +0400
+++ b/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java	Thu Mar 21 09:26:55 2013 +0100
@@ -1973,8 +1973,7 @@
          * does not add it to the list that is consulted by
          * ClassLoaderRepository.loadClass.
          */
-        final ModifiableClassLoaderRepository clr =
-                instantiator.getClassLoaderRepository();
+        final ModifiableClassLoaderRepository clr = getInstantiatorCLR();
         if (clr == null) {
             final RuntimeException wrapped =
                     new IllegalArgumentException(
@@ -2000,8 +1999,7 @@
          * Removes the  MBean from the default loader repository.
          */
         if (loader != server.getClass().getClassLoader()) {
-            final ModifiableClassLoaderRepository clr =
-                    instantiator.getClassLoaderRepository();
+            final ModifiableClassLoaderRepository clr = getInstantiatorCLR();
             if (clr != null) {
                 clr.removeClassLoader(logicalName);
             }
@@ -2060,5 +2058,12 @@
         return ResourceContext.NONE;
     }
 
-
+    private ModifiableClassLoaderRepository getInstantiatorCLR() {
+        return AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() {
+            @Override
+            public ModifiableClassLoaderRepository run() {
+                return instantiator != null ? instantiator.getClassLoaderRepository() : null;
+            }
+        });
+    }
 }
--- a/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java	Thu Mar 21 12:02:04 2013 +0400
+++ b/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java	Thu Mar 21 09:26:55 2013 +0100
@@ -32,6 +32,7 @@
 import java.io.ObjectInputStream;
 import java.security.AccessController;
 import java.security.Permission;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.util.List;
 import java.util.Set;
@@ -227,8 +228,16 @@
                 clr = new ClassLoaderRepositorySupport();
             instantiator = new MBeanInstantiator(clr);
         }
+
+        final MBeanInstantiator fInstantiator = instantiator;
         this.secureClr = new
-          SecureClassLoaderRepository(instantiator.getClassLoaderRepository());
+            SecureClassLoaderRepository(AccessController.doPrivileged(new PrivilegedAction<ClassLoaderRepository>() {
+                @Override
+                public ClassLoaderRepository run() {
+                    return fInstantiator.getClassLoaderRepository();
+                }
+            })
+        );
         if (delegate == null)
             delegate = new MBeanServerDelegateImpl();
         if (outer == null)
@@ -1242,8 +1251,14 @@
            class loader.  The ClassLoaderRepository knows how
            to handle that case.  */
         ClassLoader myLoader = outerShell.getClass().getClassLoader();
-        final ModifiableClassLoaderRepository loaders =
-            instantiator.getClassLoaderRepository();
+        final ModifiableClassLoaderRepository loaders = AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() {
+
+            @Override
+            public ModifiableClassLoaderRepository run() {
+                return instantiator.getClassLoaderRepository();
+            }
+        });
+
         if (loaders != null) {
             loaders.addClassLoader(myLoader);
 
--- a/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java	Thu Mar 21 12:02:04 2013 +0400
+++ b/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java	Thu Mar 21 09:26:55 2013 +0100
@@ -622,6 +622,7 @@
      * Return the Default Loader Repository used by this instantiator object.
      **/
     public ModifiableClassLoaderRepository getClassLoaderRepository() {
+        checkMBeanPermission((String)null, null, null, "getClassLoaderRepository");
         return clr;
     }
 
@@ -733,9 +734,19 @@
                                              String member,
                                              ObjectName objectName,
                                              String actions) {
+        if (clazz != null) {
+            checkMBeanPermission(clazz.getName(), member, objectName, actions);
+        }
+    }
+
+    private static void checkMBeanPermission(String classname,
+                                             String member,
+                                             ObjectName objectName,
+                                             String actions)
+        throws SecurityException {
         SecurityManager sm = System.getSecurityManager();
-        if (clazz != null && sm != null) {
-            Permission perm = new MBeanPermission(clazz.getName(),
+        if (sm != null) {
+            Permission perm = new MBeanPermission(classname,
                                                   member,
                                                   objectName,
                                                   actions);