changeset 13254:28d4d67065ab

8199177: Enhance JNDI lookups Reviewed-by: vtewari
author robm
date Tue, 10 Jul 2018 16:56:22 +0100
parents c1cffa411ed5
children 2db6890a9567
files src/share/classes/com/sun/naming/internal/VersionHelper12.java
diffstat 1 files changed, 27 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/naming/internal/VersionHelper12.java	Tue Jul 10 16:20:45 2018 +0300
+++ b/src/share/classes/com/sun/naming/internal/VersionHelper12.java	Tue Jul 10 16:56:22 2018 +0100
@@ -62,6 +62,25 @@
     }
 
     /**
+     * Determines whether classes may be loaded from an arbitrary URL code base.
+     */
+    private static final String TRUST_URL_CODEBASE_PROPERTY =
+            "com.sun.jndi.ldap.object.trustURLCodebase";
+    private static final String trustURLCodebase =
+            AccessController.doPrivileged(
+                new PrivilegedAction<String>() {
+                    public String run() {
+                        try {
+                        return System.getProperty(TRUST_URL_CODEBASE_PROPERTY,
+                            "false");
+                        } catch (SecurityException e) {
+                        return "false";
+                        }
+                    }
+                }
+            );
+
+    /**
      * Package private.
      *
      * This internal method is used with Thread Context Class Loader (TCCL),
@@ -79,12 +98,15 @@
      */
     public Class<?> loadClass(String className, String codebase)
             throws ClassNotFoundException, MalformedURLException {
+        if ("true".equalsIgnoreCase(trustURLCodebase)) {
+            ClassLoader parent = getContextClassLoader();
+            ClassLoader cl =
+                    URLClassLoader.newInstance(getUrlArray(codebase), parent);
 
-        ClassLoader parent = getContextClassLoader();
-        ClassLoader cl =
-                 URLClassLoader.newInstance(getUrlArray(codebase), parent);
-
-        return loadClass(className, cl);
+            return loadClass(className, cl);
+        } else {
+            return null;
+        }
     }
 
     String getJndiProperty(final int i) {