changeset 8060:3470101fae58

8009970: Several LoginModule classes need extra permission to load AuthResources Reviewed-by: mullan
author weijun
date Sat, 23 Mar 2013 11:49:28 +0800
parents 518d6087e01f
children ed63cace1d30
files src/share/classes/com/sun/security/auth/module/JndiLoginModule.java src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
diffstat 3 files changed, 32 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java	Fri Mar 22 15:01:24 2013 +0100
+++ b/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java	Sat Mar 23 11:49:28 2013 +0800
@@ -32,8 +32,11 @@
 import javax.naming.*;
 import javax.naming.directory.*;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.LinkedList;
+import java.util.ResourceBundle;
 
 import com.sun.security.auth.UnixPrincipal;
 import com.sun.security.auth.UnixNumericUserPrincipal;
@@ -150,8 +153,14 @@
  */
 public class JndiLoginModule implements LoginModule {
 
-    static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+    private static final ResourceBundle rb = AccessController.doPrivileged(
+            new PrivilegedAction<ResourceBundle>() {
+                public ResourceBundle run() {
+                    return ResourceBundle.getBundle(
+                            "sun.security.util.AuthResources");
+                }
+            }
+    );
 
     /** JNDI Provider */
     public final String USER_PROVIDER = "user.provider.url";
--- a/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java	Fri Mar 22 15:01:24 2013 +0100
+++ b/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java	Sat Mar 23 11:49:28 2013 +0800
@@ -30,22 +30,11 @@
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.security.AuthProvider;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.UnrecoverableKeyException;
+import java.security.*;
 import java.security.cert.*;
+import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.Map;
+import java.util.*;
 import javax.security.auth.Destroyable;
 import javax.security.auth.DestroyFailedException;
 import javax.security.auth.Subject;
@@ -123,8 +112,14 @@
  */
 public class KeyStoreLoginModule implements LoginModule {
 
-   static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+    private static final ResourceBundle rb = AccessController.doPrivileged(
+            new PrivilegedAction<ResourceBundle>() {
+                public ResourceBundle run() {
+                    return ResourceBundle.getBundle(
+                            "sun.security.util.AuthResources");
+                }
+            }
+    );
 
     /* -- Fields -- */
 
--- a/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Fri Mar 22 15:01:24 2013 +0100
+++ b/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java	Sat Mar 23 11:49:28 2013 +0800
@@ -27,6 +27,8 @@
 package com.sun.security.auth.module;
 
 import java.io.*;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.text.MessageFormat;
 import java.util.*;
 
@@ -429,8 +431,14 @@
 
     private static final String NAME = "javax.security.auth.login.name";
     private static final String PWD = "javax.security.auth.login.password";
-    static final java.util.ResourceBundle rb =
-        java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+    private static final ResourceBundle rb = AccessController.doPrivileged(
+            new PrivilegedAction<ResourceBundle>() {
+                public ResourceBundle run() {
+                    return ResourceBundle.getBundle(
+                            "sun.security.util.AuthResources");
+                }
+            }
+    );
 
     /**
      * Initialize this <code>LoginModule</code>.