changeset 8439:3f85c96eafcc

8022931: Enhance Kerberos exceptions Reviewed-by: xuelei, ahgross
author weijun
date Wed, 14 Aug 2013 15:25:16 +0800
parents 31010ca3da3e
children 50bdb9577b27
files src/share/classes/javax/security/auth/kerberos/KeyTab.java
diffstat 1 files changed, 16 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/javax/security/auth/kerberos/KeyTab.java	Thu Aug 15 21:44:35 2013 +0100
+++ b/src/share/classes/javax/security/auth/kerberos/KeyTab.java	Wed Aug 14 15:25:16 2013 +0800
@@ -26,6 +26,7 @@
 package javax.security.auth.kerberos;
 
 import java.io.File;
+import java.security.AccessControlException;
 import java.util.Objects;
 import sun.security.krb5.EncryptionKey;
 import sun.security.krb5.KerberosSecrets;
@@ -214,9 +215,22 @@
         return new KeyTab(princ, null, true);
     }
 
-    //Takes a snapshot of the keytab content
+    // Takes a snapshot of the keytab content. This method is called by
+    // JavaxSecurityAuthKerberosAccessImpl so no more private
     sun.security.krb5.internal.ktab.KeyTab takeSnapshot() {
-        return sun.security.krb5.internal.ktab.KeyTab.getInstance(file);
+        try {
+            return sun.security.krb5.internal.ktab.KeyTab.getInstance(file);
+        } catch (AccessControlException ace) {
+            if (file != null) {
+                // It's OK to show the name if caller specified it
+                throw ace;
+            } else {
+                AccessControlException ace2 = new AccessControlException(
+                        "Access to default keytab denied (modified exception)");
+                ace2.setStackTrace(ace.getStackTrace());
+                throw ace2;
+            }
+        }
     }
 
     /**