changeset 23914:754ca74db76a

8026200: Enhance RowSet Factory Reviewed-by: alanb, skoivu
author lancea
date Fri, 25 Oct 2013 14:35:42 -0400
parents 049a0df69b88
children db277d7621af
files jdk/src/share/classes/com/sun/rowset/CachedRowSetImpl.java jdk/src/share/classes/com/sun/rowset/internal/CachedRowSetWriter.java jdk/src/share/classes/javax/sql/rowset/RowSetProvider.java jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java
diffstat 4 files changed, 68 insertions(+), 43 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/src/share/classes/com/sun/rowset/CachedRowSetImpl.java	Wed Jan 15 11:23:07 2014 +0800
+++ b/jdk/src/share/classes/com/sun/rowset/CachedRowSetImpl.java	Fri Oct 25 14:35:42 2013 -0400
@@ -37,6 +37,7 @@
 import javax.sql.rowset.serial.*;
 import com.sun.rowset.internal.*;
 import com.sun.rowset.providers.*;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * The standard implementation of the <code>CachedRowSet</code> interface.
@@ -2959,13 +2960,9 @@
                 // create new instance of the class
                 SQLData obj = null;
                 try {
-                    obj = (SQLData)c.newInstance();
-                } catch (java.lang.InstantiationException ex) {
-                    throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
-                    ex.getMessage()));
-                } catch (java.lang.IllegalAccessException ex) {
-                    throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
-                    ex.getMessage()));
+                    obj = (SQLData) ReflectUtil.newInstance(c);
+                } catch(Exception ex) {
+                    throw new SQLException("Unable to Instantiate: ", ex);
                 }
                 // get the attributes from the struct
                 Object attribs[] = s.getAttributes(map);
@@ -5710,13 +5707,9 @@
                 // create new instance of the class
                 SQLData obj = null;
                 try {
-                    obj = (SQLData)c.newInstance();
-                } catch (java.lang.InstantiationException ex) {
-                    throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
-                    ex.getMessage()));
-                } catch (java.lang.IllegalAccessException ex) {
-                    throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
-                    ex.getMessage()));
+                    obj = (SQLData) ReflectUtil.newInstance(c);
+                } catch(Exception ex) {
+                    throw new SQLException("Unable to Instantiate: ", ex);
                 }
                 // get the attributes from the struct
                 Object attribs[] = s.getAttributes(map);
--- a/jdk/src/share/classes/com/sun/rowset/internal/CachedRowSetWriter.java	Wed Jan 15 11:23:07 2014 +0800
+++ b/jdk/src/share/classes/com/sun/rowset/internal/CachedRowSetWriter.java	Fri Oct 25 14:35:42 2013 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@
 import javax.sql.*;
 import java.util.*;
 import java.io.*;
+import sun.reflect.misc.ReflectUtil;
 
 import com.sun.rowset.*;
 import java.text.MessageFormat;
@@ -572,13 +573,9 @@
                         // create new instance of the class
                         SQLData obj = null;
                         try {
-                            obj = (SQLData)c.newInstance();
-                        } catch (java.lang.InstantiationException ex) {
-                            throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
-                            ex.getMessage()));
-                        } catch (java.lang.IllegalAccessException ex) {
-                            throw new SQLException(MessageFormat.format(resBundle.handleGetObject("cachedrowsetimpl.unableins").toString(),
-                            ex.getMessage()));
+                            obj = (SQLData)ReflectUtil.newInstance(c);
+                        } catch (Exception ex) {
+                            throw new SQLException("Unable to Instantiate: ", ex);
                         }
                         // get the attributes from the struct
                         Object attribs[] = s.getAttributes(map);
--- a/jdk/src/share/classes/javax/sql/rowset/RowSetProvider.java	Wed Jan 15 11:23:07 2014 +0800
+++ b/jdk/src/share/classes/javax/sql/rowset/RowSetProvider.java	Fri Oct 25 14:35:42 2013 -0400
@@ -28,8 +28,11 @@
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.sql.SQLException;
+import java.util.PropertyPermission;
 import java.util.ServiceConfigurationError;
 import java.util.ServiceLoader;
+import javax.sql.rowset.spi.SyncFactoryException;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * A factory API that enables applications to obtain a
@@ -129,15 +132,11 @@
             factoryClassName = getSystemProperty(ROWSET_FACTORY_NAME);
             if (factoryClassName != null) {
                 trace("Found system property, value=" + factoryClassName);
-                factory = (RowSetFactory) getFactoryClass(factoryClassName, null, true).newInstance();
+                factory = (RowSetFactory) ReflectUtil.newInstance(getFactoryClass(factoryClassName, null, true));
             }
-        } catch (ClassNotFoundException e) {
-            throw new SQLException(
-                    "RowSetFactory: " + factoryClassName + " not found", e);
-        } catch (Exception e) {
-            throw new SQLException(
-                    "RowSetFactory: " + factoryClassName + " could not be instantiated: " + e,
-                    e);
+        }  catch (Exception e) {
+            throw new SQLException( "RowSetFactory: " + factoryClassName +
+                    " could not be instantiated: ", e);
         }
 
         // Check to see if we found the RowSetFactory via a System property
@@ -182,6 +181,16 @@
             throws SQLException {
 
         trace("***In newInstance()");
+
+        if(factoryClassName == null) {
+            throw new SQLException("Error: factoryClassName cannot be null");
+        }
+        try {
+            ReflectUtil.checkPackageAccess(factoryClassName);
+        } catch (java.security.AccessControlException e) {
+            throw new SQLException("Access Exception",e);
+        }
+
         try {
             Class<?> providerClass = getFactoryClass(factoryClassName, cl, false);
             RowSetFactory instance = (RowSetFactory) providerClass.newInstance();
@@ -291,8 +300,9 @@
                 public String run() {
                     return System.getProperty(propName);
                 }
-            });
+            }, null, new PropertyPermission(propName, "read"));
         } catch (SecurityException se) {
+            trace("error getting " + propName + ":  "+ se);
             if (debug) {
                 se.printStackTrace();
             }
--- a/jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java	Wed Jan 15 11:23:07 2014 +0800
+++ b/jdk/src/share/classes/javax/sql/rowset/spi/SyncFactory.java	Fri Oct 25 14:35:42 2013 -0400
@@ -37,8 +37,11 @@
 import java.io.FileNotFoundException;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 import javax.naming.*;
+import sun.reflect.misc.ReflectUtil;
 
 /**
  * The Service Provider Interface (SPI) mechanism that generates <code>SyncProvider</code>
@@ -329,7 +332,7 @@
         // Local implementation class names and keys from Properties
         // file, translate names into Class objects using Class.forName
         // and store mappings
-        Properties properties = new Properties();
+        final Properties properties = new Properties();
 
         if (implementations == null) {
             implementations = new Hashtable<>();
@@ -356,10 +359,11 @@
                         public String run() {
                             return System.getProperty("rowset.properties");
                         }
-                    }, null, new PropertyPermission("rowset.properties","read"));
+                    }, null, new PropertyPermission("rowset.properties", "read"));
                 } catch (Exception ex) {
+                    System.out.println("errorget rowset.properties: " + ex);
                     strRowsetProperties = null;
-                }
+                };
 
                 if (strRowsetProperties != null) {
                     // Load user's implementation of SyncProvider
@@ -380,14 +384,27 @@
 
                 ClassLoader cl = Thread.currentThread().getContextClassLoader();
 
-                try (InputStream stream =
-                         (cl == null) ? ClassLoader.getSystemResourceAsStream(ROWSET_PROPERTIES)
-                                      : cl.getResourceAsStream(ROWSET_PROPERTIES)) {
-                    if (stream == null) {
-                        throw new SyncFactoryException(
-                            "Resource " + ROWSET_PROPERTIES + " not found");
+                try {
+                    AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+                        try (InputStream stream = (cl == null) ?
+                                ClassLoader.getSystemResourceAsStream(ROWSET_PROPERTIES)
+                                : cl.getResourceAsStream(ROWSET_PROPERTIES)) {
+                            if (stream == null) {
+                                throw new SyncFactoryException("Resource " + ROWSET_PROPERTIES + " not found");
+                            }
+                            properties.load(stream);
+                        }
+                        return null;
+                    });
+                } catch (PrivilegedActionException ex) {
+                    Throwable e = ex.getException();
+                    if (e instanceof SyncFactoryException) {
+                      throw (SyncFactoryException) e;
+                    } else {
+                        SyncFactoryException sfe = new SyncFactoryException();
+                        sfe.initCause(ex.getException());
+                        throw sfe;
                     }
-                    properties.load(stream);
                 }
 
                 parseProperties(properties);
@@ -411,7 +428,7 @@
                     public String run() {
                         return System.getProperty(ROWSET_SYNC_PROVIDER);
                     }
-                }, null, new PropertyPermission(ROWSET_SYNC_PROVIDER,"read"));
+                }, null, new PropertyPermission(ROWSET_SYNC_PROVIDER, "read"));
             } catch (Exception ex) {
                 providerImpls = null;
             }
@@ -547,6 +564,14 @@
             return new com.sun.rowset.providers.RIOptimisticProvider();
         }
 
+        try {
+            ReflectUtil.checkPackageAccess(providerID);
+        } catch (java.security.AccessControlException e) {
+            SyncFactoryException sfe = new SyncFactoryException();
+            sfe.initCause(e);
+            throw sfe;
+        }
+
         // Attempt to invoke classname from registered SyncProvider list
         Class<?> c = null;
         try {
@@ -555,7 +580,7 @@
             /**
              * The SyncProvider implementation of the user will be in
              * the classpath. We need to find the ClassLoader which loads
-             * this SyncFactory and try to laod the SyncProvider class from
+             * this SyncFactory and try to load the SyncProvider class from
              * there.
              **/
             c = Class.forName(providerID, true, cl);