Mon, 22 Jul 2013 19:38:08 -0700
8017196: Ensure Proxies are handled appropriately
Reviewed-by: dfuchs, jrose, jdn, ahgross, chegar
1.1 --- a/src/share/classes/com/sun/corba/se/impl/presentation/rmi/InvocationHandlerFactoryImpl.java Mon Jul 22 13:59:51 2013 +0100 1.2 +++ b/src/share/classes/com/sun/corba/se/impl/presentation/rmi/InvocationHandlerFactoryImpl.java Mon Jul 22 19:38:08 2013 -0700 1.3 @@ -43,6 +43,8 @@ 1.4 import com.sun.corba.se.spi.orbutil.proxy.DelegateInvocationHandlerImpl ; 1.5 import com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandler ; 1.6 import com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl ; 1.7 +import java.security.AccessController; 1.8 +import java.security.PrivilegedAction; 1.9 1.10 public class InvocationHandlerFactoryImpl implements InvocationHandlerFactory 1.11 { 1.12 @@ -114,24 +116,32 @@ 1.13 // which extends org.omg.CORBA.Object. This handler delegates all 1.14 // calls directly to a DynamicStubImpl, which extends 1.15 // org.omg.CORBA.portable.ObjectImpl. 1.16 - InvocationHandler dynamicStubHandler = 1.17 + final InvocationHandler dynamicStubHandler = 1.18 DelegateInvocationHandlerImpl.create( stub ) ; 1.19 1.20 // Create an invocation handler that handles any remote interface 1.21 // methods. 1.22 - InvocationHandler stubMethodHandler = new StubInvocationHandlerImpl( 1.23 + final InvocationHandler stubMethodHandler = new StubInvocationHandlerImpl( 1.24 pm, classData, stub ) ; 1.25 1.26 // Create a composite handler that handles the DynamicStub interface 1.27 // as well as the remote interfaces. 1.28 final CompositeInvocationHandler handler = 1.29 new CustomCompositeInvocationHandlerImpl( stub ) ; 1.30 + 1.31 + AccessController.doPrivileged(new PrivilegedAction<Void>() { 1.32 + @Override 1.33 + public Void run() { 1.34 handler.addInvocationHandler( DynamicStub.class, 1.35 dynamicStubHandler ) ; 1.36 handler.addInvocationHandler( org.omg.CORBA.Object.class, 1.37 dynamicStubHandler ) ; 1.38 handler.addInvocationHandler( Object.class, 1.39 dynamicStubHandler ) ; 1.40 + return null; 1.41 + } 1.42 + }); 1.43 + 1.44 1.45 // If the method passed to invoke is not from DynamicStub or its superclasses, 1.46 // it must be from an implemented interface, so we just handle
2.1 --- a/src/share/classes/com/sun/corba/se/spi/orbutil/proxy/CompositeInvocationHandlerImpl.java Mon Jul 22 13:59:51 2013 +0100 2.2 +++ b/src/share/classes/com/sun/corba/se/spi/orbutil/proxy/CompositeInvocationHandlerImpl.java Mon Jul 22 19:38:08 2013 -0700 2.3 @@ -36,6 +36,7 @@ 2.4 2.5 import com.sun.corba.se.spi.logging.CORBALogDomains ; 2.6 import com.sun.corba.se.impl.logging.ORBUtilSystemException ; 2.7 +import com.sun.corba.se.impl.presentation.rmi.DynamicAccessPermission; 2.8 2.9 public class CompositeInvocationHandlerImpl implements 2.10 CompositeInvocationHandler 2.11 @@ -46,11 +47,13 @@ 2.12 public void addInvocationHandler( Class interf, 2.13 InvocationHandler handler ) 2.14 { 2.15 + checkAccess(); 2.16 classToInvocationHandler.put( interf, handler ) ; 2.17 } 2.18 2.19 public void setDefaultHandler( InvocationHandler handler ) 2.20 { 2.21 + checkAccess(); 2.22 defaultHandler = handler ; 2.23 } 2.24 2.25 @@ -78,4 +81,12 @@ 2.26 2.27 return handler.invoke( proxy, method, args ) ; 2.28 } 2.29 + 2.30 + private static final DynamicAccessPermission perm = new DynamicAccessPermission("access"); 2.31 + private void checkAccess() { 2.32 + final SecurityManager sm = System.getSecurityManager(); 2.33 + if (sm != null) { 2.34 + sm.checkPermission(perm); 2.35 } 2.36 + } 2.37 +}