You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2016/02/22 04:55:09 UTC
svn commit: r1731589 -
/river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
Author: peter_firmstone
Date: Mon Feb 22 03:55:08 2016
New Revision: 1731589
URL: http://svn.apache.org/viewvc?rev=1731589&view=rev
Log:
Critical patch:
1. Permission check performed during construction ensures necessary cache classes are loaded, to avoid Classloader deadlock once SecurityManager is in force. The deadlock occurs on a lock in JVM native code.
2. Permission getArg is called to ensure that lazy initialization state has been initialized prior to publication to another thread.
Modified:
river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
Modified: river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java?rev=1731589&r1=1731588&r2=1731589&view=diff
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java (original)
+++ river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java Mon Feb 22 03:55:08 2016
@@ -95,6 +95,7 @@ extends SecurityManager implements Cachi
private final ProtectionDomain privilegedDomain;
private final ThreadLocal<SecurityContext> threadContext;
private final ThreadLocal<Boolean> inTrustedCodeRecursiveCall;
+ private final boolean constructed;
private static boolean check(){
SecurityManager sm = System.getSecurityManager();
@@ -167,6 +168,10 @@ extends SecurityManager implements Cachi
* since the lock used is a static class lock. This bug has been fixed
* in jdk8(b15).
*/
+ /* The following ensures the classes we need are loaded early to avoid
+ * class loading deadlock */
+ checkPermission(createAccPerm, SMPrivilegedContext);
+ constructed = true;
}
@Override
@@ -217,6 +222,7 @@ extends SecurityManager implements Cachi
@Override
public void checkPermission(Permission perm, Object context) throws SecurityException {
if (perm == null ) throw new NullPointerException("Permission Collection null");
+ perm.getActions(); // Ensure any lazy state has been instantiated before publication.
AccessControlContext executionContext = null;
SecurityContext securityContext = null;
if (context instanceof AccessControlContext){
@@ -229,7 +235,7 @@ extends SecurityManager implements Cachi
}
threadContext.set(securityContext); // may be null.
/* The next line speeds up permission checks related to this SecurityManager. */
- if ( SMPrivilegedContext.equals(executionContext) ||
+ if ( constructed && SMPrivilegedContext.equals(executionContext) ||
SMConstructorContext.equals(executionContext)) return; // prevents endless loop in debug.
// Checks if Permission has already been checked for this context.
NavigableSet<Permission> checkedPerms = checked.get(context);