You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2016/02/22 04:55:09 UTC

svn commit: r1731589 - /river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java

Author: peter_firmstone
Date: Mon Feb 22 03:55:08 2016
New Revision: 1731589

URL: http://svn.apache.org/viewvc?rev=1731589&view=rev
Log:
Critical patch:

1. Permission check performed during construction ensures necessary cache classes are loaded, to avoid Classloader deadlock once SecurityManager is in force.  The deadlock occurs on a lock in JVM native code.
2. Permission getArg is called to ensure that lazy initialization state has been initialized prior to publication to another thread.

Modified:
    river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java

Modified: river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java?rev=1731589&r1=1731588&r2=1731589&view=diff
==============================================================================
--- river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java (original)
+++ river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java Mon Feb 22 03:55:08 2016
@@ -95,6 +95,7 @@ extends SecurityManager implements Cachi
     private final ProtectionDomain privilegedDomain;
     private final ThreadLocal<SecurityContext> threadContext;
     private final ThreadLocal<Boolean> inTrustedCodeRecursiveCall;
+    private final boolean constructed;
     
     private static boolean check(){
         SecurityManager sm = System.getSecurityManager();
@@ -167,6 +168,10 @@ extends SecurityManager implements Cachi
          * since the lock used is a static class lock.  This bug has been fixed
          * in jdk8(b15).
          */
+	/* The following ensures the classes we need are loaded early to avoid
+	 * class loading deadlock */
+	checkPermission(createAccPerm, SMPrivilegedContext);
+	constructed = true;
     }
     
     @Override
@@ -217,6 +222,7 @@ extends SecurityManager implements Cachi
     @Override
     public void checkPermission(Permission perm, Object context) throws SecurityException {
         if (perm == null ) throw new NullPointerException("Permission Collection null");
+	perm.getActions(); // Ensure any lazy state has been instantiated before publication.
         AccessControlContext executionContext = null;
         SecurityContext securityContext = null;
 	if (context instanceof AccessControlContext){
@@ -229,7 +235,7 @@ extends SecurityManager implements Cachi
         }
         threadContext.set(securityContext); // may be null.
         /* The next line speeds up permission checks related to this SecurityManager. */
-        if ( SMPrivilegedContext.equals(executionContext) || 
+        if ( constructed && SMPrivilegedContext.equals(executionContext) || 
                 SMConstructorContext.equals(executionContext)) return; // prevents endless loop in debug.
         // Checks if Permission has already been checked for this context.
         NavigableSet<Permission> checkedPerms = checked.get(context);