You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by gt...@apache.org on 2012/04/02 06:00:35 UTC
svn commit: r1308236 - in /river/jtsk/skunk/surrogate:
src/org/apache/river/container/ src/org/apache/river/container/classloading/
src/org/apache/river/container/liaison/ testfiles/
Author: gtrasuk
Date: Mon Apr 2 04:00:34 2012
New Revision: 1308236
URL: http://svn.apache.org/viewvc?rev=1308236&view=rev
Log:
Implemented privileged operations in the VirtualFileSystemClassLoader. Application now has implicit permission to access its classpath.
Modified:
river/jtsk/skunk/surrogate/src/org/apache/river/container/StarterServiceDeployer.java
river/jtsk/skunk/surrogate/src/org/apache/river/container/classloading/VirtualFileSystemClassLoader.java
river/jtsk/skunk/surrogate/src/org/apache/river/container/liaison/VirtualFileSystemConfiguration.java
river/jtsk/skunk/surrogate/testfiles/logging.properties
Modified: river/jtsk/skunk/surrogate/src/org/apache/river/container/StarterServiceDeployer.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/surrogate/src/org/apache/river/container/StarterServiceDeployer.java?rev=1308236&r1=1308235&r2=1308236&view=diff
==============================================================================
--- river/jtsk/skunk/surrogate/src/org/apache/river/container/StarterServiceDeployer.java (original)
+++ river/jtsk/skunk/surrogate/src/org/apache/river/container/StarterServiceDeployer.java Mon Apr 2 04:00:34 2012
@@ -28,6 +28,7 @@ import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URL;
+import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
@@ -226,6 +227,8 @@ public class StarterServiceDeployer {
}
grantPermissions(cl,
new Permission[] {new FilePermission(workingDir.getAbsolutePath(), Strings.READ)});
+ // Just to see if this is a security problem...
+ //grantPermissions(cl, new Permission[] { new AllPermission() });
Utils.logClassLoaderHierarchy(log, Level.FINE, this.getClass());
String configName = VirtualFileSystemConfiguration.class.getName();
invokeStatic(cl, configName,
Modified: river/jtsk/skunk/surrogate/src/org/apache/river/container/classloading/VirtualFileSystemClassLoader.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/surrogate/src/org/apache/river/container/classloading/VirtualFileSystemClassLoader.java?rev=1308236&r1=1308235&r2=1308236&view=diff
==============================================================================
--- river/jtsk/skunk/surrogate/src/org/apache/river/container/classloading/VirtualFileSystemClassLoader.java (original)
+++ river/jtsk/skunk/surrogate/src/org/apache/river/container/classloading/VirtualFileSystemClassLoader.java Mon Apr 2 04:00:34 2012
@@ -21,18 +21,21 @@ import java.io.IOException;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.CodeSource;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
+import net.jini.security.Security;
import org.apache.commons.vfs.FileObject;
import org.apache.commons.vfs.FileSystemException;
import org.apache.commons.vfs.FileUtil;
import org.apache.river.container.LocalizedRuntimeException;
import org.apache.river.container.MessageNames;
-import org.apache.river.container.Utils;
/**
@@ -89,7 +92,7 @@ public class VirtualFileSystemClassLoade
List<ClasspathFilter> filters = new ClasspathFilterBuilder().parseToFilters(classPath);
for (ClasspathFilter filter : filters) {
FileObject entryObject = fileRoot.resolveFile(filter.getJarName());
-
+
FileObject entryFileSystem =
fileRoot.getFileSystem().getFileSystemManager().createFileSystem(entryObject);
classpathEntries.add(new ClasspathEntry(filter, entryFileSystem));
@@ -107,28 +110,44 @@ public class VirtualFileSystemClassLoade
@return
*/
@Override
- public URL findResource(String name) {
+ public URL findResource(final String name) {
try {
- FileObject fo = findResourceFileObject(name);
- return fo == null ? null : fo.getURL();
- } catch (FileSystemException ex) {
+ return Security.doPrivileged(new PrivilegedExceptionAction<URL>() {
+
+ @Override
+ public URL run() throws Exception {
+ FileObject fo = findResourceFileObject(name);
+ return fo == null ? null : fo.getURL();
+ }
+ });
+
+ } catch (Exception ex) {
Logger.getLogger(VirtualFileSystemClassLoader.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
@Override
- public Enumeration<URL> findResources(String name) throws IOException {
- List<URL> urlList = new ArrayList<URL>();
- try {
- List<FileObject> foList = findResourceFileObjects(name);
- for (FileObject fo : foList) {
- urlList.add(fo.getURL());
+ public Enumeration<URL> findResources(final String name) throws IOException {
+
+ Enumeration result =
+ Security.doPrivileged(new PrivilegedAction<Enumeration>() {
+
+ public Enumeration run() {
+ List<URL> urlList = new ArrayList<URL>();
+ try {
+
+ List<FileObject> foList = findResourceFileObjects(name);
+ for (FileObject fo : foList) {
+ urlList.add(fo.getURL());
+ }
+ } catch (FileSystemException ex) {
+ Logger.getLogger(VirtualFileSystemClassLoader.class.getName()).log(Level.SEVERE, null, ex);
+ }
+ return Collections.enumeration(urlList);
}
- } catch (FileSystemException ex) {
- Logger.getLogger(VirtualFileSystemClassLoader.class.getName()).log(Level.SEVERE, null, ex);
- }
- return Collections.enumeration(urlList);
+ });
+ return result;
}
/**
@@ -175,17 +194,27 @@ public class VirtualFileSystemClassLoade
}
@Override
- protected Class<?> findClass(String name) throws ClassNotFoundException {
- String resourceName = classToResourceName(name);
- FileObject resourceFileObject = findResourceFileObject(resourceName);
- if (resourceFileObject == null) {
- throw new ClassNotFoundException(name + "(" + resourceName + ")");
- }
+ protected Class<?> findClass(final String name) throws ClassNotFoundException {
try {
- byte[] bytes = FileUtil.getContent(resourceFileObject);
- return defineClass(name, bytes, 0, bytes.length);
- } catch (IOException ioe) {
- throw new ClassNotFoundException(name, ioe);
+ return Security.doPrivileged(new PrivilegedExceptionAction<Class>() {
+
+ public Class run() throws ClassNotFoundException {
+ String resourceName = classToResourceName(name);
+ FileObject resourceFileObject = findResourceFileObject(resourceName);
+ if (resourceFileObject == null) {
+ throw new ClassNotFoundException(name + "(" + resourceName + ")");
+ }
+ try {
+ byte[] bytes = FileUtil.getContent(resourceFileObject);
+ return defineClass(name, bytes, 0, bytes.length);
+ } catch (IOException ioe) {
+ throw new ClassNotFoundException(name, ioe);
+ }
+
+ }
+ });
+ } catch (PrivilegedActionException ex) {
+ throw (ClassNotFoundException) ex.getException();
}
}
@@ -230,7 +259,7 @@ public class VirtualFileSystemClassLoade
public String toString() {
StringBuffer listString = new StringBuffer();
listString.append(format(classpathEntries));
-
+
listString.append(", codebase [");
URL[] urlArray = getURLs();
for (int i = 0; i < urlArray.length; i++) {
@@ -240,18 +269,19 @@ public class VirtualFileSystemClassLoade
listString.append("]");
return listString.toString();
}
+
public static String format(List<ClasspathEntry> items) {
if (items == null) {
return "null";
}
StringBuffer sb = new StringBuffer();
sb.append("[");
- boolean first=true;
- for (Object o: items) {
+ boolean first = true;
+ for (Object o : items) {
if (!first) {
sb.append(", ");
} else {
- first=false;
+ first = false;
}
sb.append("'");
sb.append(o.toString());
@@ -261,5 +291,4 @@ public class VirtualFileSystemClassLoade
return sb.toString();
}
-
}
Modified: river/jtsk/skunk/surrogate/src/org/apache/river/container/liaison/VirtualFileSystemConfiguration.java
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/surrogate/src/org/apache/river/container/liaison/VirtualFileSystemConfiguration.java?rev=1308236&r1=1308235&r2=1308236&view=diff
==============================================================================
--- river/jtsk/skunk/surrogate/src/org/apache/river/container/liaison/VirtualFileSystemConfiguration.java (original)
+++ river/jtsk/skunk/surrogate/src/org/apache/river/container/liaison/VirtualFileSystemConfiguration.java Mon Apr 2 04:00:34 2012
@@ -43,6 +43,8 @@ import org.apache.commons.vfs.VFS;
public class VirtualFileSystemConfiguration
implements Configuration {
+ private static final Logger log=Logger.getLogger(VirtualFileSystemConfiguration.class.getName());
+
private static FileObject rootDirectory = null;
private static Map<String, Object> specialEntries =
new HashMap<String, Object>();
@@ -72,6 +74,7 @@ public class VirtualFileSystemConfigurat
So, we have to instead throw an exception that is part of the
jre platform.
*/
+ log.log(Level.SEVERE, "Problem setting working directory", ex);
throw new RuntimeException(ex.getMessage());
}
Modified: river/jtsk/skunk/surrogate/testfiles/logging.properties
URL: http://svn.apache.org/viewvc/river/jtsk/skunk/surrogate/testfiles/logging.properties?rev=1308236&r1=1308235&r2=1308236&view=diff
==============================================================================
--- river/jtsk/skunk/surrogate/testfiles/logging.properties (original)
+++ river/jtsk/skunk/surrogate/testfiles/logging.properties Mon Apr 2 04:00:34 2012
@@ -53,3 +53,4 @@ org.apache.river.container.level = FINER
org.apache.river.container.AnnotatedClassDeployer.level=FINER
org.apache.river.container.ShowContextToConsole.level=INFO
net.jini.config.level=FINE
+org.apache.river.container.security.ContainerCodePolicy.level=INFO
\ No newline at end of file