/hg/release/icedtea6-1.7: 6 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed Jun 9 06:38:43 PDT 2010
changeset 812896ea3e87 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=812896ea3e87
author: Deepak Bhole <dbhole at redhat.com>
date: Thu May 06 17:35:36 2010 -0400
Fix rhbz# 524387 (javax.net.ssl.SSLKeyException: RSA premaster
secret error)
2010-05-06 Deepak Bhole <dbhole at redhat.com>
* rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
(checkPermission): Allow Runtime and Security permission (for
putProvider.SunJCE) if initiated for an https connection.
(inTrustedCallChain): New method. Returns if given class/method is
in the call chain, and everything upto there is trusted.
changeset 4789ea2af9b8 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=4789ea2af9b8
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jun 09 14:06:55 2010 +0100
Add imports missed in previous commit
2010-05-06 Deepak Bhole <dbhole at redhat.com>
* rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
Add imports missed in last commit.
changeset eb89812dff3e in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=eb89812dff3e
author: Andrew John Hughes <ahughes at redhat.com>
date: Wed Jun 09 14:09:37 2010 +0100
Fix path to JNLPSecurityManager in ChangeLog entry.
2010-06-09 Andrew John Hughes <ahughes at redhat.com>
* ChangeLog: Fix path of JNLPSecurityManager in
last-but-one entry.
changeset 24d8829cb8bc in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=24d8829cb8bc
author: Gary Benson <gbenson at redhat.com>
date: Fri May 07 12:02:50 2010 +0100
Remove a stray semicolon in JNLPSecurityManager.java.
2010-05-07 Gary Benson <gbenson at redhat.com>
* rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
Removed a stray semicolon.
changeset f407c48f5947 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=f407c48f5947
author: Deepak Bhole <dbhole at redhat.com>
date: Fri May 07 16:41:14 2010 -0400
Set context classloader for all threads in an applet's threadgroup
2010-05-07 Deepak Bhole <dbhole at redhat.com>
* rt/net/sourceforge/jnlp/Launcher.java
(setContextClassLoaderForAllThreads): Change to set context CL only
for given threadgroup. (launchApplication): Supply
threadgroup to setContextClassLoaderForAllThreads.
(createApplet): Same.
changeset 848713f58719 in /hg/release/icedtea6-1.7
details: http://icedtea.classpath.org/hg/release/icedtea6-1.7?cmd=changeset;node=848713f58719
author: Deepak Bhole <dbhole at redhat.com>
date: Fri May 07 16:57:27 2010 -0400
PR IcedTea/436: Close all applet threads on exit
2010-05-07 Deepak Bhole <dbhole at redhat.com>
PR icedtea/436:
* plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
(handleMessage): Don't print stack trace on InterruptedException.
(appletClose): Kill misbehaving applets that don't shut down
properly.
diffstat:
4 files changed, 105 insertions(+), 19 deletions(-)
ChangeLog | 39 +++++++++++
plugin/icedteanp/java/sun/applet/PluginAppletViewer.java | 9 ++
rt/net/sourceforge/jnlp/Launcher.java | 28 +++-----
rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java | 48 ++++++++++++++
diffs (216 lines):
diff -r f779c58329e1 -r 848713f58719 ChangeLog
--- a/ChangeLog Wed Apr 21 11:30:49 2010 -0400
+++ b/ChangeLog Fri May 07 16:57:27 2010 -0400
@@ -1,3 +1,42 @@ 2010-04-21 Deepak Bhole <dbhole at redhat.
+2010-05-07 Deepak Bhole <dbhole at redhat.com>
+
+ PR icedtea/436:
+ * plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
+ (handleMessage): Don't print stack trace on InterruptedException.
+ (appletClose): Kill misbehaving applets that don't shut down properly.
+
+2010-05-07 Deepak Bhole <dbhole at redhat.com>
+
+ * rt/net/sourceforge/jnlp/Launcher.java
+ (setContextClassLoaderForAllThreads): Change to set context CL only for
+ given threadgroup.
+ (launchApplication): Supply threadgroup to
+ setContextClassLoaderForAllThreads.
+ (createApplet): Same.
+
+2010-05-07 Gary Benson <gbenson at redhat.com>
+
+ * rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
+ Removed a stray semicolon.
+
+2010-06-09 Andrew John Hughes <ahughes at redhat.com>
+
+ * ChangeLog:
+ Fix path of JNLPSecurityManager in last-but-one entry.
+
+2010-05-06 Deepak Bhole <dbhole at redhat.com>
+
+ * rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java:
+ Add imports missed in last commit.
+
+2010-05-06 Deepak Bhole <dbhole at redhat.com>
+
+ * rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+ (checkPermission): Allow Runtime and Security permission (for
+ putProvider.SunJCE) if initiated for an https connection.
+ (inTrustedCallChain): New method. Returns if given class/method is
+ in the call chain, and everything upto there is trusted.
+
2010-04-21 Deepak Bhole <dbhole at redhat.com>
* plugin/icedteanp/IcedTeaNPPlugin.cc
diff -r f779c58329e1 -r 848713f58719 plugin/icedteanp/java/sun/applet/PluginAppletViewer.java
--- a/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java Wed Apr 21 11:30:49 2010 -0400
+++ b/plugin/icedteanp/java/sun/applet/PluginAppletViewer.java Fri May 07 16:57:27 2010 -0400
@@ -1,4 +1,4 @@
-/* VoidPluginCallRequest -- represent Java-to-JavaScript requests
+/* PluginAppletViewer -- Handles embedding of the applet panel
Copyright (C) 2008 Red Hat
This file is part of IcedTea.
@@ -735,7 +735,7 @@ import com.sun.jndi.toolkit.url.UrlUtil;
Thread.sleep(50);
wait += 50;
} catch (InterruptedException ie) {
- ie.printStackTrace();
+ // just wait
}
}
@@ -1605,9 +1605,14 @@ import com.sun.jndi.toolkit.url.UrlUtil;
{
public void run()
{
+ ThreadGroup tg = ((JNLPClassLoader) p.applet.getClass().getClassLoader()).getApplication().getThreadGroup();
+
appletShutdown(p);
appletPanels.removeElement(p);
dispose();
+
+ if (tg.activeCount() > 0)
+ tg.stop();
if (countApplets() == 0) {
appletSystemExit();
diff -r f779c58329e1 -r 848713f58719 rt/net/sourceforge/jnlp/Launcher.java
--- a/rt/net/sourceforge/jnlp/Launcher.java Wed Apr 21 11:30:49 2010 -0400
+++ b/rt/net/sourceforge/jnlp/Launcher.java Fri May 07 16:57:27 2010 -0400
@@ -442,7 +442,7 @@ public class Launcher {
Method main = mainClass.getDeclaredMethod("main", new Class[] {String[].class} );
String args[] = file.getApplication().getArguments();
- setContextClassLoaderForAllThreads(app.getClassLoader());
+ setContextClassLoaderForAllThreads(app.getThreadGroup(), app.getClassLoader());
if (splashScreen != null) {
if (splashScreen.isSplashScreenValid()) {
@@ -464,30 +464,24 @@ public class Launcher {
}
/**
- * Set the classloader as the context classloader for all threads. This is
- * required to make some applications work. For example, an application that
- * provides a custom Swing LnF may ask the swing thread to load resources
- * from their JNLP, which would only work if the Swing thread knows about
- * the JNLPClassLoader.
+ * Set the classloader as the context classloader for all threads in
+ * the given threadgroup. This is required to make some applications
+ * work. For example, an application that provides a custom Swing LnF
+ * may ask the swing thread to load resources from their JNLP, which
+ * would only work if the Swing thread knows about the JNLPClassLoader.
*
+ * @param tg The threadgroup for which the context classloader should be set
* @param classLoader the classloader to set as the context classloader
*/
- private void setContextClassLoaderForAllThreads(ClassLoader classLoader) {
- ThreadMXBean threadBean = ManagementFactory.getThreadMXBean();
- ThreadGroup root;
-
- root = Thread.currentThread().getThreadGroup();
- while (root.getParent() != null) {
- root = root.getParent();
- }
+ private void setContextClassLoaderForAllThreads(ThreadGroup tg, ClassLoader classLoader) {
/* be prepared for change in thread size */
- int threadCountGuess = threadBean.getThreadCount();
+ int threadCountGuess = tg.activeCount();
Thread[] threads;
do {
threadCountGuess = threadCountGuess * 2;
threads = new Thread[threadCountGuess];
- root.enumerate(threads, true);
+ tg.enumerate(threads, true);
} while (threads[threadCountGuess-1] != null);
@@ -595,7 +589,7 @@ public class Launcher {
group.setApplication(appletInstance);
loader.setApplication(appletInstance);
- setContextClassLoaderForAllThreads(appletInstance.getClassLoader());
+ setContextClassLoaderForAllThreads(appletInstance.getThreadGroup(), appletInstance.getClassLoader());
return appletInstance;
}
diff -r f779c58329e1 -r 848713f58719 rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
--- a/rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Wed Apr 21 11:30:49 2010 -0400
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Fri May 07 16:57:27 2010 -0400
@@ -23,10 +23,12 @@ import java.awt.event.WindowEvent;
import java.awt.event.WindowEvent;
import java.lang.ref.WeakReference;
import java.net.SocketPermission;
+import java.security.AllPermission;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
+import java.security.SecurityPermission;
import java.util.PropertyPermission;
import javax.swing.JWindow;
@@ -395,6 +397,24 @@ class JNLPSecurityManager extends Securi
// Everything else is denied
throw se;
+ } else if (perm instanceof SecurityPermission) {
+
+ // JCE's initialization requires putProviderProperty permission
+ if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
+ if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
+ return;
+ }
+ }
+
+ } else if (perm instanceof RuntimePermission) {
+
+ // KeyGenerator's init method requires internal spec access
+ if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
+ if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
+ return;
+ }
+ }
+
} else {
tmpPerm = perm;
}
@@ -419,6 +439,34 @@ class JNLPSecurityManager extends Securi
}
}
+ /**
+ * Returns weather the given class and method are in the current stack,
+ * and whether or not everything upto then is trusted
+ *
+ * @param className The name of the class to look for in the stack
+ * @param methodName The name of the method for the given class to look for in the stack
+ * @return Weather or not class::method() are in the chain, and everything upto there is trusted
+ */
+ private boolean inTrustedCallChain(String className, String methodName) {
+
+ StackTraceElement[] stack = Thread.currentThread().getStackTrace();
+
+ for (int i=0; i < stack.length; i++) {
+
+ // Everything up to the desired class/method must be trusted
+ if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) {
+ return false;
+ }
+
+ if (stack[i].getClassName().equals(className) &&
+ stack[i].getMethodName().equals(methodName)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
/**
* Asks the user whether or not to grant permission.
* @param perm the permission to be granted
More information about the distro-pkg-dev
mailing list