Author: peter_firmstone Date: Mon Feb 22 03:55:08 2016 New Revision: 1731589
URL: http://svn.apache.org/viewvc?rev=1731589&view=rev Log: Critical patch: 1. Permission check performed during construction ensures necessary cache classes are loaded, to avoid Classloader deadlock once SecurityManager is in force. The deadlock occurs on a lock in JVM native code. 2. Permission getArg is called to ensure that lazy initialization state has been initialized prior to publication to another thread. Modified: river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java Modified: river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java URL: http://svn.apache.org/viewvc/river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java?rev=1731589&r1=1731588&r2=1731589&view=diff ============================================================================== --- river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java (original) +++ river/jtsk/trunk/src/org/apache/river/api/security/CombinerSecurityManager.java Mon Feb 22 03:55:08 2016 @@ -95,6 +95,7 @@ extends SecurityManager implements Cachi private final ProtectionDomain privilegedDomain; private final ThreadLocal<SecurityContext> threadContext; private final ThreadLocal<Boolean> inTrustedCodeRecursiveCall; + private final boolean constructed; private static boolean check(){ SecurityManager sm = System.getSecurityManager(); @@ -167,6 +168,10 @@ extends SecurityManager implements Cachi * since the lock used is a static class lock. This bug has been fixed * in jdk8(b15). */ + /* The following ensures the classes we need are loaded early to avoid + * class loading deadlock */ + checkPermission(createAccPerm, SMPrivilegedContext); + constructed = true; } @Override @@ -217,6 +222,7 @@ extends SecurityManager implements Cachi @Override public void checkPermission(Permission perm, Object context) throws SecurityException { if (perm == null ) throw new NullPointerException("Permission Collection null"); + perm.getActions(); // Ensure any lazy state has been instantiated before publication. AccessControlContext executionContext = null; SecurityContext securityContext = null; if (context instanceof AccessControlContext){ @@ -229,7 +235,7 @@ extends SecurityManager implements Cachi } threadContext.set(securityContext); // may be null. /* The next line speeds up permission checks related to this SecurityManager. */ - if ( SMPrivilegedContext.equals(executionContext) || + if ( constructed && SMPrivilegedContext.equals(executionContext) || SMConstructorContext.equals(executionContext)) return; // prevents endless loop in debug. // Checks if Permission has already been checked for this context. NavigableSet<Permission> checkedPerms = checked.get(context);