Java Code Examples for sun.reflect.misc.ReflectUtil#needsPackageAccessCheck()
The following examples show how to use
sun.reflect.misc.ReflectUtil#needsPackageAccessCheck() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Class.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
private void checkPackageAccess(final ClassLoader ccl, boolean checkProxyInterfaces) {
final SecurityManager s = System.getSecurityManager();
if (s != null) {
final ClassLoader cl = getClassLoader0();
if (ReflectUtil.needsPackageAccessCheck(ccl, cl)) {
String name = this.getName();
int i = name.lastIndexOf('.');
if (i != -1) {
// skip the package access check on a proxy class in default proxy package
String pkg = name.substring(0, i);
if (!Proxy.isProxyClass(this) || ReflectUtil.isNonPublicProxyClass(this)) {
s.checkPackageAccess(pkg);
}
}
}
// check package access on the proxy interfaces
if (checkProxyInterfaces && Proxy.isProxyClass(this)) {
ReflectUtil.checkProxyPackageAccess(ccl, this.getInterfaces());
}
}
}
Example 2
| Source File: SerialJavaObject.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an array of <code>Field</code> objects that contains each
* field of the object that this helper class is serializing.
*
* @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing
* the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/
@CallerSensitive
public Field[] getFields() throws SerialException {
if (fields != null) {
Class<?> c = this.obj.getClass();
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
/*
* Check if the caller is allowed to access the specified class's package.
* If access is denied, throw a SecurityException.
*/
Class<?> caller = sun.reflect.Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
c.getClassLoader())) {
ReflectUtil.checkPackageAccess(c);
}
}
return c.getFields();
} else {
throw new SerialException("SerialJavaObject does not contain" +
" a serialized object instance");
}
}
Example 3
| Source File: SerialJavaObject.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an array of <code>Field</code> objects that contains each
* field of the object that this helper class is serializing.
*
* @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing
* the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/
@CallerSensitive
public Field[] getFields() throws SerialException {
if (fields != null) {
Class<?> c = this.obj.getClass();
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
/*
* Check if the caller is allowed to access the specified class's package.
* If access is denied, throw a SecurityException.
*/
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
c.getClassLoader())) {
ReflectUtil.checkPackageAccess(c);
}
}
return c.getFields();
} else {
throw new SerialException("SerialJavaObject does not contain" +
" a serialized object instance");
}
}
Example 4
| Source File: Class.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
private void checkPackageAccess(final ClassLoader ccl, boolean checkProxyInterfaces) {
final SecurityManager s = System.getSecurityManager();
if (s != null) {
final ClassLoader cl = getClassLoader0();
if (ReflectUtil.needsPackageAccessCheck(ccl, cl)) {
String name = this.getName();
int i = name.lastIndexOf('.');
if (i != -1) {
// skip the package access check on a proxy class in default proxy package
String pkg = name.substring(0, i);
if (!Proxy.isProxyClass(this) || ReflectUtil.isNonPublicProxyClass(this)) {
s.checkPackageAccess(pkg);
}
}
}
// check package access on the proxy interfaces
if (checkProxyInterfaces && Proxy.isProxyClass(this)) {
ReflectUtil.checkProxyPackageAccess(ccl, this.getInterfaces());
}
}
}
Example 5
| Source File: SerialJavaObject.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an array of <code>Field</code> objects that contains each
* field of the object that this helper class is serializing.
*
* @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing
* the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/
@CallerSensitive
public Field[] getFields() throws SerialException {
if (fields != null) {
Class<?> c = this.obj.getClass();
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
/*
* Check if the caller is allowed to access the specified class's package.
* If access is denied, throw a SecurityException.
*/
Class<?> caller = sun.reflect.Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
c.getClassLoader())) {
ReflectUtil.checkPackageAccess(c);
}
}
return c.getFields();
} else {
throw new SerialException("SerialJavaObject does not contain" +
" a serialized object instance");
}
}
Example 6
| Source File: SerialJavaObject.java From Java8CN with Apache License 2.0 | 6 votes |
|
/**
* Returns an array of <code>Field</code> objects that contains each
* field of the object that this helper class is serializing.
*
* @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing
* the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/
@CallerSensitive
public Field[] getFields() throws SerialException {
if (fields != null) {
Class<?> c = this.obj.getClass();
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
/*
* Check if the caller is allowed to access the specified class's package.
* If access is denied, throw a SecurityException.
*/
Class<?> caller = sun.reflect.Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
c.getClassLoader())) {
ReflectUtil.checkPackageAccess(c);
}
}
return c.getFields();
} else {
throw new SerialException("SerialJavaObject does not contain" +
" a serialized object instance");
}
}
Example 7
| Source File: Proxy.java From jdk-1.7-annotated with Apache License 2.0 | 6 votes |
|
/**
* Returns the invocation handler for the specified proxy instance.
*
* @param proxy the proxy instance to return the invocation handler for
* @return the invocation handler for the proxy instance
* @throws IllegalArgumentException if the argument is not a
* proxy instance
*/
@CallerSensitive
public static InvocationHandler getInvocationHandler(Object proxy)
throws IllegalArgumentException
{
/*
* Verify that the object is actually a proxy instance.
*/
if (!isProxyClass(proxy.getClass())) {
throw new IllegalArgumentException("not a proxy instance");
}
final Proxy p = (Proxy) proxy;
final InvocationHandler ih = p.h;
if (System.getSecurityManager() != null) {
Class<?> ihClass = ih.getClass();
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
ihClass.getClassLoader()))
{
ReflectUtil.checkPackageAccess(ihClass);
}
}
return ih;
}
Example 8
| Source File: SerialJavaObject.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an array of <code>Field</code> objects that contains each
* field of the object that this helper class is serializing.
*
* @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing
* the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/
@CallerSensitive
public Field[] getFields() throws SerialException {
if (fields != null) {
Class<?> c = this.obj.getClass();
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
/*
* Check if the caller is allowed to access the specified class's package.
* If access is denied, throw a SecurityException.
*/
Class<?> caller = sun.reflect.Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
c.getClassLoader())) {
ReflectUtil.checkPackageAccess(c);
}
}
return c.getFields();
} else {
throw new SerialException("SerialJavaObject does not contain" +
" a serialized object instance");
}
}
Example 9
| Source File: Proxy.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns the invocation handler for the specified proxy instance.
*
* @param proxy the proxy instance to return the invocation handler for
* @return the invocation handler for the proxy instance
* @throws IllegalArgumentException if the argument is not a
* proxy instance
* @throws SecurityException if a security manager, <em>s</em>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the invocation handler
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the invocation
* handler's class.
*/
@CallerSensitive
public static InvocationHandler getInvocationHandler(Object proxy)
throws IllegalArgumentException
{
/*
* Verify that the object is actually a proxy instance.
*/
if (!isProxyClass(proxy.getClass())) {
throw new IllegalArgumentException("not a proxy instance");
}
final Proxy p = (Proxy) proxy;
final InvocationHandler ih = p.h;
if (System.getSecurityManager() != null) {
Class<?> ihClass = ih.getClass();
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
ihClass.getClassLoader()))
{
ReflectUtil.checkPackageAccess(ihClass);
}
}
return ih;
}
Example 10
| Source File: Proxy.java From Bytecoder with Apache License 2.0 | 6 votes |
|
/**
* Returns the invocation handler for the specified proxy instance.
*
* @param proxy the proxy instance to return the invocation handler for
* @return the invocation handler for the proxy instance
* @throws IllegalArgumentException if the argument is not a
* proxy instance
* @throws SecurityException if a security manager, <em>s</em>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the invocation handler
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the invocation
* handler's class.
*/
@CallerSensitive
public static InvocationHandler getInvocationHandler(Object proxy)
throws IllegalArgumentException
{
/*
* Verify that the object is actually a proxy instance.
*/
if (!isProxyClass(proxy.getClass())) {
throw new IllegalArgumentException("not a proxy instance");
}
final Proxy p = (Proxy) proxy;
final InvocationHandler ih = p.h;
if (System.getSecurityManager() != null) {
Class<?> ihClass = ih.getClass();
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
ihClass.getClassLoader()))
{
ReflectUtil.checkPackageAccess(ihClass);
}
}
return ih;
}
Example 11
| Source File: Proxy.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns the invocation handler for the specified proxy instance.
*
* @param proxy the proxy instance to return the invocation handler for
* @return the invocation handler for the proxy instance
* @throws IllegalArgumentException if the argument is not a
* proxy instance
* @throws SecurityException if a security manager, <em>s</em>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the invocation handler
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the invocation
* handler's class.
*/
@CallerSensitive
public static InvocationHandler getInvocationHandler(Object proxy)
throws IllegalArgumentException
{
/*
* Verify that the object is actually a proxy instance.
*/
if (!isProxyClass(proxy.getClass())) {
throw new IllegalArgumentException("not a proxy instance");
}
final Proxy p = (Proxy) proxy;
final InvocationHandler ih = p.h;
if (System.getSecurityManager() != null) {
Class<?> ihClass = ih.getClass();
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
ihClass.getClassLoader()))
{
ReflectUtil.checkPackageAccess(ihClass);
}
}
return ih;
}
Example 12
| Source File: SerialJavaObject.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an array of <code>Field</code> objects that contains each
* field of the object that this helper class is serializing.
*
* @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing
* the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/
@CallerSensitive
public Field[] getFields() throws SerialException {
if (fields != null) {
Class<?> c = this.obj.getClass();
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
/*
* Check if the caller is allowed to access the specified class's package.
* If access is denied, throw a SecurityException.
*/
Class<?> caller = sun.reflect.Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
c.getClassLoader())) {
ReflectUtil.checkPackageAccess(c);
}
}
return c.getFields();
} else {
throw new SerialException("SerialJavaObject does not contain" +
" a serialized object instance");
}
}
Example 13
| Source File: SerialJavaObject.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns an array of <code>Field</code> objects that contains each
* field of the object that this helper class is serializing.
*
* @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing
* the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/
@CallerSensitive
public Field[] getFields() throws SerialException {
if (fields != null) {
Class<?> c = this.obj.getClass();
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
/*
* Check if the caller is allowed to access the specified class's package.
* If access is denied, throw a SecurityException.
*/
Class<?> caller = sun.reflect.Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
c.getClassLoader())) {
ReflectUtil.checkPackageAccess(c);
}
}
return c.getFields();
} else {
throw new SerialException("SerialJavaObject does not contain" +
" a serialized object instance");
}
}
Example 14
| Source File: ObjectStreamClass.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the class in the local VM that this version is mapped to. Null
* is returned if there is no corresponding local class.
*
* @return the <code>Class</code> instance that this descriptor represents
*/
@CallerSensitive
public Class<?> forClass() {
if (cl == null) {
return null;
}
if (System.getSecurityManager() != null) {
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) {
ReflectUtil.checkPackageAccess(cl);
}
}
return cl;
}
Example 15
| Source File: ObjectStreamField.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Get the type of the field. If the type is non-primitive and this
* <code>ObjectStreamField</code> was obtained from a deserialized {@link
* ObjectStreamClass} instance, then <code>Object.class</code> is returned.
* Otherwise, the <code>Class</code> object for the type of the field is
* returned.
*
* @return a <code>Class</code> object representing the type of the
* serializable field
*/
@CallerSensitive
public Class<?> getType() {
if (System.getSecurityManager() != null) {
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), type.getClassLoader())) {
ReflectUtil.checkPackageAccess(type);
}
}
return type;
}
Example 16
| Source File: ObjectStreamField.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Get the type of the field. If the type is non-primitive and this
* <code>ObjectStreamField</code> was obtained from a deserialized {@link
* ObjectStreamClass} instance, then <code>Object.class</code> is returned.
* Otherwise, the <code>Class</code> object for the type of the field is
* returned.
*
* @return a <code>Class</code> object representing the type of the
* serializable field
*/
@CallerSensitive
public Class<?> getType() {
if (System.getSecurityManager() != null) {
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), type.getClassLoader())) {
ReflectUtil.checkPackageAccess(type);
}
}
return type;
}
Example 17
| Source File: ObjectStreamField.java From Java8CN with Apache License 2.0 | 5 votes |
|
/**
* Get the type of the field. If the type is non-primitive and this
* <code>ObjectStreamField</code> was obtained from a deserialized {@link
* ObjectStreamClass} instance, then <code>Object.class</code> is returned.
* Otherwise, the <code>Class</code> object for the type of the field is
* returned.
*
* @return a <code>Class</code> object representing the type of the
* serializable field
*/
@CallerSensitive
public Class<?> getType() {
if (System.getSecurityManager() != null) {
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), type.getClassLoader())) {
ReflectUtil.checkPackageAccess(type);
}
}
return type;
}
Example 18
| Source File: ObjectStreamClass.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Return the class in the local VM that this version is mapped to. Null
* is returned if there is no corresponding local class.
*
* @return the <code>Class</code> instance that this descriptor represents
*/
@CallerSensitive
public Class<?> forClass() {
if (cl == null) {
return null;
}
if (System.getSecurityManager() != null) {
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) {
ReflectUtil.checkPackageAccess(cl);
}
}
return cl;
}
Example 19
| Source File: ObjectStreamClass.java From jdk1.8-source-analysis with Apache License 2.0 | 5 votes |
|
/**
* Return the class in the local VM that this version is mapped to. Null
* is returned if there is no corresponding local class.
*
* @return the <code>Class</code> instance that this descriptor represents
*/
@CallerSensitive
public Class<?> forClass() {
if (cl == null) {
return null;
}
requireInitialized();
if (System.getSecurityManager() != null) {
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) {
ReflectUtil.checkPackageAccess(cl);
}
}
return cl;
}
Example 20
| Source File: ObjectStreamClass.java From jdk-1.7-annotated with Apache License 2.0 | 5 votes |
|
/**
* Return the class in the local VM that this version is mapped to. Null
* is returned if there is no corresponding local class.
*
* @return the <code>Class</code> instance that this descriptor represents
*/
@CallerSensitive
public Class<?> forClass() {
if (cl == null) {
return null;
}
if (System.getSecurityManager() != null) {
Class<?> caller = Reflection.getCallerClass();
if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), cl.getClassLoader())) {
ReflectUtil.checkPackageAccess(cl);
}
}
return cl;
}
