8009970: Several LoginModule classes need extra permission to load AuthResources
Reviewed-by: mullan
diff --git a/jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java b/jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java
index cb68cfc..b6b8660 100644
--- a/jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java
+++ b/jdk/src/share/classes/com/sun/security/auth/module/JndiLoginModule.java
@@ -32,8 +32,11 @@
import javax.naming.*;
import javax.naming.directory.*;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Map;
import java.util.LinkedList;
+import java.util.ResourceBundle;
import com.sun.security.auth.UnixPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
@@ -150,8 +153,14 @@
*/
public class JndiLoginModule implements LoginModule {
- static final java.util.ResourceBundle rb =
- java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+ private static final ResourceBundle rb = AccessController.doPrivileged(
+ new PrivilegedAction<ResourceBundle>() {
+ public ResourceBundle run() {
+ return ResourceBundle.getBundle(
+ "sun.security.util.AuthResources");
+ }
+ }
+ );
/** JNDI Provider */
public final String USER_PROVIDER = "user.provider.url";
diff --git a/jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java b/jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java
index e5d88cf..70f74d6 100644
--- a/jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java
+++ b/jdk/src/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java
@@ -30,22 +30,11 @@
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
-import java.security.AuthProvider;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.UnrecoverableKeyException;
+import java.security.*;
import java.security.cert.*;
+import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.Map;
+import java.util.*;
import javax.security.auth.Destroyable;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
@@ -123,8 +112,14 @@
*/
public class KeyStoreLoginModule implements LoginModule {
- static final java.util.ResourceBundle rb =
- java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+ private static final ResourceBundle rb = AccessController.doPrivileged(
+ new PrivilegedAction<ResourceBundle>() {
+ public ResourceBundle run() {
+ return ResourceBundle.getBundle(
+ "sun.security.util.AuthResources");
+ }
+ }
+ );
/* -- Fields -- */
diff --git a/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java b/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
index 719aeee..cd60c6a 100644
--- a/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
+++ b/jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
@@ -27,6 +27,8 @@
package com.sun.security.auth.module;
import java.io.*;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.*;
@@ -429,8 +431,14 @@
private static final String NAME = "javax.security.auth.login.name";
private static final String PWD = "javax.security.auth.login.password";
- static final java.util.ResourceBundle rb =
- java.util.ResourceBundle.getBundle("sun.security.util.AuthResources");
+ private static final ResourceBundle rb = AccessController.doPrivileged(
+ new PrivilegedAction<ResourceBundle>() {
+ public ResourceBundle run() {
+ return ResourceBundle.getBundle(
+ "sun.security.util.AuthResources");
+ }
+ }
+ );
/**
* Initialize this <code>LoginModule</code>.
