Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6761678

(ann) SecurityException in AnnotationInvocationHandler.getMemberMethods

    XMLWordPrintable

Details

    • b40
    • generic
    • generic
    • Not verified

    Backports

      Description

        As reported by Martin (http://mail.openjdk.java.net/pipermail/jdk6-dev/2008-October/000232.html):

        Description:

        sun/reflect/annotation/AnnotationInvocationHandler.java.getMemberMethods
        might throw if there is a security manager that does not allow
        getDeclaredMethods.

        The author of this code (Josh Bloch) confirms that the intent was for the
        doPrivileged block in this method to prevent security exceptions.
        The methods cannot escape to untrusted code.

        Evaluation:

        Yes. Fix provided courtesy of Toby Reyelts and Josh Bloch at Google.

        # HG changeset patch
        # User martin
        # Date 1224185752 25200
        # Node ID 68730f05449cd4f39ce1cb82adc6c4e57f87554f
        # Parent 214ebdcf7252d4862449fe0ae295e6c60a127315
        SecurityException in AnnotationInvocationHandler.getMemberMethods
        Summary: Move call to getDeclaredMethods inside doPrivileged
        Reviewed-by:
        Contributed-by: ###@###.###

        diff --git a/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java
        b/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java
        --- a/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java
        +++ b/src/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java
        @@ -272,14 +272,14 @@
              */
             private Method[] getMemberMethods() {
                 if (memberMethods == null) {
        - final Method[] mm = type.getDeclaredMethods();
        - AccessController.doPrivileged(new PrivilegedAction<Void>() {
        - public Void run() {
        - AccessibleObject.setAccessible(mm, true);
        - return null;
        - }
        - });
        - memberMethods = mm;
        + memberMethods = AccessController.doPrivileged(
        + new PrivilegedAction<Method[]>() {
        + public Method[] run() {
        + final Method[] mm = type.getDeclaredMethods();
        + AccessibleObject.setAccessible(mm, true);
        + return mm;
        + }
        + });
                 }
                 return memberMethods;
             }

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2211146 (ann) SecurityException in AnnotationInvocationHandler.getMemberMethods

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2213860 (ann) SecurityException in AnnotationInvocationHandler.getMemberMethods

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2168672 (ann) SecurityException in AnnotationInvocationHandler.getMemberMethods

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2213886 (ann) SecurityException in AnnotationInvocationHandler.getMemberMethods

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-6370080 (ann) Method.getAnnotations() sometimes throw SecurityException: doPrivileged or javadoc missing?

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-7080038 (ann) Serializable types in sun.reflect.annotation do not declare serialVersionUIDs

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Activity

              People

                darcy Joe Darcy
                darcy Joe Darcy
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: