diff --git a/jcl/src/java.base/share/classes/java/security/AccessControlContext.java b/jcl/src/java.base/share/classes/java/security/AccessControlContext.java index de86aff22a6..813971c7bd0 100644 --- a/jcl/src/java.base/share/classes/java/security/AccessControlContext.java +++ b/jcl/src/java.base/share/classes/java/security/AccessControlContext.java @@ -318,37 +318,53 @@ public AccessControlContext(ProtectionDomain[] fromContext) { } AccessControlContext(ProtectionDomain[] context, int authorizeState) { - super(); - switch (authorizeState) { - default: - // authorizeState can't be STATE_UNKNOWN, callerPD always is NULL - throw new IllegalArgumentException(); - case STATE_AUTHORIZED: - case STATE_NOT_AUTHORIZED: - break; - } - this.context = context; - this.authorizeState = authorizeState; - this.containPrivilegedContext = true; + this(context, null, null, authorizeState); } AccessControlContext(AccessControlContext acc, ProtectionDomain[] context, int authorizeState) { + this(context, null, acc, authorizeState); +} + +AccessControlContext(ProtectionDomain[] context, AccessControlContext parentAcc, AccessControlContext acc, int authorizeState) { super(); + boolean contextChanged = false; switch (authorizeState) { default: - // authorizeState can't be STATE_UNKNOWN, callerPD always is NULL + // authorizeState can't be STATE_UNKNOWN, callerPD is always NULL throw new IllegalArgumentException(); case STATE_AUTHORIZED: - if (null != acc) { - // inherit the domain combiner when authorized - this.domainCombiner = acc.domainCombiner; + if (acc != null) { + if (parentAcc == null) { + // inherit the domain combiner when authorized + this.domainCombiner = acc.domainCombiner; + } else { + // when parent combiner is not null, use parent combiner to combine the current context + DomainCombiner parentCombiner = parentAcc.getCombiner(); + if (parentCombiner != null) { + this.context = parentCombiner.combine(context, acc.context); + this.domainCombiner = parentCombiner; + } else { + this.context = combinePDObjs(context, acc.context); + this.domainCombiner = acc.domainCombiner; + } + contextChanged = true; + } + } else { + if (parentAcc != null) { + this.domainCombiner = parentAcc.domainCombiner; + this.nextStackAcc = parentAcc; + } } break; case STATE_NOT_AUTHORIZED: break; } - this.doPrivilegedAcc = acc; - this.context = context; + if (!contextChanged) { + this.context = context; + } + if (acc != null) { + this.doPrivilegedAcc = acc; + } this.authorizeState = authorizeState; this.containPrivilegedContext = true; } diff --git a/jcl/src/java.base/share/classes/java/security/AccessController.java b/jcl/src/java.base/share/classes/java/security/AccessController.java index 8bb613bccbb..1d6d133d90d 100644 --- a/jcl/src/java.base/share/classes/java/security/AccessController.java +++ b/jcl/src/java.base/share/classes/java/security/AccessController.java @@ -1096,13 +1096,9 @@ public static T doPrivilegedWithCombiner(PrivilegedExceptionAction action private static AccessControlContext doPrivilegedWithCombinerHelper(AccessControlContext context) { ProtectionDomain domain = getCallerPD(2); ProtectionDomain[] pdArray = (domain == null) ? null : new ProtectionDomain[] { domain }; - AccessControlContext fixedContext = new AccessControlContext(context, pdArray, getNewAuthorizedState(context, domain)); - if (context == null) { - AccessControlContext parentContext = getContextHelper(true); - fixedContext.domainCombiner = parentContext.domainCombiner; - fixedContext.nextStackAcc = parentContext; - } - return fixedContext; + AccessControlContext parentContext = getContextHelper(context == null); + + return new AccessControlContext(pdArray, parentContext, context, getNewAuthorizedState(context, domain)); } /*[ENDIF] JAVA_SPEC_VERSION < 24 */