From 18ace807b89e58b0c10f1c42385163e895e2df57 Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Thu, 23 Apr 2015 12:14:49 +0200 Subject: [PATCH] [#3680] Enabled SecurityManager results in ClassNotFoundError during io.netty.util.NetUtil initialization Motivation: When a SecurityManager is in place that preven reading the somaxconn file trying to bootstrap a channel later will result in a ClassNotFoundError. Modifications: - Reading the file in a privileged block. Result: No more ClassNotFoundError when a SecurityManager is in place. --- .../src/main/java/io/netty/util/NetUtil.java | 63 +++++++++++-------- 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/common/src/main/java/io/netty/util/NetUtil.java b/common/src/main/java/io/netty/util/NetUtil.java index 6df168bd7b..5830435f7b 100644 --- a/common/src/main/java/io/netty/util/NetUtil.java +++ b/common/src/main/java/io/netty/util/NetUtil.java @@ -29,6 +29,8 @@ import java.net.InetAddress; import java.net.NetworkInterface; import java.net.SocketException; import java.net.UnknownHostException; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; @@ -231,38 +233,45 @@ public final class NetUtil { LOOPBACK_IF = loopbackIface; LOCALHOST = loopbackAddr; - // Determine the default somaxconn (server socket backlog) value of the platform. - // The known defaults: - // - Windows NT Server 4.0+: 200 - // - Linux and Mac OS X: 128 - int somaxconn = PlatformDependent.isWindows() ? 200 : 128; - File file = new File("/proc/sys/net/core/somaxconn"); - if (file.exists()) { - BufferedReader in = null; - try { - in = new BufferedReader(new FileReader(file)); - somaxconn = Integer.parseInt(in.readLine()); - if (logger.isDebugEnabled()) { - logger.debug("{}: {}", file, somaxconn); - } - } catch (Exception e) { - logger.debug("Failed to get SOMAXCONN from: {}", file, e); - } finally { - if (in != null) { + // As a SecurityManager may prevent reading the somaxconn file we wrap this in a privileged block. + // + // See https://github.com/netty/netty/issues/3680 + SOMAXCONN = AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Integer run() { + // Determine the default somaxconn (server socket backlog) value of the platform. + // The known defaults: + // - Windows NT Server 4.0+: 200 + // - Linux and Mac OS X: 128 + int somaxconn = PlatformDependent.isWindows() ? 200 : 128; + File file = new File("/proc/sys/net/core/somaxconn"); + if (file.exists()) { + BufferedReader in = null; try { - in.close(); + in = new BufferedReader(new FileReader(file)); + somaxconn = Integer.parseInt(in.readLine()); + if (logger.isDebugEnabled()) { + logger.debug("{}: {}", file, somaxconn); + } } catch (Exception e) { - // Ignored. + logger.debug("Failed to get SOMAXCONN from: {}", file, e); + } finally { + if (in != null) { + try { + in.close(); + } catch (Exception e) { + // Ignored. + } + } + } + } else { + if (logger.isDebugEnabled()) { + logger.debug("{}: {} (non-existent)", file, somaxconn); } } + return somaxconn; } - } else { - if (logger.isDebugEnabled()) { - logger.debug("{}: {} (non-existent)", file, somaxconn); - } - } - - SOMAXCONN = somaxconn; + }); } /**