RFR 8064924: Update java.net.URL to work with modules
Chris Hegarty
chris.hegarty at oracle.com
Wed Feb 4 16:19:19 UTC 2015
On 04/02/15 16:01, Peter Levart wrote:
> On 02/04/2015 04:45 PM, Alan Bateman wrote:
>> On 04/02/2015 15:10, Weijun Wang wrote:
>>> It should be checked, otherwise a non-initialized parent object comes
>>> into being.
>> In general then permission checks in constructors are a bad idea but
>> we have an established idiom that has the no-arg constructor invoking
>> a static method that does the permission check.
>>
>> -Alan
>
> There is an alternative. The
> com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.checkMBeanTrustPermission(Class<?>)
> checks the permission without running any code of the class.
I did look at checking the permission of the impl class, but with
service loader this would have to be done after the instance is created,
which in itself should not be a big issue here as the provider would not
be used by java.net.URL, but the side-effect is that we end up creating
an instance that will not be used.
> But if
> verify-er checks constructor flow then this is as good as proposed.
I am happy that the verifier will catch this. This is an established
idiom that has been used in other, more sensitive, areas.
I'll see if I can prove this with an out-of-order compilation, or something.
-Chris.
More information about the core-libs-dev
mailing list