RFR[10]:8159526 Deprivilege jdk.httpserver
vyom tewari
vyom.tewari at oracle.com
Wed Sep 13 07:29:55 UTC 2017
On Tuesday 12 September 2017 09:16 PM, Sean Mullan wrote:
> On 9/12/17 4:06 AM, vyom tewari wrote:
>> Hi,
>>
>> Please review the below code change.
>>
>> BugId: https://bugs.openjdk.java.net/browse/JDK-8159526
>>
>> Webrev-1:
>> http://cr.openjdk.java.net/~vtewari/8159526/jdk/webrev/index.html
>
> Can you put the entry for jdk.httpserver after jdk.dynalink so you
> maintain the alphabetical ordering?
>
sure will do that.
> Also, are there any tests for the jdk.httpserver module that use the
> SecurityManager? It would be good to have at least one test that
> checks that it properly gets granted AllPermission when doing
> something security-sensitive (it seems like nothing should go wrong,
> but ...).
>
i found more then 70 entrys when i search jdk.httpserver in code base, i
will double check if we have any test which use the SecurityManager.
Vyom
> --Sean
>
>>
>> Webrev-2:
>> http://cr.openjdk.java.net/~vtewari/8159526/root/webrev/index.html
>>
>> Code change will De-privilege jdk.httpserver, we gave
>> "jdk.httpserver" all permission for now.
>>
>> Thanks,
>>
>> Vyom
>>
More information about the core-libs-dev
mailing list