RFR[10]:8159526 Deprivilege jdk.httpserver

vyom tewari vyom.tewari at oracle.com
Wed Sep 13 07:29:55 UTC 2017



On Tuesday 12 September 2017 09:16 PM, Sean Mullan wrote:
> On 9/12/17 4:06 AM, vyom tewari wrote:
>> Hi,
>>
>> Please review the below code change.
>>
>> BugId: https://bugs.openjdk.java.net/browse/JDK-8159526
>>
>> Webrev-1: 
>> http://cr.openjdk.java.net/~vtewari/8159526/jdk/webrev/index.html
>
> Can you put the entry for jdk.httpserver after jdk.dynalink so you 
> maintain the alphabetical ordering?
>
sure will do that.
> Also, are there any tests for the jdk.httpserver module that use the 
> SecurityManager? It would be good to have at least one test that 
> checks that it properly gets granted AllPermission when doing 
> something security-sensitive (it seems like nothing should go wrong, 
> but ...).
>
i found more then 70 entrys when i search jdk.httpserver in code base, i 
will double check if we have any test which use the SecurityManager.

Vyom
> --Sean
>
>>
>> Webrev-2: 
>> http://cr.openjdk.java.net/~vtewari/8159526/root/webrev/index.html
>>
>> Code change will De-privilege jdk.httpserver, we gave 
>> "jdk.httpserver" all permission for now.
>>
>> Thanks,
>>
>> Vyom
>>



More information about the core-libs-dev mailing list