[core-libs] RFR (L): 8010319: Implementation of JEP 181: Nest-Based Access Control
mandy chung
mandy.chung at oracle.com
Mon May 21 21:47:41 UTC 2018
On 5/20/18 10:57 PM, David Holmes wrote:
>
>> - I suspect the @throws SecurityException in getNestMembers was
>> copied from getNestHost as it uses "returned class" (singular).
>
> It refers to "If any returned class ..." and "that returned class". I
> don't see any problematic singular uses - can you elaborate please.
>
>> As the host and members are in the same runtime package then maybe it
>> can be specified in terms of the host or members package?
>
> I'm not sure how to accurately formulate that. The current wording was
> based on similar @throws in getEnclosingClass, as suggested by Mandy:
>
> http://mail.openjdk.java.net/pipermail/valhalla-dev/2018-March/003955.html
>
>
> and then refined a little.
@throws SecurityException in my version suggested to refer to "the
current class". I see your version referring to "the returned class"
which is what Alan commented on. getNestMembers returns more than one class.
What about:
@throws SecurityException if this class is not in the nest of itself,
and if a security manager, <i>s</i>, is present and the caller'sclass
loader is not the same as or an ancestor of the nest of thisclass and
invocation of {@linkSecurityManager#checkPackageAccess
s.checkPackageAccess()}denies access to the package of the nest of class.
The above can apply to both getNestHost and getNestMembers.
The javadoc can also explicitly state that "Classes in the same nest,
i.e. nest host and nest members, are in the same runtime package."
Mandy
More information about the core-libs-dev
mailing list