[core-libs] RFR (L): 8010319: Implementation of JEP 181: Nest-Based Access Control
mandy chung
mandy.chung at oracle.com
Tue May 22 01:32:04 UTC 2018
On 5/21/18 5:48 PM, David Holmes wrote:
> http://mail.openjdk.java.net/pipermail/valhalla-dev/2018-March/003971.html
>
>
> and as I responded to Alan, for getNestMembers() it doesn't say "the
> returned class" it says "any returned class" and "that returned
> class". There is no singular/plural ambiguity.
Ah. I was not able to connect "any returned class" and "that returned
class" in my first read. I now see "that returned class" refers to one
class.
>
>> What about:
>> @throws SecurityException if this class is not in the nest of itself,
>
> I think you mean if the class is in a nest consisting solely of itself?
>
Yes.
> But that seems convoluted to me regardless. The existing statements
> are extremely clear IMHO:
>
> getNestHost: "If the returned class is not the current class ..."
>
> getNestMembers: "If any returned class is not the current class ..."
>
> I don't see how they can be misinterpreted. ???
>
I don't think it can be misinterpreted but just shared my thought in
possible clarification in the wording (looks like not helping).
>> and if a security manager, <i>s</i>, is present and the caller'sclass
>> loader is not the same as or an ancestor of the nest of thisclass and
>
> Something not right there - you're comparing a classloader with a nest ??
grammatical error - the class loader loading the classes in the nest.
>
>> invocation of {@linkSecurityManager#checkPackageAccess
>> s.checkPackageAccess()}denies access to the package of the nest of
>> class.
>
> I would not want to refer to the "package of the nest".
Right that's probably the not best.
>
>> The above can apply to both getNestHost and getNestMembers.
>>
>> The javadoc can also explicitly state that "Classes in the same nest,
>> i.e. nest host and nest members, are in the same runtime package."
>
> How is this adjustment in getNestHost (which is the only place where
> we explain nests):
>
> * <p>A <em>nest</em> is a set of classes and interfaces (nestmates) that
> * form an access control context in which each nestmate has access to
> the
> * private members of the other nestmates.
> * The <em>nest host</em> is the class or interface designated to hold
> the list of
> * classes and interfaces that make up the nest, and to which each of the
> * other nestmates refer.
> +* All nestmates are implicitly defined in the same runtime package.
>
This is good. Thanks.
Mandy
More information about the core-libs-dev
mailing list