[core-libs] RFR (L): 8010319: Implementation of JEP 181: Nest-Based Access Control

Tue May 22 01:43:17 UTC 2018

Thanks Mandy. I'll make the addition regarding the package - as endorsed 
by John (thanks John!)

David

On 22/05/2018 11:32 AM, mandy chung wrote:
> 
> 
> On 5/21/18 5:48 PM, David Holmes wrote:
>> http://mail.openjdk.java.net/pipermail/valhalla-dev/2018-March/003971.html 
>>
>>
>> and as I responded to Alan, for getNestMembers() it doesn't say "the 
>> returned class" it says "any returned class" and "that returned 
>> class". There is no singular/plural ambiguity.
> 
> Ah.  I was not able to connect "any returned class" and "that returned 
> class" in my first read.  I now see "that returned class" refers to one 
> class.
> 
>>
>>> What about:
>>>    @throws SecurityException if this class is not in the nest of itself, 
>>
>> I think you mean if the class is in a nest consisting solely of itself?
>>
> 
> Yes.
> 
>> But that seems convoluted to me regardless. The existing statements 
>> are extremely clear IMHO:
>>
>> getNestHost: "If the returned class is not the current class ..."
>>
>> getNestMembers: "If any returned class is not the current class ..."
>>
>> I don't see how they can be misinterpreted. ???
>>
> 
> I don't think it can be misinterpreted but just shared my thought in 
> possible clarification in the wording (looks like not helping).
> 
>>> and if a security manager, <i>s</i>, is present and the caller'sclass 
>>> loader is not the same as or an ancestor of the nest of thisclass and 
>>
>> Something not right there - you're comparing a classloader with a nest ??
> 
> grammatical error - the class loader loading the classes in the nest.
>>
>>> invocation of {@linkSecurityManager#checkPackageAccess 
>>> s.checkPackageAccess()}denies access to the package of the nest of 
>>> class.
>>
>> I would not want to refer to the "package of the nest".
> 
> Right that's probably the not best.
>>
>>> The above can apply to both getNestHost and getNestMembers.
>>>
>>> The javadoc can also explicitly state that "Classes in the same nest, 
>>> i.e. nest host and nest members, are in the same runtime package."
>>
>> How is this adjustment in getNestHost (which is the only place where 
>> we explain nests):
>>
>>  * <p>A <em>nest</em> is a set of classes and interfaces (nestmates) that
>>  * form an access control context in which each nestmate has access to 
>> the
>>  * private members of the other nestmates.
>>  * The <em>nest host</em> is the class or interface designated to hold 
>> the list of
>>  * classes and interfaces that make up the nest, and to which each of the
>>  * other nestmates refer.
>> +* All nestmates are implicitly defined in the same runtime package.
>>
> 
> This is good.  Thanks.
> 
> Mandy