[icedtea-web] RFC: integrate jnlp authenticator into rest of security system

Omair Majid omajid at redhat.com
Mon Dec 20 10:38:39 PST 2010

On 12/20/2010 01:26 PM, Dr Andrew John Hughes wrote:
> On 13:15 Mon 20 Dec     , Omair Majid wrote:
>> Hi,
>> The attached patches further integrates JNLPAuthenticator and
>> PasswordAuthenticationDialog into icedtea-web. The patches shows the
>> dialogs using the secure thread, localizes strings, and removes
>> hardcoded mention of the icedteaplugin.
>> I have split the change into two patches: one deals with renaming files,
>> the other deals with the actual code changes.
>> The first patch renames classes to ensure consistency. It contains no
>> functional changes (other than those required for renaming). The class
>> net.sourceforge.jnlp.security.SecurityWarning is renamed to
>> net.sourceforge.jnlp.security.SecurityDialogs,
>> net.sourceforge.jnlp.security.SecurityWarningDialog is renamed to
>> net.sourceforge.jnlp.security.SecurityDialog and
>> net.sourceforge.jnlp.security.PasswordAuthenticationDialog is renamed to
>> net.sourceforge.jnlp.PasswordAuthenticationPanel.
> What is the reason for the renaming?  Could we not delay this until the 2.0 series?

Well, the SecurityWarning class should show security _warnings_. The 
second patch modifies (the original) SecurityWarning and 
SecurityWarningDialog classes to display authentication dialogs dialogs 
(along with warning dialogs). An authentication dialog is not a warning, 
and hence the rename.

In general, the idea is that anything sensitive that requires a GUI 
dialog should be run through SecurityWarning/SecurityDialog.

If you think that we we should hold off the rename, I am fine with that. 
The names of classes might be misleading/awkward for a while then.


More information about the distro-pkg-dev mailing list