[icedtea-web] RFC: integrate jnlp authenticator into rest of security system
Omair Majid
omajid at redhat.com
Fri Feb 25 16:09:17 PST 2011
On 02/25/2011 04:26 PM, Dr Andrew John Hughes wrote:
> On 11:12 Fri 25 Feb , Omair Majid wrote:
>> On 12/20/2010 02:24 PM, Omair Majid wrote:
>>> On 12/20/2010 02:12 PM, Dr Andrew John Hughes wrote:
>>>> On 13:38 Mon 20 Dec , Omair Majid wrote:
>>>>> On 12/20/2010 01:26 PM, Dr Andrew John Hughes wrote:
>>>>>> On 13:15 Mon 20 Dec , Omair Majid wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> The attached patches further integrates JNLPAuthenticator and
>>>>>>> PasswordAuthenticationDialog into icedtea-web. The patches shows the
>>>>>>> dialogs using the secure thread, localizes strings, and removes
>>>>>>> hardcoded mention of the icedteaplugin.
>>>>>>>
>>>>>>> I have split the change into two patches: one deals with renaming
>>>>>>> files,
>>>>>>> the other deals with the actual code changes.
>>>>>>>
>>>>>>> The first patch renames classes to ensure consistency. It contains no
>>>>>>> functional changes (other than those required for renaming). The class
>>>>>>> net.sourceforge.jnlp.security.SecurityWarning is renamed to
>>>>>>> net.sourceforge.jnlp.security.SecurityDialogs,
>>>>>>> net.sourceforge.jnlp.security.SecurityWarningDialog is renamed to
>>>>>>> net.sourceforge.jnlp.security.SecurityDialog and
>>>>>>> net.sourceforge.jnlp.security.PasswordAuthenticationDialog is
>>>>>>> renamed to
>>>>>>> net.sourceforge.jnlp.PasswordAuthenticationPanel.
>>>>>>>
>>>>>>
>>>>>> What is the reason for the renaming? Could we not delay this until
>>>>>> the 2.0 series?
>>>>>>
>>>>>
>>>>> Well, the SecurityWarning class should show security _warnings_. The
>>>>> second patch modifies (the original) SecurityWarning and
>>>>> SecurityWarningDialog classes to display authentication dialogs dialogs
>>>>> (along with warning dialogs). An authentication dialog is not a warning,
>>>>> and hence the rename.
>>>>>
>>>>> In general, the idea is that anything sensitive that requires a GUI
>>>>> dialog should be run through SecurityWarning/SecurityDialog.
>>>>>
>>>>> If you think that we we should hold off the rename, I am fine with that.
>>>>> The names of classes might be misleading/awkward for a while then.
>>>>>
>>>>
>>>> Are we planning other API changes in 1.1? I'm just trying to work out the
>>>> extent to which we see 1.1 as stable, I guess. If we are making other API
>>>> changes, then I guess the rename is ok.
>>>
>>> That depends on how you define API changes. We definitely will be adding
>>> classes in the 1.1 time frame, but I am not sure if we have any more
>>> renames/removals planned.
>>>
>>
>> Any thoughts? If you are not ok with renaming the class, then I would
>> like to skip that bit and apply the second part of the patch (which
>> integrates the authentication dialog into the rest of the security system).
>>
>
> I'd say go ahead and rename.
>
Thanks. Will rename and push.
> Do we have a planned release date for 1.1 yet?
>
I pinged Deepak about this, and he said that mid-march seems like a
reasonable target.
Cheers,
Omair
More information about the distro-pkg-dev
mailing list