[rfc][icedtea-web] Reflectively add URLPermission to SecurityDesc if available
Omair Majid
omajid at redhat.com
Wed Jul 2 16:31:09 UTC 2014
* Andrew Azores <aazores at redhat.com> [2014-07-02 12:16]:
> This patch adds URLPermission to the sandbox permissions set in
> SecurityDesc, if URLPermission is available (so for Java 8+). Certain
> applets are broken when using IcedTea-Web with Java 8 due to the lack of
> this permission. An example of such an applet is Oasis[0]. This applet
> should work fine with plain IcedTea-Web and JDK 7, but should fail with
> plain IcedTea-Web and JDK 8. It should continue to work with patched
> IcedTea-Web and JDK 7 but produce a few small WARNING_DEBUG level messages,
> and should begin to work with patched IcedTea-Web and JDK 8.
> +++ b/netx/net/sourceforge/jnlp/SecurityDesc.java
> + } catch (final ClassNotFoundException | NoSuchMethodException | SecurityException e) {
Maybe use ReflectiveOperationException to reduce the number of exceptions
here? It's only available in Java 7 and later.
> + final String urlPermUriString = codebase + (codebase.endsWith("/") ? "-" : "/-");
> + // Allow applets all HTTP methods (ex POST, GET) with any request headers
> + // on resources anywhere recursively in or below the applet codebase
I wonder if we can be more lax and allow accessing more resources on
the same host/port combination. Can you think of a reason to restrict to
the given codebase directory only?
> + } catch (final URISyntaxException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
I would highly recommend using ReflectiveOperationException here.
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the distro-pkg-dev
mailing list