[rfc][icedtea-web] Reflectively add URLPermission to SecurityDesc if available
Andrew Azores
aazores at redhat.com
Mon Jul 14 14:07:41 UTC 2014
On 07/03/2014 05:14 PM, Andrew Azores wrote:
> On 07/03/2014 05:02 PM, Omair Majid wrote:
>> * Andrew Azores<aazores at redhat.com> [2014-07-03 16:55]:
>>> + codebaseHost = new URI(codebase.getScheme(), codebase.getUserInfo(), codebase.getHost(), -1, null, null, null);
>> Why -1 for port? This seems strange compared to the same-origin-policy.
>>
>> Thanks,
>> Omair
>>
>
> It doesn't seem to be specified for the SocketPermission granted in
> SecurityDesc either - downloadHost is just the hostname part of the
> codebase URL AFAICT. So I haven't specified a port for the
> URLPermission so as to not be more restrictive than the SocketPermission.
>
> There's also this in the URLPermission docs:
>
>> /portrange/ is used to specify a port number, or a bounded or
>> unbounded range of ports that this permission applies to. If
>> portrange is absent or invalid, then a default port number is assumed
>> if the scheme is |http| (default 80) or |https| (default 443). No
>> default is assumed for other schemes. A wildcard may be specified
>> which means all ports.
>
>
> Thanks,
> --
> Andrew A
Ping.
Thanks,
--
Andrew A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140714/24b77b4f/attachment-0001.html>
More information about the distro-pkg-dev
mailing list