[icedtea-web] URLPermission in Java 8
Omair Majid
omajid at redhat.com
Wed Jun 18 16:04:35 UTC 2014
* Andrew Azores <aazores at redhat.com> [2014-06-18 10:04]:
> As a sort of proof of concept, I've attached a small patch. Applying this
> patch to HEAD and repeating the Oasis test procedure with Java 8 in use
> should allow Oasis to run again.
> I can't find any documentation on how exactly Oracle grants applets
> URLPermissions, eg what kind of path they're allowing the applets to access,
> or which HTTP methods and headers they may use, etc. So determining sane
> defaults on these is the primary point of discussion for this thread. We
> could just try to ask Oracle what they're granting as well and mirror that.
After reading the JEP [0] and the javadoc [1], the patch makes sense. As
long as it is not less restrictive than the SocketPermissions, I think
it's fine.
> This patch can't compile with Java 7
I guess the question to ask is, do you want something built with Java 7
to just work on Java 7? Or do you want the same build to work with both
Java 7 and 8?
If it's the first, then a compile-time switch to optionally compile a
8-specific class that handles this responsibility seems appropriate.
This is what we did for the X509TrustManager with 6/7 support. If you
want the second option, then you probably have to use reflection to work
around the issue.
> is also probably too lenient about the URLPermission it's
> granting, which allows any request method with any headers to any resource
> recursively and inclusively in the applet codebase.
Isn't that expected?
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the distro-pkg-dev
mailing list