Code review request for SecurityManager changes
Sean Mullan
sean.mullan at oracle.com
Tue May 11 08:48:20 PDT 2010
On 5/10/10 4:45 PM, Karen Kinnear wrote:
> Sean,
>
> Thanks for doing these changes.
>
> 1) Not something you have to change, but I've been wondering if it would
> make sense
> to have some common small utilities shared by the two launchers so we
> don't have to
> maintain two copies of some of the sources.
Hmm, not sure. I'll let Mark or Mandy respond on that one.
For the signed module support, we are reusing the existing PKCS7 code that we
use for signed jars.
> 2) Are you adding support for ProtectionDomains later?
There is initial basic support for ProtectionDomains in this changeset. Each PD
is only distinguished by the ClassLoader of the module. Also, all PDs right now
have a null CodeSource URL. This is an open issue that needs to be discussed -
since we want to be able to sandbox unsigned module apps such that they can only
make network connections back to the originating host (or to other hosts if the
cross domain policy permits). Support for CodeSigners will be coming later when
signed module support is integrated.
--Sean
More information about the jigsaw-dev
mailing list