Code Review Request: running signed modules with SecurityManager
Rémi Forax
forax at univ-mlv.fr
Thu May 27 17:13:13 PDT 2010
Le 27/05/2010 17:09, Sean Mullan a écrit :
> On 5/26/10 6:59 PM, Rémi Forax wrote:
>> Le 27/05/2010 00:02, Sean Mullan a écrit :
>>> Please review the webrev below which contains code changes that add
>>> support for running signed modules with a SecurityManager.
>>>
>>> http://cr.openjdk.java.net/~mullan/jigsaw/webrevs/SecurityManager2/webrev.00/
>>>
>>>
>>>
>>> Thanks,
>>> Sean
>>
>> In Loader.java, you should declare the two maps and the sets final.
>
> ok.
>
>> In SimpleLibrary.readLocalCodeSigners,
>> if the file is removed between f.exists() and
>> new FileInputstream, instead of returning null, you throw an
>> IOException,
>
> Hmm, but there is no way for that to happen unless the library data is
> being modified maliciously or accidentally.
My question was more, is it the intended behavior ?
>
>> furthermore, reading the doc of Library.readLocalCodeSigners,
>> it's far from than than you can returns an array of signers with one
>> element
>> which is null.
>> I would prefer to directly get null in that cases or a better
>> documentation.
>
> I don't see this. Can you explain a little more how an array of
> signers with one element which is null can be returned?
My bad. I've seen that variable signer is initialized with null which is
not necessary.
>
>> In Packager, outptuFile.delete() can returns false.
>
> Correct. In that case, I will probably change the code to throw an
> IOException, and set the cause to the exception of the try/catch block.
>
>> A more general question but perhaps for Mark or Alan,
>> why jigsaw codebase use java.io.file and not java.nio.file ?
>
> I'll defer to Mark or Alan on that question.
>
> Thanks,
> Sean
Rémi
More information about the jigsaw-dev
mailing list