Policy providers in Java 9
Peter Firmstone
peter.firmstone at zeus.net.au
Sun Mar 22 02:07:11 UTC 2015
Thanks Mandy, replies inline...
----- Original message -----
>
>
> On 3/21/2015 5:12 AM, Peter Firmstone wrote:
> > Just wondering, with the removal of the extensions directory, what's
> > the correct way of specifying a policy provider?
> >
> > We currently have a number of nested policy providers that are loaded
> > by the extension classloader.
>
> Do you set the custom policy provider by setting -Dpolicy.provider
> system property?
Yes, and also defining the extension dirs property.
Our providers pre date the SPI mechanism; they have additional methods for dynamic permission grants, so can't use the spi unfortunately.
>
> One suggested way is to put the providers on -classpath and loaded
> by the application class loader.
I haven't tried it yet; our providers were written by Sun, the same people that worked on the JVM. I suspect the reason for using the extension classloader was to avoid circular execution paths that cause stack overflow errors.
I'll give the application classloader a shot and get back to you.
P.S. Our providers don't use CodeSource.implies, we have other mechanisms that use RFC3986 compliant URI; so we already have compatibility with the new jrt URL scheme.
The new jrt scheme will also benefit our software by removing local file paths from class resolution.
>
> There are some SPIs that need adjustment to support loading the
> providers by the application class loader and the policy SPI
> should also be updated in JDK 9. I'm including the security lead
> Sean Mullan to recommend other ways.
>
> Mandy
>
More information about the jigsaw-dev
mailing list