Policy providers in Java 9

Peter Firmstone peter.firmstone at zeus.net.au
Sun Mar 22 02:07:11 UTC 2015


Thanks Mandy, replies inline...

----- Original message -----
> 
> 
> On 3/21/2015 5:12 AM, Peter Firmstone wrote:
> > Just wondering, with the removal of the extensions directory, what's
> > the correct way of specifying a policy provider?
> > 
> > We currently have a number of nested policy providers that are loaded
> > by the extension classloader.
> 
> Do you set the custom policy provider by setting -Dpolicy.provider
> system property?

Yes, and also defining the extension dirs property.

Our providers pre date the SPI mechanism; they have additional methods for dynamic permission grants, so can't use the spi unfortunately. 

> 
> One suggested way is to put the providers on -classpath and loaded
> by the application class loader.

I haven't tried it yet; our providers were written by Sun, the same people that worked on the JVM.  I suspect the reason for using the extension classloader was to avoid circular execution paths that cause stack overflow errors.

I'll give the application classloader a shot and get back to you.

P.S. Our providers don't use CodeSource.implies, we have other mechanisms that use RFC3986 compliant URI; so we already have compatibility with the new jrt URL scheme.

The new jrt scheme will also benefit our software by removing local file paths from class resolution.

> 
> There are some SPIs that need adjustment to support loading the
> providers by the application class loader and the policy SPI
> should also be updated in JDK 9.   I'm including the security lead
> Sean Mullan to recommend other ways.
> 
> Mandy
> 



More information about the jigsaw-dev mailing list