Patch submission - 5021645
Chris Hegarty
chris.hegarty at oracle.com
Fri May 13 06:00:17 PDT 2011
Thanks Brad,
This would appear to be a regression as a result of the changes for CR
5021645.
Before 5021645, url.openConnection.getPermission() was used to determine
the permission. For jar url's this will create a new JarURLConnection
that will delegate the getPermission request to its "wrapped" url, in
this case file://...
After 5021645, url.getProtocol() is used to manually determine if the
url is a file url or not. This will not work for jar urls since they
just wrap other urls.
The changes for CR 5021645 could be reversed or url.getProtocol() equal
to jar could be special cased to use url.getPath to look inside the jar url.
Reassigned back to classes_security ;-)
-Chris.
On 05/12/11 11:40 PM, Brad Wetmore wrote:
>
> Hi Net-folks,
>
> There is a patch in bugs.openjdk.java.net which was originally filed
> under security, but it is probably more of a network issue. It involves
> the "jar" protocol.
>
> See the thread thus far at:
>
> http://mail.openjdk.java.net/pipermail/security-dev/2011-May/003269.html
>
> I've filed:
>
> 7044443: Permissions resolved incorrectly for jar protocol (Patch from
> bugs.openjdk.java.net)
>
> Can someone please evaluate? Thanks.
>
> Brad
>
>
More information about the net-dev
mailing list