API change for 8010464: Evolve java networking same origin policy

Chris Hegarty chris.hegarty at oracle.com
Sun Apr 28 01:01:05 PDT 2013 

In the main I link the new HttpURLPermission class.

When reading the docs I found the references to "the URL" and "URL 
string" confusing ( it could be just me ). When I see capital 'URL' my 
mind instantly, and incorrectly, goes to java.net.URL. In all cases you 
mean the URL string given when constructing the HttpURLPermission, right?

Another example is the equals method
   "Returns true if, this.getActions().equals(p.getActions()) and p's
    URL equals this's URL. Returns false otherwise."

    this is referring so a simple string comparison of the given URL 
string, right? This should be case insensitive too. Does it take into 
account default protocol ports, e.g. http://foo.com/ equal 
http://foo.com:80/

implies() makes reference to the URL scheme, and other specific parts of 
the URL. Also, the constructors throw IAE  'if url is not a valid URL', 
but what does this mean. Should we just bite the bullet and just say 
that URI is used to parse the given string into its specific parts? 
Otherwise, how can this be validated.

As for the additions to HttpURLConnection, what are the implications on 
proxies? Permissions, etc...

-Chris.

On 04/26/2013 03:36 PM, Michael McMahon wrote:
> Hi,
>
> The is the suggested API for one of the two new JEPs recently submitted.
>
> This is for JEP 184: HTTP URL Permissions
>
> The idea here is to define a higher level http permission class
> which "knows about" URLs, HTTP request methods and headers.
> So, it is no longer necessary to grant blanket permission for any kind
> of TCP connection to a host/port. Instead a HttpURLPermission restricts
> access to only the Http protocol itself. Restrictions can also be imposed
> based on URL paths, specific request methods and request headers.
>
> The API change can be seen at the URL below:
>
> http://cr.openjdk.java.net/~michaelm/8010464/api/
>
> In addition to defining a new permission class, HttpURLConnection
> is modified to make use of it and the documentation change describing this
> can be seen at the link below:
>
> http://cr.openjdk.java.net/~michaelm/8010464/api/blender.html
>
> All comments welcome.
>
> Thanks
>
> Michael.

More information about the net-dev mailing list