API change for 8010464: Evolve java networking same origin policy
Alan Bateman
Alan.Bateman at oracle.com
Mon Apr 29 05:04:39 PDT 2013
On 26/04/2013 15:36, Michael McMahon wrote:
> Hi,
>
> The is the suggested API for one of the two new JEPs recently submitted.
>
> This is for JEP 184: HTTP URL Permissions
>
> The idea here is to define a higher level http permission class
> which "knows about" URLs, HTTP request methods and headers.
> So, it is no longer necessary to grant blanket permission for any kind
> of TCP connection to a host/port. Instead a HttpURLPermission restricts
> access to only the Http protocol itself. Restrictions can also be imposed
> based on URL paths, specific request methods and request headers.
>
> The API change can be seen at the URL below:
>
> http://cr.openjdk.java.net/~michaelm/8010464/api/
>
> In addition to defining a new permission class, HttpURLConnection
> is modified to make use of it and the documentation change describing
> this
> can be seen at the link below:
>
> http://cr.openjdk.java.net/~michaelm/8010464/api/blender.html
>
> All comments welcome.
Just a few other comments.
In the class description then it probably needs to explain that the
"path component" is considered to be a sequence of segments, separated
by "/". I suggest this because it currently has wording such as " same
number of path components" whereas there is only one path component and
you really mean the components of the path component.
The serial form includes "uristring", is that needed as I assume the URI
string will be serialized as the name.
A minor suggestion for the 2-arg constructor where "and which permits"
might be clearer as "that permits".
Otherwise I think this looks quite good.
-Alan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/net-dev/attachments/20130429/0a9c05b7/attachment.html
More information about the net-dev
mailing list