RFR: 8029354: URLPermission.<init> throws llegalArgumentException: Invalid characters in hostname
Chris Hegarty
chris.hegarty at oracle.com
Mon Dec 2 06:50:23 PST 2013
This update looks much better to me.
-Chris.
On 02/12/13 14:33, Michael McMahon wrote:
> On 02/12/13 12:40, Alan Bateman wrote:
>> On 02/12/2013 12:22, Michael McMahon wrote:
>>> Okay. I think the best approach is to recognise the userinfo but just
>>> remove it when constructing
>>> URLPermissions thereby effectively ignoring it.
>>>
>>> This is what the http protocol handler (and other support classes)
>>> have been doing all the time
>>> since the field is not directly of interest to http itself. That
>>> doesn't prevent higher level software from
>>> using it, as in the case here that provoked the bug report (the Java
>>> GIT client used in netbeans and eclipse)
>>>
>>> Michael
>> I think this makes the most sense. Even more so when you consider
>> configuring the policy to grant permission to GET or POST to a
>> specific HTTP URL then this grant is independent of whether of any
>> authentication that might be required.
>>
>> -Alan.
>
> The second webrev is at link below. This is somewhat simpler now.
>
> I think it still needs a spec change though. So, I would like to propose
> that to the CCC asap.
>
> http://cr.openjdk.java.net/~michaelm/8029354/webrev.2/
>
> I added a test that uses the protocol handler. it should be reliable enough
> as it does not actually go as far as opening an actual socket connection.
>
> Thanks
> Michael
>
More information about the net-dev
mailing list