Code review: 8010464: Evolve java networking same origin policy
Michael McMahon
michael.x.mcmahon at oracle.com
Fri May 10 04:34:39 PDT 2013
Hi,
This is the webrev for the HttpURLPermission addition.
As well as the new permission class, the change
includes the use of the permission in java.net.HttpURLConnection.
The code basically checks for a HttpURLPermission in plainConnect(),
getInputStream() and getOutputStream() for the request and if
the caller has permission the request is executed in a doPrivileged()
block. When the limited doPrivileged feature is integrated, I will
change the doPrivileged() call to limit the privilege elevation to a single
SocketPermission (as shown in the code comments).
The webrev is at http://cr.openjdk.java.net/~michaelm/8010464/webrev.1/
Thanks
Michael
More information about the net-dev
mailing list