Code review: 8010464: Evolve java networking same origin policy
Dmitry Samersoff
dmitry.samersoff at oracle.com
Sun May 12 11:25:26 PDT 2013
Michael,
It might be better to narrow permissions right now with code like below:
private static
AccessControlContext withPermissions(Permission ... perms){
Permissions col = new Permissions();
for (Permission thePerm : perms ) {
col.add(thePerm);
}
final ProtectionDomain pd = new ProtectionDomain(null, col);
return new AccessControlContext( new ProtectionDomain[] { pd });
}
AccessController.doPrivileged(
new PrivilegedExceptionAction<Void>() {
public Void run() throws IOException {
plainConnect0();
return null;
}, withPermissions(p)
);
-Dmitry
On 2013-05-10 15:34, Michael McMahon wrote:
> Hi,
>
> This is the webrev for the HttpURLPermission addition.
> As well as the new permission class, the change
> includes the use of the permission in java.net.HttpURLConnection.
>
> The code basically checks for a HttpURLPermission in plainConnect(),
> getInputStream() and getOutputStream() for the request and if
> the caller has permission the request is executed in a doPrivileged()
> block. When the limited doPrivileged feature is integrated, I will
> change the doPrivileged() call to limit the privilege elevation to a single
> SocketPermission (as shown in the code comments).
>
> The webrev is at http://cr.openjdk.java.net/~michaelm/8010464/webrev.1/
>
> Thanks
> Michael
--
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* I would love to change the world, but they won't give me the source code.
More information about the net-dev
mailing list