Code review: 8010464: Evolve java networking same origin policy
Weijun Wang
weijun.wang at oracle.com
Mon May 13 06:29:05 PDT 2013
Hi Michael
Until now, for all types of permissions, the "actions" property takes
the form of a comma separated list, and it's always accumulative. For
example, it can be "read", or "write", or "read, write". In fact, the
policytool makes use of this style so that you can click on single
actions items to create a combined one.
Now with HttpURLPermission, this is no longer true.
Of course, there is no way to list single items for HttpURLPermission
(no wellknown header name) so the new style doesn't really affect
policytool that much. It's just that I realized this difference when
trying to support this new Permission type in policytool.
To use the old style, "GET,POST:Header1,Header2" will have to be
rewritten to "GET:Header1, GET:Header2, POST: Header1, POST:Header2".
The more the items are, the more complicated it will be. I am not sure
how many methods and headers you would need in a typical use case.
Thanks
Max
On 5/10/13 7:34 PM, Michael McMahon wrote:
> Hi,
>
> This is the webrev for the HttpURLPermission addition.
> As well as the new permission class, the change
> includes the use of the permission in java.net.HttpURLConnection.
>
> The code basically checks for a HttpURLPermission in plainConnect(),
> getInputStream() and getOutputStream() for the request and if
> the caller has permission the request is executed in a doPrivileged()
> block. When the limited doPrivileged feature is integrated, I will
> change the doPrivileged() call to limit the privilege elevation to a single
> SocketPermission (as shown in the code comments).
>
> The webrev is at http://cr.openjdk.java.net/~michaelm/8010464/webrev.1/
>
> Thanks
> Michael
More information about the net-dev
mailing list