RFR: 8025734: Use literal IP address where possible in SocketPermission generated by HttpURLPermission
Michael McMahon
michael.x.mcmahon at oracle.com
Tue Oct 8 04:43:50 PDT 2013
Hi,
This change updates HttpURLPermission to grant a SocketPermission with a
literal IP address
rather than the String hostname when the IP address is available (this
gets looked up anyway.
So, we're not adding any additional name service lookups). By granting a
permission with
a literal IP address it avoids the complicated isUntrusted() logic in
SocketPermission
where possible. The change also enables the use of the limited
doPrivileged logic.
I thought it would be better to enable this in a smaller change than the
bigger API change
coming later.
This change includes a test of HttpURLPermission using a dummy
nameservice. It is
a basic smoke test that checks SecurityException is being thrown (or
not) when expected
as opposed to an IOException for unknown hostnames.
http://cr.openjdk.java.net/~michaelm/8025734/webrev.1/
Thanks
Michael.
More information about the net-dev
mailing list