RFR: 8025734: Use literal IP address where possible in SocketPermission generated by HttpURLPermission
Chris Hegarty
chris.hegarty at oracle.com
Wed Oct 9 08:53:58 PDT 2013
The changes look good to me.
-Chris.
On 08/10/2013 12:43, Michael McMahon wrote:
> Hi,
>
> This change updates HttpURLPermission to grant a SocketPermission with a
> literal IP address
> rather than the String hostname when the IP address is available (this
> gets looked up anyway.
> So, we're not adding any additional name service lookups). By granting a
> permission with
> a literal IP address it avoids the complicated isUntrusted() logic in
> SocketPermission
> where possible. The change also enables the use of the limited
> doPrivileged logic.
> I thought it would be better to enable this in a smaller change than the
> bigger API change
> coming later.
>
> This change includes a test of HttpURLPermission using a dummy
> nameservice. It is
> a basic smoke test that checks SecurityException is being thrown (or
> not) when expected
> as opposed to an IOException for unknown hostnames.
>
> http://cr.openjdk.java.net/~michaelm/8025734/webrev.1/
>
> Thanks
> Michael.
More information about the net-dev
mailing list