[ipv6] RFR: 8224256: test/jdk/java/security/SecureClassLoader/DefineClass.java hardcodes 127.0.0.1

Daniel Fuchs daniel.fuchs at oracle.com
Wed May 22 14:15:05 UTC 2019


Hi Arthur, [adding security-dev]

   18 // For IPSupport
   19 grant {
   20     permission java.net.SocketPermission "localhost:0", 
"listen,resolve";
   21     permission java.util.PropertyPermission 
"java.net.preferIPv4Stack", "read";
   22 };

It might be better if these permissions were granted to the
library only.

   90     // Base64 encoded bytes of simple class: "package bar2; public 
class Bar2 {}"
   91     private final static String BAR2_CLASS =
   92 "yv66vgAAADQADwoAAwAMBwANBwAOAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" +
...

Which version of javac did you use to generate the class?
I wonder if it should have the same major/minor version than
the other classes in that file. But maybe it doesn't matter.

best regards,

-- daniel

On 21/05/2019 00:50, Arthur Eubanks wrote:
> bug: https://bugs.openjdk.java.net/browse/JDK-8224256
> webrev: http://cr.openjdk.java.net/~aeubanks/8224256/webrev.00/index.html
> 
> test/jdk/java/security/SecureClassLoader/DefineClass.java checks that a 
> security manager works with "http://127.0.0.1". This fails on IPv6-only 
> systems.
> 
> This change tests 127.0.0.1 if IPv4 is available, then tests ::1 if IPv6 
> is available. Created a new class for testing ::1 since we can't have 
> duplicate classes.



More information about the net-dev mailing list