[security-dev 01358]: Re: 6894643: Separate out dependency on Kerberos
Alan Bateman
Alan.Bateman at Sun.COM
Mon Nov 2 18:44:58 UTC 2009
Vincent Ryan wrote:
> Hello all,
>
> I'm proposing a further change that enables JSSE to work when Kerberos is not
> present at runtime:
>
> http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/
>
> (This continues the removal of static dependencies begun in CR 6885204.)
>
> Please comment.
> Thanks.
>
This separation looks quite good.
What would you think about moving sun.security.util.HostnameChecker into
sun.security.ssl.HostnameChecker? It's only usage in the JNDI LDAP
provider should be when using SSL.
Minor comment on the new KerberosClientKeyExchange is that the indenting
of the parameters to several months seems a bit strange (no big deal).
Also, I assume that getImpl isn't really needed and that impl should be
initialized as:
impl = AccessController.doPrivileged(
new PrivilegedAction<KerberosClientKeyExchange>() {
public KerberosClientKeyExchange run() { .. .};
Good to see a test included.
-Alan.
More information about the security-dev
mailing list