[security-dev 01209]: 6854954: Eliminate static dependency on java.awt.AWTPermission

Alan Bateman Alan.Bateman at Sun.COM
Tue Sep 15 06:54:57 PDT 2009


Sean, Mandy - can you review this? I also need someone from the AWT team.

This patch eliminates the static dependency on java.awt.AWTPermission 
from the security code, needed for the SecurityManager and default 
policy code to work in the event that the permission class is not 
present (in gui-less profile for example). The changes are relatively 
simple. Creation of the AWTPermissions is deferred until needed. If 
sun.awt.AWTPermissionFactory is present then it is used to create the 
AWTPermission instances. If not present, but somehow one the security 
manager's checkTopLevelWindow, checkSystemClipboardAccess, etc. methods 
is invoked then "fake" permissions are used. The reason for the approach 
is to keep the reflection usage to a minimum (usually we use the shared 
secrets mechanism to avoid reflection completely but for this case, 
there isn't one place to setup the secret).

The webrev is here:
  http://cr.openjdk.java.net/~alanb/6854954/webrev.00/

Thanks,

Alan.



More information about the security-dev mailing list