[security-dev 01209]: 6854954: Eliminate static dependency on java.awt.AWTPermission
Alan Bateman
Alan.Bateman at Sun.COM
Tue Sep 15 13:54:57 UTC 2009
Sean, Mandy - can you review this? I also need someone from the AWT team.
This patch eliminates the static dependency on java.awt.AWTPermission
from the security code, needed for the SecurityManager and default
policy code to work in the event that the permission class is not
present (in gui-less profile for example). The changes are relatively
simple. Creation of the AWTPermissions is deferred until needed. If
sun.awt.AWTPermissionFactory is present then it is used to create the
AWTPermission instances. If not present, but somehow one the security
manager's checkTopLevelWindow, checkSystemClipboardAccess, etc. methods
is invoked then "fake" permissions are used. The reason for the approach
is to keep the reflection usage to a minimum (usually we use the shared
secrets mechanism to avoid reflection completely but for this case,
there isn't one place to setup the secret).
The webrev is here:
http://cr.openjdk.java.net/~alanb/6854954/webrev.00/
Thanks,
Alan.
More information about the security-dev
mailing list