[security-dev 01215]: Re: <AWT Dev> 6854954: Eliminate static dependency on java.awt.AWTPermission

[Anthony Petrov]

Hi Alan,

To contribute a little to the small nit picking process :) :

1. src/share/classes/javax/swing/JPopupMenu.java
Line 415 might be realigned to keep standard indentation.

2. The copyright notices might be updated to indicate that 2009 is the 
year of last modification of the files.

The rest looks good. Please consider that approved by the AWT team.

--
best regards,
Anthony


On 09/15/2009 05:54 PM, Alan Bateman wrote:
> 
> Sean, Mandy - can you review this? I also need someone from the AWT team.
> 
> This patch eliminates the static dependency on java.awt.AWTPermission 
> from the security code, needed for the SecurityManager and default 
> policy code to work in the event that the permission class is not 
> present (in gui-less profile for example). The changes are relatively 
> simple. Creation of the AWTPermissions is deferred until needed. If 
> sun.awt.AWTPermissionFactory is present then it is used to create the 
> AWTPermission instances. If not present, but somehow one the security 
> manager's checkTopLevelWindow, checkSystemClipboardAccess, etc. methods 
> is invoked then "fake" permissions are used. The reason for the approach 
> is to keep the reflection usage to a minimum (usually we use the shared 
> secrets mechanism to avoid reflection completely but for this case, 
> there isn't one place to setup the secret).
> 
> The webrev is here:
>  http://cr.openjdk.java.net/~alanb/6854954/webrev.00/
> 
> Thanks,
> 
> Alan.