[8] Request for review: 8016848: javax_security/auth/login tests fail in compact 1 and 2 profiles

Sean Mullan sean.mullan at oracle.com
Thu Aug 1 16:48:38 UTC 2013


Hello,

Could you please review my fix for 8016848:

webrev: http://cr.openjdk.java.net/~mullan/webrevs/8016848/webrev.00/

bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8016848

This is a bug because 
javax.security.auth.login.Configuration.getConfiguration() throws a 
ClassCastException when run with the compact1 or compact2 profiles.

This is because the default Configuration object that is returned is not 
in the compact1 profile. The default Configuration is specified by the 
"login.configuration.provider" security property (in the Java security 
properties file). This property is currently set to 
com.sun.security.auth.login.ConfigFile which is not in the compact1 or 
compact2 profiles

The fix is to change the default value of the 
"login.configuration.provider" security property to 
sun.security.provider.ConfigFile, which will be a new class that is 
essentially a copy of com.sun.security.auth.login.ConfigFile. However, 
because it is in the sun.security.provider package, it will be in all 
profiles. We will not remove the com.sun.security.auth.login.ConfigFile 
class as there may be some applications directly using it.

noreg-jck as there is an existing JCK test for this.

Thanks,
Sean



More information about the security-dev mailing list