Redundant check in java.security.BasicPermission.implies()

Tom Hawtin tom.hawtin at oracle.com
Mon Dec 2 01:08:53 UTC 2013


On 29/11/2013 20:29, Alex Yursha wrote:
> The javadocs for the class java.security.BasicPermission says, that the
> naming convention for BasicPermission names follows the hierarchical
> property naming convention with possible wildcards. AFAIU, *hierarchical
> property naming convention* assumes that you specify either a simple
> identifier like /user/, or a sequence of dot-separated identifiers like
> /user.group.id <http://user.group.id> - /so what is the purpose for
> names like /user. /with a dot at the end? It seems like it contradicts
> the documentation and has no purpose.

As code, including configuration, outside the JDK may be relying upon 
the behaviour of BasicPermission, this would seem unlikely to change. 
The documentation may get clarified.

I cannot see find any definition of "the hierarchical property naming 
convention". BasicPermission accepts any non-null non-empty name, 
including those with a trailing dot. If I had to invent a meaning of the 
trailing dot, I'd say it was superfluous, which matches the code.

As usual with ad hoc text formats the have parsing spread around the 
code and no clear specification, they're a bit of a mess.

Tom



More information about the security-dev mailing list