RFR: Re-enable support for non-Principal implementations of PrincipalComparator
Sean Mullan
sean.mullan at oracle.com
Wed Feb 27 21:43:33 UTC 2013
On 02/27/2013 06:24 AM, Alan Bateman wrote:
> On 26/02/2013 18:36, Neil Richards wrote:
>> Hi Sean,
>> Thanks for your quick response.
>>
>> I admit, I hadn't spotted the description of the policy file syntax to
>> which you point.
>>
>> (In my defence, it's a lot easier to overlook than the explicit wording
>> that I found at the top of PrincipalComparator's Javadoc).
>>
>> Just for info, are there other scenarios where (non-Principal)
>> PrincipalComparator impls can (still) be used, which matches that class'
>> Javadoc ?
Yes, I believe the legacy JAAS PolicyFile implementation
(com.sun.security.auth.PolicyFile) supports PrincipalComparator classes
that don't implement Principal, though I have not tested that to confirm.
>> And do these other scenarios also (already) support the use of
>> Principal.implies() ?
No for the case above, but the JAAS PolicyFile API is deprecated so I
don't think we need to enhance that to support the new Principal.implies
method.
>> I think your answer may have obviated my desire for using the suggested
>> fix.
>> I'm asking around nearby to see if evidence of real use breakage can be
>> found, and will tug on this thread again if/when I have something more
>> to share on this.
>>
> I'll leave it to Sean to comment on this but just to mention that if
> this reflective dependency is added then I think it would be good to
> plan to remove it in jdk9. I suggest this because PolicyFile will most
> likely end up in our base/core module whereas the JDK-specific API to
> JAAS (com.sun.security.auth) may not.
I think we should just wait a bit and see if anything comes up after the
developer preview is released.
Thanks,
Sean
More information about the security-dev
mailing list