Review Request 8007035: Deprecate SecurityManager.checkMemberAccess
Mandy Chung
mandy.chung at oracle.com
Fri Mar 29 02:55:01 UTC 2013
Sean, John, Joe,
Can you review this fix todeprecatesthe |SecurityManager.checkMemberAccess|
method as proposed in http://openjdk.java.net/jeps/176?
Webrev at:
http://cr.openjdk.java.net/~mchung/jdk8/webrevs/8007035/webrev.00
Specdiff:
http://cr.openjdk.java.net/~mchung/jdk8/webrevs/8007035/specdiff
The |checkMemberAccess| method requires the caller’s frame to be
at a stack depth of four, which is fragile and difficult to enforce.
The fix deprecates the SecurityManager.checkMemberAccess method and
will throw an exception unconditionally in a future release.There
are several methods in java.lang.Class and the class spec of
java.lang.invoke.MethodHandles.Lookup in the JDK specify to call
SecurityManager.checkMemberAccess. The spec and implementation are
updated to do the appropriate permission check.
SecurityManager.checkMemberAccess is not final and it can be overridden
by a subclass. However, we believe a SecurityManager subclass
implementation that overrides the checkMemberAccess method and behaves
differently than the default implementation is very rare. Thus
we decide not to handle the SecurityManager subclass case that
overrids the checkMemberAccess method with this fix and the compatibility
risk should be low.
Thanks
Mandy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20130328/68e3c70c/attachment.htm>
More information about the security-dev
mailing list