Redundant check in java.security.BasicPermission.implies()
Tom Hawtin
tom.hawtin at oracle.com
Fri Nov 29 17:16:13 UTC 2013
On 29/11/2013 15:46, Alex Yursha wrote:
> // make sure ap.path is longer so a.b.* doesn't imply a.b
^.
Somebody has removed the full stop from the sentence fragment. I'll give
you that this class API docs should be better.
> return (that.path.length() > this.path.length()) &&
> that.path.startsWith(this.path);
> As the highlighted comment states, the length comparison check is
> performed in order to prevent such cases where "a.b.*" would imply
> "a.b". But the contract for java.lang.String.startsWith() is such that
> if the prefix length is greater than the string length than that test
> will fail. So it seems like java.security.BasicPermission.implies()
> tries to duplicate the check that is performed by
> java.lang.String.startswith() out of the box.
So, suppose we had permissions with names "a.b.*" and "a.b.". These have
paths "a.b." and "a.b." (respectively, or not). startsWith will return
true, but the length comparison false.
So
- the check is not redundant
- a.b. is not implied by a.b.*
- BasicPermission does not correctly specify behaviour of wildcards
(should probably have a CR)
Tom
More information about the security-dev
mailing list