[8] Review Request for 8021191: Add isAuthorized check to limited doPrivileged methods
Weijun Wang
weijun.wang at oracle.com
Tue Oct 22 02:00:26 UTC 2013
In AccessController.java, existing doc always has a "specified" between
"the" and "{@code AccessControlContext}".
BTW, maybe a little off-topic, I am not sure about the exact meaning of
"with no permissions". jre/lib/security/java.policy has granted some
permissions (e.g. reading "java.version") to everyone. Do the
doPrivWithPerm methods honor them?
No other comment.
Thanks
Max
On 10/22/13 9:27 AM, Xuelei Fan wrote:
> It's a behavior update. Looks fine to me.
>
> Xuelei
>
> On 10/19/2013 5:24 AM, Sean Mullan wrote:
>> Please review this change to the limited doPrivileged methods to check
>> that the passed-in access control context is authorized before using.
>>
>> http://cr.openjdk.java.net/~mullan/webrevs/8021191/webrev.00/
>>
>> Thanks,
>> Sean
>
More information about the security-dev
mailing list