[8] Review Request for 8021191: Add isAuthorized check to limited doPrivileged methods

Weijun Wang weijun.wang at oracle.com
Tue Oct 22 02:00:26 UTC 2013


In AccessController.java, existing doc always has a "specified" between 
"the" and "{@code AccessControlContext}".

BTW, maybe a little off-topic, I am not sure about the exact meaning of 
"with no permissions". jre/lib/security/java.policy has granted some 
permissions (e.g. reading "java.version") to everyone. Do the 
doPrivWithPerm methods honor them?

No other comment.

Thanks
Max

On 10/22/13 9:27 AM, Xuelei Fan wrote:
> It's a behavior update.  Looks fine to me.
>
> Xuelei
>
> On 10/19/2013 5:24 AM, Sean Mullan wrote:
>> Please review this change to the limited doPrivileged methods to check
>> that the passed-in access control context is authorized before using.
>>
>>      http://cr.openjdk.java.net/~mullan/webrevs/8021191/webrev.00/
>>
>> Thanks,
>> Sean
>



More information about the security-dev mailing list