[8] Review Request for 8021191: Add isAuthorized check to limited doPrivileged methods
Sean Mullan
sean.mullan at oracle.com
Tue Oct 22 11:35:20 UTC 2013
On 10/21/2013 10:00 PM, Weijun Wang wrote:
> In AccessController.java, existing doc always has a "specified" between
> "the" and "{@code AccessControlContext}".
Fixed.
> BTW, maybe a little off-topic, I am not sure about the exact meaning of
> "with no permissions". jre/lib/security/java.policy has granted some
> permissions (e.g. reading "java.version") to everyone. Do the
> doPrivWithPerm methods honor them?
No, it is really executed with no permissions.
Thanks,
Sean
>
> No other comment.
>
> Thanks
> Max
>
> On 10/22/13 9:27 AM, Xuelei Fan wrote:
>> It's a behavior update. Looks fine to me.
>>
>> Xuelei
>>
>> On 10/19/2013 5:24 AM, Sean Mullan wrote:
>>> Please review this change to the limited doPrivileged methods to check
>>> that the passed-in access control context is authorized before using.
>>>
>>> http://cr.openjdk.java.net/~mullan/webrevs/8021191/webrev.00/
>>>
>>> Thanks,
>>> Sean
>>
More information about the security-dev
mailing list