Review Request for 7026255 : Methods of Subject that throw SecurityException do not specify what permissions are required

Xuelei Fan xuelei.fan at oracle.com
Wed Aug 13 01:44:46 UTC 2014


In the new file:

653-677, 719-721:
It would be nice to mention "if a security manager is installed," ...

656      * is thrown if the caller does not have the proper permissions.
Do we want to point out the actual modify permissions?

721      * <code>SecurityException</code> will be thrown.
---------------
Do you want to use the {@code SecurityException} style?

772~777
The words may be able to shorten as:
    @throws SecurityException if the caller does not have
            a {@link PrivateCredentialPermission} permission
            to access the private credentials for this or
            the provided {@code Subject}

1540     static class AuthPermissionHolder {
1541         static final AuthPermission DO_AS_PERMISSION =
1542             new AuthPermission("doAs");
I'm not sure why define this innner class.  Looks like this permissions
can be defined as static final variables.  Otherwise, it might be better
to define AuthPermissionHolder as static final class, or enum.

Otherwise, looks fine to me.

Xuelei

On 8/12/2014 11:08 PM, Sean Mullan wrote:
> This is a clarification in the javax.security.auth.Subject javadocs to
> indicate what permissions are required for methods that throw
> SecurityException:
> 
> http://cr.openjdk.java.net/~mullan/webrevs/7026255/webrev.00/
> 
> I also took the opportunity to fix a couple of other minor issues: added
> @Override annotations, removed spurious <p> tags, and changed @exception
> to @throws.
> 
> Thanks,
> Sean



More information about the security-dev mailing list