Review Request for 7026255 : Methods of Subject that throw SecurityException do not specify what permissions are required

Sean Mullan sean.mullan at
Fri Aug 15 18:52:20 UTC 2014

On 08/14/2014 10:49 AM, Xuelei Fan wrote:
> I meant to pointed out the modification permissions as well.  As update
> to the returned value needs the related permissions as the following
> line talked about:
>   149      * <p> To modify the Principals Set, the caller must have
>   150      * {@code AuthPermission("modifyPrincipals")}.
>   151      * To modify the public credential Set, the caller must have
>   152      * {@code AuthPermission("modifyPublicCredentials")}.
>   153      * To modify the private credential Set, the caller must have
>   154      * {@code AuthPermission("modifyPrivateCredentials")}.

Yes, I understand the comment now. I have fixed it, but I had to adjust 
the wording a bit. getPrivateCredentials() now says:

      * <p> If a security manager is installed, the caller must have a
      * {@link AuthPermission#AuthPermission(String)
      * AuthPermission("modifyPrivateCredentials")} permission to modify
      * the returned set, or a {@code SecurityException} will be thrown.
      * <p> While iterating through the {@code Set},
      * a {@code SecurityException} is thrown if a security manager is 
      * and the caller does not have a {@link PrivateCredentialPermission}
      * to access a particular Credential.  The {@code Iterator}
      * is nevertheless advanced to the next element in the {@code Set}.

I also added a similar paragraph as the first above to the 
getPublicCredentials() and getPrincipals() methods.

Updated webrev:


More information about the security-dev mailing list