Review Request for 7026255 : Methods of Subject that throw SecurityException do not specify what permissions are required
Sean Mullan
sean.mullan at oracle.com
Fri Aug 15 18:52:20 UTC 2014
On 08/14/2014 10:49 AM, Xuelei Fan wrote:
> I meant to pointed out the modification permissions as well. As update
> to the returned value needs the related permissions as the following
> line talked about:
>
> 149 * <p> To modify the Principals Set, the caller must have
> 150 * {@code AuthPermission("modifyPrincipals")}.
> 151 * To modify the public credential Set, the caller must have
> 152 * {@code AuthPermission("modifyPublicCredentials")}.
> 153 * To modify the private credential Set, the caller must have
> 154 * {@code AuthPermission("modifyPrivateCredentials")}.
Yes, I understand the comment now. I have fixed it, but I had to adjust
the wording a bit. getPrivateCredentials() now says:
* <p> If a security manager is installed, the caller must have a
* {@link AuthPermission#AuthPermission(String)
* AuthPermission("modifyPrivateCredentials")} permission to modify
* the returned set, or a {@code SecurityException} will be thrown.
*
* <p> While iterating through the {@code Set},
* a {@code SecurityException} is thrown if a security manager is
installed
* and the caller does not have a {@link PrivateCredentialPermission}
* to access a particular Credential. The {@code Iterator}
* is nevertheless advanced to the next element in the {@code Set}.
I also added a similar paragraph as the first above to the
getPublicCredentials() and getPrincipals() methods.
Updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/7026255/webrev.02/
--Sean
More information about the security-dev
mailing list