Trusted service?

Alan Bateman Alan.Bateman at oracle.com
Mon Aug 25 07:07:50 UTC 2014


On 22/08/2014 09:09, Wang Weijun wrote:
> :
>
> Great, this works for me.
>
> But why does it need to be called in a doPrivileged() block? Isn't it only about JDK-internal classes/resources?
>
>
It's a public API so it can be used by anyone. The question about 
privileges and limiting them is a good question. Part of the issue is 
that still have scanning of the extension and boot class paths, the 
other is that some service providers require a permission to instantiate 
or else do something in their initialization that requires permissions.

-Alan


More information about the security-dev mailing list