A Bug in AccessControlContext.equals() and hashCode()?

David M. Lloyd david.lloyd at redhat.com
Mon Jun 16 14:40:18 UTC 2014

On 06/16/2014 09:19 AM, Frank Ding wrote:
> Hi Jeff,
>    Thanks for your reply.  One further question is that you confirmed
> that two AccessControlContext objects considered equal via method
> equals() should return same results for
> AccessControlContext.checkPermission() but test shows that 2
> AccessControlContext objects are equal regardless of isLimited,
> limitedContext, parent, permissions, or privilegedContext.  Does it make
> sense and apply to Java 8 AccessControlContext with JEP140?

Is it not true that a limited privileged context simply adds a 
protection domain that restricts permissions to the limited set?  This 
seems to be the "obvious" implementation of the feature.

If so, then equals() should have taken it into account as a matter of 

More information about the security-dev mailing list