<AWT Dev> RfR JDK-8051626 Rework security restrictions of Java Access Bridge and related Utilities

Pete Brunet peter.brunet at oracle.com
Thu Aug 13 17:29:31 UTC 2015


One final update from Mandy:
- change test path to remove jdk.accessibility; only use package name
for path
- add @modules java.desktop jdk.accessibility

http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.03/

Pete

On 7/16/15 8:48 PM, Pete Brunet wrote:
> From Mandy:
> - remove unused imports
> - add @run main/othervm
>
> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.02/
>
> On 7/15/15 4:42 PM, Pete Brunet wrote:
>> An update is available and mostly changes only the test case,
>> Bug8151626.java.  The other change is to remove jtreg.security.policy.
>>
>> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.01/
>>
>> Changes:
>>
>> From Sean
>> - The jtreg @run statement was removed; don't specify security manager
>> or security policy.
>> - Remove jtreg.security.policy
>> - Add System.setSecurityManager(new SecurityManager()); to the beginning
>> of the code.
>>
>> From Sergey
>> - Wrap test in invokeAndWait
>> - Add frame.dispose in finally
>> - Remove System.exit
>>
>> I also removed the Thread.sleep.  It doesn't appear to be needed.
>>
>> Pete
>>
>> On 7/14/15 5:00 AM, Sergey Bylokhov wrote:
>>> Hi, Pete.
>>> The fix looks fine, but you should tweak the test a little bit.
>>>  - You access the swing components on non-EDT thread.
>>>  - You should not use System.exit in the test.
>>>  - The JFrame should be disposed before the end of the test.
>>>
>>> On 14.07.15 1:34, Pete Brunet wrote:
>>>> Please review the webrev for
>>>> https://bugs.openjdk.java.net/browse/JDK-8051626
>>>>
>>>> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.00/
>>>>
>>>> This is so the the Java Accessibility Utilities package,
>>>> com.sun.java.accessibility.util, can be run with the security manager
>>>> active but the non-public accessibility packages won't, i.e.
>>>> com.sun.java.accessibility.internal and
>>>> com.sun.java.accessibility.util.internal.
>>>>
>>>> Running the regression test proves that there will be a security
>>>> exception when using a method of com.sun.java.accessibility.util before
>>>> the fix but not after.
>>>>
>>>> Pete




More information about the security-dev mailing list