<AWT Dev> RfR JDK-8051626 Rework security restrictions of Java Access Bridge and related Utilities

Mandy Chung mandy.chung at oracle.com
Thu Aug 13 18:16:17 UTC 2015 

Looks fine.
Mandy

On 08/13/2015 10:29 AM, Pete Brunet wrote:
> One final update from Mandy:
> - change test path to remove jdk.accessibility; only use package name
> for path
> - add @modules java.desktop jdk.accessibility
>
> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.03/
>
> Pete
>
> On 7/16/15 8:48 PM, Pete Brunet wrote:
>>  From Mandy:
>> - remove unused imports
>> - add @run main/othervm
>>
>> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.02/
>>
>> On 7/15/15 4:42 PM, Pete Brunet wrote:
>>> An update is available and mostly changes only the test case,
>>> Bug8151626.java.  The other change is to remove jtreg.security.policy.
>>>
>>> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.01/
>>>
>>> Changes:
>>>
>>>  From Sean
>>> - The jtreg @run statement was removed; don't specify security manager
>>> or security policy.
>>> - Remove jtreg.security.policy
>>> - Add System.setSecurityManager(new SecurityManager()); to the beginning
>>> of the code.
>>>
>>>  From Sergey
>>> - Wrap test in invokeAndWait
>>> - Add frame.dispose in finally
>>> - Remove System.exit
>>>
>>> I also removed the Thread.sleep.  It doesn't appear to be needed.
>>>
>>> Pete
>>>
>>> On 7/14/15 5:00 AM, Sergey Bylokhov wrote:
>>>> Hi, Pete.
>>>> The fix looks fine, but you should tweak the test a little bit.
>>>>   - You access the swing components on non-EDT thread.
>>>>   - You should not use System.exit in the test.
>>>>   - The JFrame should be disposed before the end of the test.
>>>>
>>>> On 14.07.15 1:34, Pete Brunet wrote:
>>>>> Please review the webrev for
>>>>> https://bugs.openjdk.java.net/browse/JDK-8051626
>>>>>
>>>>> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.00/
>>>>>
>>>>> This is so the the Java Accessibility Utilities package,
>>>>> com.sun.java.accessibility.util, can be run with the security manager
>>>>> active but the non-public accessibility packages won't, i.e.
>>>>> com.sun.java.accessibility.internal and
>>>>> com.sun.java.accessibility.util.internal.
>>>>>
>>>>> Running the regression test proves that there will be a security
>>>>> exception when using a method of com.sun.java.accessibility.util before
>>>>> the fix but not after.
>>>>>
>>>>> Pete

More information about the security-dev mailing list