<AWT Dev> RfR JDK-8051626 Rework security restrictions of Java Access Bridge and related Utilities

Pete Brunet peter.brunet at oracle.com
Wed Jul 15 21:42:25 UTC 2015


An update is available and mostly changes only the test case,
Bug8151626.java.  The other change is to remove jtreg.security.policy.

http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.01/

Changes:

>From Sean
- The jtreg @run statement was removed; don't specify security manager
or security policy.
- Remove jtreg.security.policy
- Add System.setSecurityManager(new SecurityManager()); to the beginning
of the code.

>From Sergey
- Wrap test in invokeAndWait
- Add frame.dispose in finally
- Remove System.exit

I also removed the Thread.sleep.  It doesn't appear to be needed.

Pete

On 7/14/15 5:00 AM, Sergey Bylokhov wrote:
> Hi, Pete.
> The fix looks fine, but you should tweak the test a little bit.
>  - You access the swing components on non-EDT thread.
>  - You should not use System.exit in the test.
>  - The JFrame should be disposed before the end of the test.
>
> On 14.07.15 1:34, Pete Brunet wrote:
>> Please review the webrev for
>> https://bugs.openjdk.java.net/browse/JDK-8051626
>>
>> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.00/
>>
>> This is so the the Java Accessibility Utilities package,
>> com.sun.java.accessibility.util, can be run with the security manager
>> active but the non-public accessibility packages won't, i.e.
>> com.sun.java.accessibility.internal and
>> com.sun.java.accessibility.util.internal.
>>
>> Running the regression test proves that there will be a security
>> exception when using a method of com.sun.java.accessibility.util before
>> the fix but not after.
>>
>> Pete
>
>



More information about the security-dev mailing list