<AWT Dev> RfR JDK-8051626 Rework security restrictions of Java Access Bridge and related Utilities

Sergey Bylokhov Sergey.Bylokhov at oracle.com
Thu Jul 16 10:19:06 UTC 2015


The fix looks fine.

On 16.07.15 0:42, Pete Brunet wrote:
> An update is available and mostly changes only the test case,
> Bug8151626.java.  The other change is to remove jtreg.security.policy.
>
> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.01/
>
> Changes:
>
>  From Sean
> - The jtreg @run statement was removed; don't specify security manager
> or security policy.
> - Remove jtreg.security.policy
> - Add System.setSecurityManager(new SecurityManager()); to the beginning
> of the code.
>
>  From Sergey
> - Wrap test in invokeAndWait
> - Add frame.dispose in finally
> - Remove System.exit
>
> I also removed the Thread.sleep.  It doesn't appear to be needed.
>
> Pete
>
> On 7/14/15 5:00 AM, Sergey Bylokhov wrote:
>> Hi, Pete.
>> The fix looks fine, but you should tweak the test a little bit.
>>   - You access the swing components on non-EDT thread.
>>   - You should not use System.exit in the test.
>>   - The JFrame should be disposed before the end of the test.
>>
>> On 14.07.15 1:34, Pete Brunet wrote:
>>> Please review the webrev for
>>> https://bugs.openjdk.java.net/browse/JDK-8051626
>>>
>>> http://cr.openjdk.java.net/~ptbrunet/JDK-8051626/webrev.00/
>>>
>>> This is so the the Java Accessibility Utilities package,
>>> com.sun.java.accessibility.util, can be run with the security manager
>>> active but the non-public accessibility packages won't, i.e.
>>> com.sun.java.accessibility.internal and
>>> com.sun.java.accessibility.util.internal.
>>>
>>> Running the regression test proves that there will be a security
>>> exception when using a method of com.sun.java.accessibility.util before
>>> the fix but not after.
>>>
>>> Pete
>>


-- 
Best regards, Sergey.




More information about the security-dev mailing list