[9] request for review: 8048147: Privilege tests with JAAS Subject.doAs

Wang Weijun weijun.wang at oracle.com
Tue Mar 17 09:39:13 UTC 2015

Hi Artem

The tests are good but I am thinking if we can simplify them.

There are too many duplicate actions here, for example, packing the same classes again and again to the same jar file, and the 4 ***Test.java files are quite similar. Is it possible to create a single Test.java to do everything in a single main()?

Is it possible to convert javac calls to @compile or @build? Is it possible to convert jar calls to ZipOutputStream calls in the same VM? Or maybe instead of using jar files is it possible to put the classes into different sub-directories and point classpath to them? Is it possible to convert java calls to @run?

Finally, you create a new nested directory. Is it because there is already a "doAs" there? I'd rather see a doAs2 containing these new tests. The new Utils.java can also be put inside this directory.

BTW, the auth.policy file was so old and I wonder if we still need to test it.


> On Mar 16, 2015, at 18:47, Artem Smotrakov <artem.smotrakov at oracle.com> wrote:
> Hello,
> Please review a couple of new tests for privilege checks on Subject.doAs().
> https://bugs.openjdk.java.net/browse/JDK-8048147
> http://cr.openjdk.java.net/~asmotrak/8048147/webrev.00/
> Artem

More information about the security-dev mailing list