RFR: JDK-8075706 : Policy implementation does not allow policy.provider to be on the class path
Mandy Chung
mandy.chung at oracle.com
Fri May 1 16:33:24 UTC 2015
On 05/01/2015 05:48 AM, Sean Mullan wrote:
> Please review this change to use the system class loader to locate a
> policy provider specified with the policy.provider security property.
> The current implementation tries to load the provider using the
> extension class loader. This will no longer work when the extension
> mechanism is removed, which is proposed as part of JEP 220:
> http://openjdk.java.net/jeps/220
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8075706/webrev.01/
>
Looks okay.
Nit: line 208-209 - this is rather hard to read. probably worth some
cleanup/adjustment.
CustomPolicy.implies
50 if (pd == policyPd) {
51 return true;
52 }
This is okay for the test. Just for my understanding, for real world
custom policy, should it check the code source in case the sensitive
operation triggering a permission check involving other classes?
Mandy
More information about the security-dev
mailing list