RFR: JDK-8075706 : Policy implementation does not allow policy.provider to be on the class path
Alan Bateman
Alan.Bateman at oracle.com
Mon May 4 14:55:10 UTC 2015
On 01/05/2015 13:48, Sean Mullan wrote:
> Please review this change to use the system class loader to locate a
> policy provider specified with the policy.provider security property.
> The current implementation tries to load the provider using the
> extension class loader. This will no longer work when the extension
> mechanism is removed, which is proposed as part of JEP 220:
> http://openjdk.java.net/jeps/220
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8075706/webrev.01/
The change looks okay but I wonder if there is an opportunity to do some
clean-up.
One thing that is a bit icky is the catching of Exception for the case
that the policy class is loaded by boot loader but it can't be
instantiated for some reason. It might be better to replace this with
Class.forName(policy_class, false, null) and only fallback to trying
again with the SCL if CNFE is thrown. That way you could have once place
to instantiate the policy class and log the exception if it fails.
-Alan.
More information about the security-dev
mailing list