RFR: JDK-8075706 : Policy implementation does not allow policy.provider to be on the class path

Mandy Chung mandy.chung at oracle.com
Mon May 4 17:15:18 UTC 2015



On 05/04/2015 05:31 AM, Sean Mullan wrote:
>
>> CustomPolicy.implies
>>
>>    50         if (pd == policyPd) {
>>    51             return true;
>>    52         }
>>
>> This is okay for the test.  Just for my understanding, for real world
>> custom policy, should it check the code source in case the sensitive
>> operation triggering a permission check involving other classes?
>
> Permissions are granted per ProtectionDomain (PD) so this is 
> sufficient. However, typically the policy provider would be in a 
> separate PD from other code (for example, by packaging it in a 
> separate JAR file), but this is sufficient for testing purposes. If 
> you remove the lines above from the test, you will get a 
> StackOverflowError.

Right this is sufficient for testing purpose.

My comment is only for my understanding of the internal implementation.  
I see that SecureClassLoader caches one ProtectionDomain per code source 
and so checking "==" PD instance works most of the cases (maybe all 
cases in practice) while a custom class loader could instantiate 
different PD objects to define classes from the same code source.  
Anyway, no change is needed for the test.

Mandy



More information about the security-dev mailing list