RFR: JDK-8075706 : Policy implementation does not allow policy.provider to be on the class path
Mandy Chung
mandy.chung at oracle.com
Mon May 4 17:15:18 UTC 2015
On 05/04/2015 05:31 AM, Sean Mullan wrote:
>
>> CustomPolicy.implies
>>
>> 50 if (pd == policyPd) {
>> 51 return true;
>> 52 }
>>
>> This is okay for the test. Just for my understanding, for real world
>> custom policy, should it check the code source in case the sensitive
>> operation triggering a permission check involving other classes?
>
> Permissions are granted per ProtectionDomain (PD) so this is
> sufficient. However, typically the policy provider would be in a
> separate PD from other code (for example, by packaging it in a
> separate JAR file), but this is sufficient for testing purposes. If
> you remove the lines above from the test, you will get a
> StackOverflowError.
Right this is sufficient for testing purpose.
My comment is only for my understanding of the internal implementation.
I see that SecureClassLoader caches one ProtectionDomain per code source
and so checking "==" PD instance works most of the cases (maybe all
cases in practice) while a custom class loader could instantiate
different PD objects to define classes from the same code source.
Anyway, no change is needed for the test.
Mandy
More information about the security-dev
mailing list