RFR 8159528: Deprivilege java.security.jgss, jdk.security.jgss and jdk.security.auth
Weijun Wang
weijun.wang at oracle.com
Mon Jul 11 08:15:48 UTC 2016
Hi All
Please review the code change at
dev: http://cr.openjdk.java.net/~weijun/8159528/dev/webrev.00
dev/jdk: http://cr.openjdk.java.net/~weijun/8159528/jdk/webrev.00
Some notes on the jdk changes:
1. java.policy: I just append the new grants to the end of the file
(before the common block). There seems to be no special order. Also, new
RFEs will be filed to refine the permissions granted.
2. KerberosSecrets.java and PrincipalName.java cannot get Unsafe as
before. I copied this hack from Nashorn.
3. The SSL.java test fails because of another bug [1]. Workaround added.
4. Other tests use the new java.security.policy @run option because the
system default java.policy must also be included.
Thanks
Max
[1] https://bugs.openjdk.java.net/browse/JDK-8161101
More information about the security-dev
mailing list