Review Request: 8150468: ClassCircularityError on error in security policy file
Sean Mullan
sean.mullan at oracle.com
Tue May 10 17:53:50 UTC 2016
On 5/9/16 6:20 PM, Mandy Chung wrote:
>
>> On May 6, 2016, at 11:43 AM, Sean Mullan <sean.mullan at oracle.com>
>> wrote:
>>
>> Please review this fix for
>> https://bugs.openjdk.java.net/browse/JDK-8150468:
>>
>> http://cr.openjdk.java.net/~mullan/webrevs/8150468/webrev.00/
>>
>> The fix is to record bad policy files as they are parsed and ignore
>> them during any subsequent permission checks.
>
> Looks okay.
>
> PolicyFile::init catches ParsingException that always calls
> ParsingException::getLocalizedMessage and prints the localized
> message. Is that necessary? We don’t typically localize the
> exception message if thrown at runtime.
That's a good question. My initial thought was to simply not localize
the exception message: problem solved. But then I noticed that
PolicyFile prints the exception message to System.err, which is probably
why it is localized:
} catch (PolicyParser.ParsingException pe) {
MessageFormat form = new MessageFormat(ResourcesMgr.getString
(POLICY + ".error.parsing.policy.message"));
Object[] source = {policy, pe.getLocalizedMessage()};
System.err.println(form.format(source));
if (debug != null)
pe.printStackTrace();
I could remove the printing to System.err (which is generally frowned on
anyway), but it has worked this way for a long time, so I don't want to
change it.
--Sean
More information about the security-dev
mailing list