[14] RFR(M) 8185139: [Graal] Tests which set too restrictive security manager fail with Graal
Daniel Fuchs
daniel.fuchs at oracle.com
Fri Jun 21 16:29:33 UTC 2019
Hi Sean,
On 21/06/2019 15:36, Sean Mullan wrote:
> Ok, I see that is challenging, and I understand why you had to do that.
> You probably could have done something similar by breaking up the test
> into multiple classes in separate directories (or jars) with different
> ProtectionDomains, but that would require a bit of work, and maybe it is
> overkill. But I think then you could probably use the JDK Policy
> provider with a single policy file. (I'm not suggesting doing this right
> now, just was wondering if you considered this).
>
Yes - I considered it - but then it makes the test much
more difficult to understand (as its logic is split over
several files) - and requires either invoking
the compiler from within the test or moving classes around
after jtreg has compiled them in a @driver command so that
you can actually have different codesource locations.
Using a custom Policy implementation looked much simpler at the time.
And when you've done it once - well - copy & paste is your friend...
If there comes a time where having a custom policy implementation
becomes a maintenance issue and a technical debt then we/I will need
to take what time is required to revisit. But I'd rather not do it
if it's not a necessity.
best regards,
-- daniel
More information about the security-dev
mailing list