RFR [13]: 8218618: Program fails when using JDK addressed by UNC path and using Security Manager

Weijun Wang weijun.wang at oracle.com
Wed Mar 6 00:50:36 UTC 2019


The fix looks fine to me.

However, is PolicyUtil::getInputStream correct? Will it cause any problem when a UNC path is used in -Djava.security.policy?

I've seen several code changes around UNC recently. Wonder if we've finally fix it and PolicyUtil::getInputStream can always call url.openStream() now. I've added core-libs-dev at o.j.n, maybe someone there can give a clear answer.

Thanks,
Max

> On Mar 6, 2019, at 3:53 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> Please review this fix to a regression introduced in JDK 9. An application run with a SecurityManager and using a JDK that is accessed over the network using a UNC path fails to startup and throws an InternalError.
> 
> The fix is to load default.policy as a regular File rather than a URL (URLs are only necessary for policy files configured in the java.security file). No regression test because it involves a manual setup (noreg-hard).
> 
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8218618/webrev.00/
> bugid: https://bugs.openjdk.java.net/browse/JDK-8218618
> 
> --Sean




More information about the security-dev mailing list