RFR: JDK-8290975 Minor cleanup could be done in javax.security

Sean Mullan mullan at openjdk.org
Wed Aug 3 15:03:43 UTC 2022


On Wed, 27 Jul 2022 20:24:19 GMT, Mark Powers <mpowers at openjdk.org> wrote:

> https://bugs.openjdk.org/browse/JDK-8290975

src/java.base/share/classes/javax/security/auth/PrivateCredentialPermission.java line 130:

> 128:      * @serial
> 129:      */
> 130:     private final boolean testing = false;

This should really use java.security.debug so this tracing can be enabled at runtime, but that's probably more of a separate fix - feel free to file a separate issue.

src/java.base/share/classes/javax/security/auth/Subject.java line 28:

> 26: package javax.security.auth;
> 27: 
> 28: import sun.security.util.ResourcesMgr;

I suggest putting the internal imports below the java.*  or other standard imports. This isn't a rule, but is more consistent with other code.

src/java.base/share/classes/javax/security/auth/Subject.java line 854:

> 852:      *
> 853:      * <p> If a security manager is installed, the caller must have a
> 854:      * {@link PrivateCredentialPermission} to access all the requested

Hmm. I think the previous text was more correct/readable.

src/java.base/share/classes/javax/security/auth/callback/NameCallback.java line 45:

> 43:      * @since 1.4
> 44:      */
> 45:     private final String prompt;

I think you can also mark `defaultName` final.

src/java.base/share/classes/javax/security/auth/callback/TextInputCallback.java line 46:

> 44:      * @since 1.4
> 45:      */
> 46:     private final String prompt;

I think you can also mark `defaultText` final.

src/java.base/share/classes/javax/security/auth/x500/X500Principal.java line 94:

> 92:      * NOTE: The constructor is package private. It is intended to be accessed
> 93:      * using privileged reflection from classes in sun.security.*.
> 94:      * Currently, referenced from sun.security.x509.X500Name.asX500Principal().

Change to "Currently, it is referenced from ..."

-------------

PR: https://git.openjdk.org/jdk/pull/9664


More information about the security-dev mailing list