RFR: 8283092: JMX subclass permission check redundant with strong encapsulation
Kevin Walls
kevinw at openjdk.java.net
Wed Mar 16 21:31:45 UTC 2022
On Wed, 16 Mar 2022 15:14:53 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Removing permission checks which, in the presence of a Security Manager, would check for a RuntimePermission "className.subclass". This was to prevent subclassing these classes, but is no longer necessary with strong encapsulation from modules.
>
> src/java.management/share/classes/sun/management/spi/PlatformMBeanProvider.java line 233:
>
>> 231: }
>> 232: return null;
>> 233: }
>
> I have verified in module-info.java that sun.management.spi is only conditionally exported so I agree that the explicit permission check can now be removed.
thanks
> src/jdk.management.agent/share/classes/jdk/internal/agent/spi/AgentProvider.java line 35:
>
>> 33:
>> 34: /**
>> 35: * Instantiates a new AgentProvider.
>
> This class should probably be removed altogether. I see that you logged [JDK-8283254](https://bugs.openjdk.java.net/browse/JDK-8283254) so this is fine.
Thanks Daniel - yes will get rid of this class soon, I'll keep these two actions in separate changes. 8-)
-------------
PR: https://git.openjdk.java.net/jdk/pull/7827
More information about the security-dev
mailing list