RFR: 8290368: Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation [v5]

[Roger Riggs]

On Fri, 14 Oct 2022 17:27:34 GMT, Aleksei Efimov <aefimov at openjdk.org> wrote:

>> src/java.base/share/conf/security/java.security line 1388:
>> 
>>> 1386: # are unused.
>>> 1387: #
>>> 1388: # Each class name pattern is matched against the factory class name to allow or disallow its
>> 
>> It appears that for those protocols for which there is no specific filter, a factory class will be accepted only if the global filter returns ALLOWED - which contradicts what is written here (where it says that the class is allowed if it's not REJECTED). Is this something that has changed with this fix - or was the documentation wrong before?
>
> Very good catch Daniel! It is with this fix and I believe the code needs to be change to match what is written for the global filter here:
> What we've had before in `checkInput`:
> 
>     private static boolean checkInput(FactoryInfo factoryInfo) {
>         Status result = GLOBAL.checkInput(factoryInfo);
>         return result != Status.REJECTED;
> 
> What we have now:
> 
>         if (filter == GLOBAL_FILTER) {
>             return globalResult == Status.ALLOWED;
>         }
> 
> 
> I think it needs to be changed to (to match the description for global filter):
> 
>         if (filter == GLOBAL_FILTER) {
>             return globalResult != Status.REJECTED;
>         }

In the general composition of filters, it is preferable that UNDECIDED is treated as REJECTED.
That keeps unintentional holes in a filter from being permissive.

-------------

PR: https://git.openjdk.org/jdk/pull/10578