RFR: 8316964: Security tools should not call System.exit [v3]
Weijun Wang
weijun at openjdk.org
Mon Oct 16 14:35:36 UTC 2023
On Fri, 13 Oct 2023 23:58:58 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> typo
>
> src/java.security.jgss/windows/classes/sun/security/krb5/internal/tools/Ktab.java line 82:
>
>> 80: }
>> 81:
>> 82: private static class ExitException extends RuntimeException {
>
> If we want to use ExitException as internal exception, perhaps it's easier to not extending RuntimeException? This way we can rely on compiler to flag all methods which throw it and handle it accordingly.
Well, not sure if makes code simpler. For the 3 tools where `ExitException` is used, all `run` methods explicitly catch it and returns the exit code. Therefore it's not likely to be ignored. On the other hand, if I make it a checked exception, I would need to add a lot (more than 10) of `throws ExitException` in methods where it could be thrown and they are noises to this code change. After all, `ExitException` is unrecoverable and IMO should be a `RuntimeException`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15951#discussion_r1360758084
More information about the security-dev
mailing list