RFR: 8356557: Update CodeSource::implies API documentation and deprecate java.net.SocketPermission class for removal [v2]
Jaikiran Pai
jpai at openjdk.org
Thu Jul 17 14:08:50 UTC 2025
On Thu, 17 Jul 2025 13:59:52 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> test/jdk/java/security/CodeSource/Implies.java line 65:
>>
>>> 63: thisURL = new URL("http", ia.getHostAddress(), "file");
>>> 64: thatURL = new URL("http", ia.getHostName(), "file");
>>> 65: // ip address should imply host name with same ip address
>>
>> The specification speaks about IP addresses, specifically:
>>
>>> If this object was initialized with a single IP address and one of <i>p</i>'s IP addresses is equal to this object's IP address.
>>
>> So is this test for implying a IP address against a host name valid?
>
> Yes, it is checking that [the locations specified as ip address and hostname are the same](https://github.com/openjdk/jdk/blob/5ed72775a775d6c96be6de7d9540dc0a80cdd67b/src/java.base/share/classes/java/security/CodeSource.java#L398). This isn't testing any of the `SocketPermission` rules, but I thought it would be useful to add it as a test as I didn't find any existing `CodeSource` tests that checked for that condition.
I see. Looks fine to me then. I hadn't paid attention that this behaviour is from the `CodeSource's` existing specification rather than from what it was borrowing from `SocketPermission`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26300#discussion_r2213448987
More information about the security-dev
mailing list