RFR: 8356557: Update CodeSource::implies API documentation and deprecate java.net.SocketPermission class for removal [v2]

Jaikiran Pai jpai at openjdk.org
Fri Jul 18 14:39:53 UTC 2025 

On Thu, 17 Jul 2025 16:55:50 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> After you mentioned this detail, I read this doc in its entirety. Would something like the following be a bit more clear:
>> 
>> 
>> 
>> *     <li>  If this object's host (getLocation().getHost()) is not null,
>> *           then the following checks are made in that order and if any
>> *           of these checks are satisfied, then return true:
>> *           <ol>
>> *           <li> If this object's host was initialized with a single IP
>> *           address then one of <i>codesource</i>'s IP addresses must be
>> *           equal to this object's IP address.
>> *           <li> If this object's host is a wildcard domain (such as
>> *           *.example.com), then <i>codesource</i>'s canonical host name
>> *           (the name without any preceding *) must end with this object's
>> *           canonical host name. For example, *.example.com implies
>> *           *.foo.example.com.
>> *           <li> If this object's host was not initialized with a single
>> *           IP address, then one of this object's IP addresses must equal
>> *           one of <i>codesource</i>'s IP addresses.
>> *           <li> This object's canonical host name must equal <i>codesource</i>'s
>> *           canonical host name.
>> 
>> 
>> 
>> 
>> Also note that, in the above text I used `<ol>` instead of `<ul>` to show the ordering intent. However, if the use of `<ul>` was intentional for better rendering, then that's fine too.
>
> It's not the same logic. Even if the checks above pass, `implies()` does not return true yet, it still has to process the rules after that. I think you could say "... and if any of these checks are not satisfied, then return false" but that is somewhat redundant with the first sentence of `implies()`: "More specifically, this method makes the following checks. If any fail, it returns false. If they all succeed, it returns true."

Hello Sean, i gave it some more thought about the wording and I can't think of anything that's more easier to read or explain. So I think what you have here is fine.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26300#discussion_r2216205621

More information about the security-dev mailing list