<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt>Sean, John, Joe,<br>
<br>
</tt><tt>Can you review this fix to</tt><tt> deprecates</tt><tt> the
<code>SecurityManager.checkMemberAccess</code><br>
method </tt><tt>as proposed in <a class="moz-txt-link-freetext" href="http://openjdk.java.net/jeps/176">http://openjdk.java.net/jeps/176</a>?</tt><br>
<tt><br>
<tt>Webrev at:</tt><br>
<tt><tt>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~mchung/jdk8/webrevs/8007035/webrev.00">http://cr.openjdk.java.net/~mchung/jdk8/webrevs/8007035/webrev.00</a><br>
<br>
</tt></tt></tt><tt>Specdiff:</tt><br>
<tt><tt><tt><tt> <tt><tt>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~mchung/jdk8/webrevs/8007035/specdiff">http://cr.openjdk.java.net/~mchung/jdk8/webrevs/8007035/specdiff</a></tt></tt></tt><br>
</tt></tt></tt><tt><br>
The <code>checkMemberAccess</code> method requires the caller’s
frame to be <br>
at a stack depth of four, which is fragile and difficult to
enforce. <br>
</tt><tt><tt></tt><br>
The fix deprecates the SecurityManager.checkMemberAccess method
and <br>
will throw an exception unconditionally in a future release.</tt><tt>
There <br>
are several methods in java.lang.Class and the class spec of
java.lang.invoke.MethodHandles.Lookup in the JDK specify to call<br>
SecurityManager.checkMemberAccess. The spec and implementation
are</tt><tt><tt><br>
updated to do the appropriate permission check.</tt><br>
<br>
</tt><tt><tt>SecurityManager.checkMemberAccess is not final and it
can be overridden<br>
by a subclass.</tt></tt><tt><tt> However, we believe a
SecurityManager </tt></tt><tt><tt><tt>subclass <br>
implementation that overrides the checkMemberAccess method and
behaves<br>
differently than the default implementation is very rare.
Thus<br>
we decide not to handle the SecurityManager subclass case that<br>
overrids the checkMemberAccess method with this fix and the
compatibility<br>
risk should be low.<br>
<br>
Thanks<br>
Mandy<br>
</tt></tt> <br>
</tt>
</body>
</html>