<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello.<br>
<br>
Could you please review the proposed fix issue which is NOT
applicable for JDK 9:<br>
<br>
BUGURL: <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8154009">https://bugs.openjdk.java.net/browse/JDK-8154009</a><br>
WEBREV: <a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~akosarev/8154009/webrev.00/">http://cr.openjdk.java.net/~akosarev/8154009/webrev.00/</a><br>
<br>
PROBLEM:<br>
<b> </b><i>AddProvider</i>, <i>RemoveProvider</i><i> </i>&
<i>GetProviders</i><i> </i>methods of<b><i> </i></b><b><i>java.security.Security</i></b>
class results in calling <i>doLoadProvider </i>method of <b>ProviderConfig
</b>class for each Security Provider.<br>
And in this method we have a problem that it catches and
processes <b>Exception</b>, but doesn't process <b>ExceptionInInitializerError
</b>which is thrown in case of missing permissions:<br>
permission java.lang.RuntimePermission "loadLibrary.*";
<br>
permission java.io.FilePermission "<<ALL
FILES>>", "read"; <br>
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.*"; <br>
Those permissions are unavailable if we switch-off <b>jre/lib/security/java.policy</b>
file by running program with option: <i>-Djava.security.policy==<policy_file></i><br>
<br>
FIX:<br>
In JDK9 <b>ProviderConfig </b>class is changed in the scope of
<a href="https://bugs.openjdk.java.net/browse/JDK-8043406">JDK-8043406</a>
enhancement (that is why JDK-8154009 is not applicable for JDK 9).<br>
And in order to fix above problem in JDK 8 we just require to
take same changes for <b>ProviderConfig </b>class in JDK 9:<br>
See changeset from JDK 9:<br>
<a class="moz-txt-link-freetext" href="http://hg.openjdk.java.net/jdk9/dev/jdk/diff/7f8294841146/src/share/classes/sun/security/jca/ProviderConfig.java">http://hg.openjdk.java.net/jdk9/dev/jdk/diff/7f8294841146/src/share/classes/sun/security/jca/ProviderConfig.java</a><br>
<br>
REGRESSION TESTS:<br>
2 existing tests (<b>AddProvider</b>, <b>RemoveStaticProvider</b>)
were used and modified so that they provide testing for fixed
situation (additional permissions are not required any longer for <i>AddProvider
</i>&<b> </b><i>RemoveProvider </i>methods.)<br>
1 new test was written for checking <i>GetProviders </i>method
under restricted permissions.<br>
<br>
Changes were successfully tested by JPRT.<br>
<br>
Best regards,<br>
Artem Kosarev.<br>
</body>
</html>