<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Sean.</p>
<p>Thanks for suggestion.</p>
New WebRev: <a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~akosarev/8154009/webrev.01/">http://cr.openjdk.java.net/~akosarev/8154009/webrev.01/</a><br>
<br>
There are only 2 changes from original one:<br>
1) <b>test/java/security/Security/EmptyPolicy.policy</b> was
updated in the way you proposed.<br>
2) I removed 2 tests from <b>test/ProblemList.txt</b>, which were
marked as failed due to JDK-8154009 (current fix).<br>
<br>
Best regards,<br>
Artem Kosarev.<br>
<br>
<b></b>
<div class="moz-cite-prefix">On 01.06.2016 17:03, Sean Mullan wrote:<br>
</div>
<blockquote cite="mid:574EEB38.50209@oracle.com" type="cite">I think
it would be helpful to add a comment to EmptyPolicy.policy so it
contains something, ex:
<br>
<br>
// empty policy file for testing
<br>
<br>
Otherwise, looks fine.
<br>
<br>
--Sean
<br>
<br>
On 05/30/2016 09:03 AM, Artem Kosarev wrote:
<br>
<blockquote type="cite">Hello.
<br>
<br>
Could you please review the proposed fix issue which is NOT
applicable
<br>
for JDK 9:
<br>
<br>
BUGURL: <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8154009">https://bugs.openjdk.java.net/browse/JDK-8154009</a>
<br>
WEBREV: <a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~akosarev/8154009/webrev.00/">http://cr.openjdk.java.net/~akosarev/8154009/webrev.00/</a>
<br>
<br>
PROBLEM:
<br>
**/AddProvider/, /RemoveProvider///& /GetProviders///methods
<br>
of*//**/java.security.Security/* class results in calling
<br>
/doLoadProvider /method of *ProviderConfig *class for each
Security
<br>
Provider.
<br>
And in this method we have a problem that it catches and
processes
<br>
*Exception*, but doesn't process *ExceptionInInitializerError
*which is
<br>
thrown in case of missing permissions:
<br>
permission java.lang.RuntimePermission
"loadLibrary.*";
<br>
permission java.io.FilePermission "<<ALL
FILES>>", "read";
<br>
permission java.lang.RuntimePermission
<br>
"accessClassInPackage.sun.security.*";
<br>
Those permissions are unavailable if we switch-off
<br>
*jre/lib/security/java.policy* file by running program with
option:
<br>
/-Djava.security.policy==<policy_file>/
<br>
<br>
FIX:
<br>
In JDK9 *ProviderConfig *class is changed in the scope of
<br>
JDK-8043406
<a class="moz-txt-link-rfc2396E" href="https://bugs.openjdk.java.net/browse/JDK-8043406"><https://bugs.openjdk.java.net/browse/JDK-8043406></a>
<br>
enhancement (that is why JDK-8154009 is not applicable for JDK
9).
<br>
And in order to fix above problem in JDK 8 we just require
to take
<br>
same changes for *ProviderConfig *class in JDK 9:
<br>
See changeset from JDK 9:
<br>
<a class="moz-txt-link-freetext" href="http://hg.openjdk.java.net/jdk9/dev/jdk/diff/7f8294841146/src/share/classes/sun/security/jca/ProviderConfig.java">http://hg.openjdk.java.net/jdk9/dev/jdk/diff/7f8294841146/src/share/classes/sun/security/jca/ProviderConfig.java</a>
<br>
<br>
REGRESSION TESTS:
<br>
2 existing tests (*AddProvider*, *RemoveStaticProvider*)
were used
<br>
and modified so that they provide testing for fixed situation
<br>
(additional permissions are not required any longer for
/AddProvider
<br>
/&**/RemoveProvider /methods.)
<br>
1 new test was written for checking /GetProviders /method
under
<br>
restricted permissions.
<br>
<br>
Changes were successfully tested by JPRT.
<br>
<br>
Best regards,
<br>
Artem Kosarev.
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>