RFR: 8338411: Implement JEP 486: Permanently Disable the Security Manager [v3]
Alexey Ivanov
aivanov at openjdk.org
Fri Oct 25 16:55:41 UTC 2024
On Fri, 25 Oct 2024 15:29:40 GMT, Alexey Ivanov <aivanov at openjdk.org> wrote:
>> test/jdk/javax/swing/UIDefaults/6622002/bug6622002.java line 1:
>>
>>> 1: /*
>>
>> Again, I'm unsure this test has a value after the security manager is removed. All it verifies is that whatever reflection is used in `UIDefaults.ProxyLazyValue` works.
>>
>> Anyway, the updated test doesn't verify the issue reported in the bug, which is to prevent instantiation of values using non-public classes.
>
> This doubt applies to all the tests which exercise lazy values or similar logic… without and *with* the security manager.
>
> Now, without the security manager, the problematic cases are no longer relevant; the common path *without* the SM remains unchanged and was never an issue.
>
> However, a more thorough analysis is required.
The tests with “Audit Core Reflection” in their summary fall into this category, we may consider removing them.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21498#discussion_r1817034884
More information about the serviceability-dev
mailing list