[External] : Re: JEP 411, removal of finalizers, a path forward.

Peter Firmstone peter.firmstone at zeus.net.au
Wed Aug 4 00:19:03 UTC 2021


Excellent, Ron, that's exactly what I'm after.

I need to be able to implement an authorization layer on top of the JDK, 
but reach down into the JDK to use authorization to control access.

Can we find out how many such checks that OpenJDK is prepared to 
support, then we will pick the most important?

Don't worry about ClassLoader, I can instrument that (thank you Erik), 
and maybe I can instrument Properties, and System.exit. So basically 
things we can't easily instrument with agents, that everybody is most 
likely to want.

  * Network access
  * File System access
  * User Credentials

Maybe we should have a mailing list dedicated to this where we can 
discuss and potentially collaborate?

Regards,

Peter.

On 3/08/2021 10:15 pm, Ron Pressler wrote:
>
>> On 3 Aug 2021, at 12:50, Peter Firmstone <peter.firmstone at zeus.net.au> wrote:
>>
>> Can you think of any workable alternative compromises?
> If you mean a compromise between no access checks in the JDK and all access checks in the JDK, then yes,
> which is possibly some callbacks for a small subset of operations that perform access checks today,
> say, System.exit and opening a file or socket. I am not saying this is what should be done, but that the
> effort involved is such that I can conceivably see those whose responsibility this would be agreeing to
> consider it, as the value in such a mechanism might end up being worthy of that amount of effort. But I’m
> guessing that the more such hooks are requested, the less likely it is that the cost remains acceptable.
>
> — Ron



More information about the jdk-dev mailing list