[External] : Re: JEP 411, removal of finalizers, a path forward.
peter.firmstone at zeus.net.au
Wed Aug 4 01:23:47 UTC 2021
Maybe we need some criteria, that defines what's not easily instrumented?
On 4/08/2021 10:19 am, Peter Firmstone wrote:
> Excellent, Ron, that's exactly what I'm after.
> I need to be able to implement an authorization layer on top of the
> JDK, but reach down into the JDK to use authorization to control access.
> Can we find out how many such checks that OpenJDK is prepared to
> support, then we will pick the most important?
> Don't worry about ClassLoader, I can instrument that (thank you Erik),
> and maybe I can instrument Properties, and System.exit. So basically
> things we can't easily instrument with agents, that everybody is most
> likely to want.
> * Network access
> * File System access
> * User Credentials
> Maybe we should have a mailing list dedicated to this where we can
> discuss and potentially collaborate?
> On 3/08/2021 10:15 pm, Ron Pressler wrote:
>>> On 3 Aug 2021, at 12:50, Peter Firmstone<peter.firmstone at zeus.net.au> wrote:
>>> Can you think of any workable alternative compromises?
>> If you mean a compromise between no access checks in the JDK and all access checks in the JDK, then yes,
>> which is possibly some callbacks for a small subset of operations that perform access checks today,
>> say, System.exit and opening a file or socket. I am not saying this is what should be done, but that the
>> effort involved is such that I can conceivably see those whose responsibility this would be agreeing to
>> consider it, as the value in such a mechanism might end up being worthy of that amount of effort. But I’m
>> guessing that the more such hooks are requested, the less likely it is that the cost remains acceptable.
>> — Ron
0498 286 363
Zeus Project Services Pty Ltd.
More information about the jdk-dev