Low level hooks in JDK for instrumentation of permission checks.

Peter Firmstone peter.firmstone at zeus.net.au
Thu Jun 10 02:49:09 UTC 2021

Hi Sean,

Sorry I've confused you.

What I should have said is a ProtectionDomain with a null CodeSource.

What I mean to ask is, where ProtectionDomain is created with a null 
CodeSource, in Class::getProtectionDomain() can we have CodeSource's 
that represents system modules instead of null?

A CodeSource with URL's like jrt:/jdk.* or jrt:/java.*  for system modules?

Hopefully my comments below will make a little more sense now.



On 10/06/2021 1:07 am, Sean Mullan wrote:
> On 6/8/21 9:35 PM, Peter Firmstone wrote:
>> I would also like to request that all JDK modules be given 
>> ProtectionDomain's following SecurityManager deprecation. Currently 
>> some modules have null ProtectionDomain's to show they have 
>> AllPermission.  However we don't grant AllPermission to code in 
>> practise, we like to grant certain Permission's to Principal's, not 
>> code, where the Principal is the source of data, indicating the user 
>> has been authenticated and we only grant what's necessary and no more.
> As described in JEP 411, there are no plans to deprecate 
> ProtectionDomain at this time.
> --Sean

More information about the jdk-dev mailing list