Low level hooks in JDK for instrumentation of permission checks.

Peter Firmstone peter.firmstone at zeus.net.au
Sun Jun 13 10:34:32 UTC 2021

Thanks Alan,

I've been thinking that it may be preferable to have hooks that allowed 
us to inject our own permission checks, rather than retaining existing 
permission checks.

An implementation can override Guard::check without requiring a provider 

The other advantage is the ability to customize Permission 
implementations, such as allowing address ranges in a SocketPermission 
implementation and not consulting DNS to resolve host names.



On 10/06/2021 11:55 pm, Alan Bateman wrote:
> On 10/06/2021 07:40, Peter Firmstone wrote:
>> Just a quick question, would it be possible that some JFR hooks might 
>> also be useable for an authorisation layer?
> JFR events can't be used to intercept/veto operations, assuming that 
> is what you are asking. However, it might be that JFR events are 
> monitored as part of some overall security approach that takes into 
> account events recorded for health, performance, or troubleshooting 
> purposes.
> -Alan

Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.

More information about the jdk-dev mailing list