[icedtea-web] RFC: integrate jnlp authenticator into rest of security system
omajid at redhat.com
Mon Dec 20 10:38:39 PST 2010
On 12/20/2010 01:26 PM, Dr Andrew John Hughes wrote:
> On 13:15 Mon 20 Dec , Omair Majid wrote:
>> The attached patches further integrates JNLPAuthenticator and
>> PasswordAuthenticationDialog into icedtea-web. The patches shows the
>> dialogs using the secure thread, localizes strings, and removes
>> hardcoded mention of the icedteaplugin.
>> I have split the change into two patches: one deals with renaming files,
>> the other deals with the actual code changes.
>> The first patch renames classes to ensure consistency. It contains no
>> functional changes (other than those required for renaming). The class
>> net.sourceforge.jnlp.security.SecurityWarning is renamed to
>> net.sourceforge.jnlp.security.SecurityWarningDialog is renamed to
>> net.sourceforge.jnlp.security.SecurityDialog and
>> net.sourceforge.jnlp.security.PasswordAuthenticationDialog is renamed to
> What is the reason for the renaming? Could we not delay this until the 2.0 series?
Well, the SecurityWarning class should show security _warnings_. The
second patch modifies (the original) SecurityWarning and
SecurityWarningDialog classes to display authentication dialogs dialogs
(along with warning dialogs). An authentication dialog is not a warning,
and hence the rename.
In general, the idea is that anything sensitive that requires a GUI
dialog should be run through SecurityWarning/SecurityDialog.
If you think that we we should hold off the rename, I am fine with that.
The names of classes might be misleading/awkward for a while then.
More information about the distro-pkg-dev