[RFC][IcedTea-Web]: Change #4 (PersistenceService) of new JNLP specification (v7.0)
omajid at redhat.com
Wed Jun 8 12:59:06 PDT 2011
On 06/08/2011 03:34 PM, Deepak Bhole wrote:
> * Saad Mohammad<smohammad at redhat.com> [2011-06-08 15:18]:
>> This is the patch that allows any trusted application to have access
>> to any PersistenceService data (including ones from other hosts). It
>> is part of the new JNLP specification, and is stated under change #4 (http://jcp.org/aboutJava/communityprocess/maintenance/jsr056/jnlp-7_0-changes.html).
>> This patch is very simple, it uses a custom method [a modified
>> version of ServiceUtil.checkAccess()] to validate whether the
>> current application is trusted and has a signature.
> Also, is the checkSigned function actually needed? ApplicationInstance
> has an isSigned() method and if app is not null, you can use it
I think checkSigned is needed. Weren't you the one who pointed out that
relying on isSigned() is not enough?
More information about the distro-pkg-dev