RFR: JDK-8075706 : Policy implementation does not allow policy.provider to be on the class path

Mandy Chung mandy.chung at oracle.com
Fri May 1 16:33:24 UTC 2015



On 05/01/2015 05:48 AM, Sean Mullan wrote:
> Please review this change to use the system class loader to locate a 
> policy provider specified with the policy.provider security property. 
> The current implementation tries to load the provider using the 
> extension class loader. This will no longer work when the extension 
> mechanism is removed, which is proposed as part of JEP 220: 
> http://openjdk.java.net/jeps/220
>
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8075706/webrev.01/
>

Looks okay.

Nit: line 208-209 - this is rather hard to read.   probably worth some 
cleanup/adjustment.

CustomPolicy.implies

   50         if (pd == policyPd) {
   51             return true;
   52         }

This is okay for the test.  Just for my understanding, for real world 
custom policy, should it check the code source in case the sensitive 
operation triggering a permission check involving other classes?

Mandy


More information about the security-dev mailing list