RFR: 8079140: IgnoreAllErrorHandler should use doPrivileged when it reads system properties
sean.mullan at oracle.com
Mon May 18 14:00:01 UTC 2015
This fix looks good but I would prefer that you did not use a lambda
expression for reading the system properties (lines 50-52) because
ideally this code needs to stay in sync with the Apache Santuario
implementation which still supports JDK 1.6 and up.
On 05/15/2015 02:23 PM, Artem Smotrakov wrote:
> Please review this fix for 9.
> If security manager is enabled, but "org.jcp.xml.dsig.secureValidation"
> property is off, IgnoreAllErrorHandler tries to read two system
> properties. If appropriate permissions are not granted, it fails with
> - updated IgnoreAllErrorHandler to read system properties in
> doPrivileged() method
> - added "final" and @Override annotations
> - added ErrorHandlerPermissions test
> Bug: https://bugs.openjdk.java.net/browse/JDK-8079140
> Webrev: http://cr.openjdk.java.net/~asmotrak/8079140/webrev.00/
More information about the security-dev