Fwd: RFR 7191662: JCE providers should be located via ServiceLoader

Valerie Peng valerie.peng at oracle.com
Wed May 27 22:35:46 UTC 2015


Sean,

FYI, I have asked the build team to review the makefile changes.

BTW, I changed java.security.Provider file to use @implSpec as Joe has 
suggested. In addition, I changed the getArgument() impl in 
OracleUcrypto provider + SunPKCS11 provider to only return the value if 
the caller has read permission to the file. I feel this is probably 
safer as we don't want to reveal the path (potential info leak) to 
untrusted callers. If the callers don't have the right permission, then 
"" is returned. If you prefer SecurityException be thrown, please let me 
know. I will need to update the CCC and the webrev.

Thanks,
Valerie

-------- Original Message --------
Subject: 	RFR 7191662: JCE providers should be located via ServiceLoader
Date: 	Wed, 27 May 2015 15:29:27 -0700
From: 	Valerie Peng <valerie.peng at oracle.com>
Organization: 	Oracle Corporation
To: 	build-dev at openjdk.java.net, Mandy Chung <mandy.chung at oracle.com>



Hi, build experts,

Can you please review the make file related change, i.e. the new file || 
*make/gensrc/Gensrc-java.naming.gmk*, in the following webrev:
http://cr.openjdk.java.net/~valeriep/7191662/webrev.01/

This is for merging the java.security.Provider file from various 
providers and use the (merged) result for the final image build.

The rest of source code changes are reviewed by my team already.
Thanks,
Valerie
(Java Security Team)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20150527/c49ed361/attachment-0001.html>


More information about the security-dev mailing list