RFR:8159526 Deprivilege jdk.httpserver
vyom.tewari at oracle.com
Wed Sep 13 07:29:55 UTC 2017
On Tuesday 12 September 2017 09:16 PM, Sean Mullan wrote:
> On 9/12/17 4:06 AM, vyom tewari wrote:
>> Please review the below code change.
>> BugId: https://bugs.openjdk.java.net/browse/JDK-8159526
> Can you put the entry for jdk.httpserver after jdk.dynalink so you
> maintain the alphabetical ordering?
sure will do that.
> Also, are there any tests for the jdk.httpserver module that use the
> SecurityManager? It would be good to have at least one test that
> checks that it properly gets granted AllPermission when doing
> something security-sensitive (it seems like nothing should go wrong,
> but ...).
i found more then 70 entrys when i search jdk.httpserver in code base, i
will double check if we have any test which use the SecurityManager.
>> Code change will De-privilege jdk.httpserver, we gave
>> "jdk.httpserver" all permission for now.
More information about the core-libs-dev