Reminder. Could you take look, please? Also I would like to clarify the purpose of the fallback mechanism introduced by the new version. The fallback code addresses the issue that users have not knowing what permission to grant because some connections, (e.g. HTTP) may be established by granting either URLPermission or SocketPermission and it is unclear what permission type is used for check by getImage() or createImage(). In fact this code fixes backward compatibility issue caused by switching from SocketPermission to URLPermission.
Thanks, Dmitry > On 1 Dec 2017, at 18:07, Dmitry Markov <dmitry.mar...@oracle.com> wrote: > > During the CSR review it was decided to update proposed fix. The new version > is located at http://cr.openjdk.java.net/~dmarkov/8154405/webrev.01/ > <http://cr.openjdk.java.net/~dmarkov/8154405/webrev.01/> > Could you review the new version, please? > > The list of changes: > - Updated the description of Toolkit.getImage(URL u) and > Toolkit.createImage(URL u) (made the wording less specific) > - Added some backward compatibility support to SunToolkit.checkPermission() > and to the constructor of URLImageSource. Now if security check of > URLPermission is failed we will check the corresponding SocketPermission. > - Added regression test. > > Thanks, > Dmitry > >> On 18 Nov 2017, at 15:30, Dmitry Markov <dmitry.mar...@oracle.com >> <mailto:dmitry.mar...@oracle.com>> wrote: >> >> I have created the following one >> https://bugs.openjdk.java.net/browse/JDK-8191531 >> <https://bugs.openjdk.java.net/browse/JDK-8191531> >> >> Thanks, >> Dmitry >>> On 17 Nov 2017, at 22:10, Sergey Bylokhov <sergey.bylok...@oracle.com >>> <mailto:sergey.bylok...@oracle.com>> wrote: >>> >>> On 17/11/2017 12:28, Dmitry Markov wrote: >>>> Thank you, Sergey! Shall I create a CSR for this? >>> >>> yes we need a CSR. >>> >>> >>> >>> -- >>> Best regards, Sergey. >> >
