The changes look good Mandy. Hopefully we won't have too many issues with tweaking permissions…
Best Lance On Jan 26, 2015, at 2:23 PM, Mandy Chung <mandy.ch...@oracle.com> wrote: > http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8057645/webrev.00/ > > This patch proposes to move java.xml.ws, java.xml.bind, java.activation out > of the boot loader and be loaded by the extension class loader. We grant > java.xml.ws and java.xml.bind the minimum set of permissions. > java.activation hasAllPermission for now and that can be revised in the > future when JAF team identifies the permission set required java.activation. > > Miroslav - can you confirm if the JAX-WS and JAXB standalone tests pass with > this patch? > > Existing code that assumes the defining class loader of JAX-WS, JAXB, JAF > classes may be impacted by this change (e.g. the class loader delegation to > the bootstrap class loader skipping the extension class loader). They are > standalone technologies that used to be loaded by non-null class loader > before they were included in Java SE. It should be rare of such dependency. > Callbacks may assume java.xml.ws and java.xml.bind classes to have > AllPermissions so that when running with security manager, if the permission > required for callback is not part of the permission set granted to > java.xml.ws and java.xml.bind, SecurityException will be thrown. We need > customer testings to identify this callback permission case and revisit if > they should be granted with AllPermission for JDK 9. > > Mandy Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037 Oracle Java Engineering 1 Network Drive Burlington, MA 01803 lance.ander...@oracle.com
