On 18/10/2016 13:34, Uwe Schindler wrote:

Thanks Alan for the clarification and the documentation fixes! This does not solve the 
"returns null if not found or otherwise denied" issue, but this is a problem 
from the early Java days, which cannot be fixed anymore (to throw useful Exception if 
resource not found).
We can't change long standing behavior, also there are can be security concerns with revealing whether a resource exists.

To fix our own code (we also have some getResource[AsStream]() calls in 
Lucene's codebase without doPrivileged), I opened the following issue: 

We cannot fix this in 3rd party JARs, so we cannot remove our extra permission.

Nevertheless, the "original" issue with the symlinked home directory should be 
solved separately. I made a proposal to Max (Weijun Wang) how to fix this while reading 
the policy file. We fixed the problem locally by fixing the Jenkins User account running 
the tests to not have a symlinked user.home dir anymore.

I will leave this to Max to answer.


To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to