Thanks Brad,
This would appear to be a regression as a result of the changes for CR
5021645.
Before 5021645, url.openConnection.getPermission() was used to determine
the permission. For jar url's this will create a new JarURLConnection
that will delegate the getPermission request to its "wrapped" url, in
this case file://...
After 5021645, url.getProtocol() is used to manually determine if the
url is a file url or not. This will not work for jar urls since they
just wrap other urls.
The changes for CR 5021645 could be reversed or url.getProtocol() equal
to jar could be special cased to use url.getPath to look inside the jar url.
Reassigned back to classes_security ;-)
-Chris.
On 05/12/11 11:40 PM, Brad Wetmore wrote:
Hi Net-folks,
There is a patch in bugs.openjdk.java.net which was originally filed
under security, but it is probably more of a network issue. It involves
the "jar" protocol.
See the thread thus far at:
http://mail.openjdk.java.net/pipermail/security-dev/2011-May/003269.html
I've filed:
7044443: Permissions resolved incorrectly for jar protocol (Patch from
bugs.openjdk.java.net)
Can someone please evaluate? Thanks.
Brad
