On Tue, 22 Oct 2024 11:50:13 GMT, Michael McMahon <micha...@openjdk.org> wrote:
>> Sean Mullan has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 97 commits: >> >> - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411 >> - Change apiNote to deprecated annotation on checkAccess methods. Change >> method dedescription to "Does nothing". >> - Sanitize the class descriptions of DelegationPermission and >> ServicePermission >> by removing text that refers to granting permissions, but avoid changes >> that >> affect the API specification, such as the description and format of input >> parameters. >> - Restored methods in RMIConnection to throw SecurityExceptions again but >> with adjusted text that avoids the word "permission". >> - Add text to class description of MBeanServer stating that implementations >> may throw SecurityException if authorization doesn't allow access to >> resource. >> - Restore text about needing permissions from the desktop environment in the >> getPixelColor and createScreenCapture methods. >> - Add api note to getClassContext to use StackWalker instead and >> add DROP_METHOD_INFO option to StackWalker. >> - Change checkAccess() methods to be no-ops, rather than throwing >> SecurityException. >> - Merge >> - Merge >> - ... and 87 more: https://git.openjdk.org/jdk/compare/f50bd0d9...f89d9d09 > > test/jdk/java/net/URLPermission/OpenURL.java line 30: > >> 28: * @run main/othervm OpenURL >> 29: */ >> 30: > > Do we need to keep this test at all? Or if keeping it, does it need the HTTP > server simulation, since the bug only relates to the URLPermission > instantiation? The test could be reduced to just the URL creation followed by > the URLPermission. It could - but technically openConnection / getInputStream could still throw if there was an issue with the provided URL. The difference here is that with a SecurityManager the connection would be rejected with a SecurityException before the connection was made. Without a security manager, the connection will go through, so you need the server simulation (can't rely on getting IOException assuming nobody would be listening). ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21498#discussion_r1810741690
