[
https://issues.apache.org/jira/browse/IVY-1211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Zheng updated IVY-1211:
----------------------------
Description:
Currently, Ivy uses BasicURLHandler to locate resources and to open an input
stream on it. According to the implementation of the release 2.1.0, the
constructor of the BasicURLHandler forces the JVM to load the IvyAuthenticator
class. This action will have to assume that the "java.net.NetPermission:
setDefaultAuthenticator" has already been granted to Ivy, since the
IvyAuthenticator will set itself as the JVM's default authenticator.
However, It will fail in web application when the web container does not grant
the NetPermission to ivy. It will causes the whole web application failed
because the class BasicURLHandler cannot be initialized.
Also, sometimes the user only needs to load some resources in its own
application's classpath, in which case there is no need to use an
authenticator, thus no need to grant Ivy the "java.net.NetPermission:
setDefaultAuthenticator". However, currently the user has to grant the
permission even if this makes little sense. It will be better if the
BasicURLHandler uses IvyAuthenticator only when it is really necessary.
was:
Currently, Ivy uses BasicURLHandler to locate resources and to open an input
stream on it. According to the implementation of the release 2.1.0, the
constructor of the BasicURLHandler forces the JVM to load the IvyAuthenticator
class. This action will have to assume that the "java.net.NetPermission:
setDefaultAuthenticator" has already been granted to Ivy, since the
IvyAuthenticator will set itself as the JVM's default authenticator.
Sometimes the user only needs to load some resources in its own application's
classpath, in which case there is no need to use an authenticator, thus no need
to grant Ivy the "java.net.NetPermission: setDefaultAuthenticator". However,
currently the user has to grant the permission even if this makes little sense.
It will be better if the BasicURLHandler uses IvyAuthenticator only when it is
really necessary.
Priority: Critical (was: Major)
> Use IvyAuthenticator only when it is really necessary
> -----------------------------------------------------
>
> Key: IVY-1211
> URL: https://issues.apache.org/jira/browse/IVY-1211
> Project: Ivy
> Issue Type: Improvement
> Reporter: Mark Zheng
> Priority: Critical
>
> Currently, Ivy uses BasicURLHandler to locate resources and to open an input
> stream on it. According to the implementation of the release 2.1.0, the
> constructor of the BasicURLHandler forces the JVM to load the
> IvyAuthenticator class. This action will have to assume that the
> "java.net.NetPermission: setDefaultAuthenticator" has already been granted to
> Ivy, since the IvyAuthenticator will set itself as the JVM's default
> authenticator.
> However, It will fail in web application when the web container does not
> grant the NetPermission to ivy. It will causes the whole web application
> failed because the class BasicURLHandler cannot be initialized.
> Also, sometimes the user only needs to load some resources in its own
> application's classpath, in which case there is no need to use an
> authenticator, thus no need to grant Ivy the "java.net.NetPermission:
> setDefaultAuthenticator". However, currently the user has to grant the
> permission even if this makes little sense. It will be better if the
> BasicURLHandler uses IvyAuthenticator only when it is really necessary.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
