Making things clearer if I can:
Some thoughts on hooks:
* Utilize java.security.Provider, so as not to expose jdk
implementation code. Eg: a module declaration or
META-INF/services/java.security.Provider to obtain relevant
instances of java.security.Guard, where Permission implementation
types are currently used.
* Allow existing Permission classes to remain backward compatible,
declare them as services, so that SecurityManager can be degraded as
planned and Permission implementations can be gradually removed as
planned. (Removes dependencies on Permission instance types).
* Guard implementation's are typically required to have a constructor
with two String arguments, (String name, String actions), can be
passed as new String[]{ name, actions} constructor parameter to
java.security.Provider.Service::newInstance.
* Service must implement Guard interface, with Guard::check method
(current Permission implementations implement this method and call
System.getSecurityManager).
* Doesn't depend on Permission or any existing implementation classes,
completely customizable by the service implementation.
* Application developers can also implement hooks using this service.
* Using security provider avoids deadlock during Provider
initialization, it must be listed as a provider in the java.security
file or if security.overridePropertiesFile=true and
-Djava.security.properties=file://path/additional.security defines
providers, which would be useful for testing.
Break up guard service providers into current Permission types
(independent instances to avoid circular deadlocks), developers only
need implement those relevant to them and may only use checks for users
if they wish:
"AWT"
"FILE"
"SERIALIZABLE"
"MANAGEMENT"
"REFLECT"
"RUNTIME"
"NET"
"SOCKET"
"URL"
"FILE-LINK"
"SECURITY"
"SQL"
"LOGGING"
"PROPERTY"
"MBEAN"
"MBEAN-SERVER"
"MBEAN-TRUST"
"SUBJECT-DELEGATION"
"TLS"
"AUTH"
"KERBEROS-DELEGATION"
"KERBEROS-SERVICE"
"PRIVATE-CREDENTIAL"
"AUDIO"
"JAXB"
"WEB-SERVICE"
I would like to suggest adding a new provider type:
"PARSE-DATA" - To be called by any code about to parse data, eg
deserialization, XML, JSON, SQL, etc. Granted to users, so that it can
only be performed after authentication.
--
Regards,
Peter Firmstone
Zeus Project Services Pty Ltd.
