On 01/22/2017 12:02 PM, Mandy Chung wrote:
On Jan 21, 2017, at 6:37 PM, Weijun Wang wrote:
On 01/22/2017 09:18 AM, Mandy Chung wrote:
AFAIK, no permission check from RB::getBundle loading this resource bundle.
The implementation should wrap all security sensitive calls with doPriv. I
> On Jan 21, 2017, at 6:37 PM, Weijun Wang wrote:
>
>
>
> On 01/22/2017 09:18 AM, Mandy Chung wrote:
>> AFAIK, no permission check from RB::getBundle loading this resource bundle.
>> The implementation should wrap all security sensitive calls with doPriv. I
>> also mentioned that in [1]
>
On 01/22/2017 09:18 AM, Mandy Chung wrote:
AFAIK, no permission check from RB::getBundle loading this resource bundle.
The implementation should wrap all security sensitive calls with doPriv. I
also mentioned that in [1]
I see.
It just feels strange to see getString() and getAuthResource
AFAIK, no permission check from RB::getBundle loading this resource bundle.
The implementation should wrap all security sensitive calls with doPriv. I
also mentioned that in [1]
I have a simple test that calls new X500Principal(null) and it runs fine with
security manager.
Mandy
[1]
Why isn't the new getAuthResourceString() using
AccessController.doPrivileged anymore?
Thanks
Max
On 01/22/2017 05:55 AM, Mandy Chung wrote:
Since AuthResources is the only altBundle, Max suggests to replace
getString(String, String) with a method for AuthResources bundle specifically.
It’s
Since AuthResources is the only altBundle, Max suggests to replace
getString(String, String) with a method for AuthResources bundle specifically.
It’s an alternative I considered too. Here is the revised webrev:
http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8173024/webrev.01/
Mandy
> On Jan
