On 11/17/2010 02:34 PM, Mandy Chung wrote:
Hi Sean,
On 11/16/10 5:56 AM, Sean Mullan wrote:
http://cr.openjdk.java.net/~mullan/6995424/webrev.00/
Policy.java:
I was initially confused with the meaning of 'compatPolicy'. I thought
that when 'compatPolicy' is set to true, it means that the deprecated
javax.security.auth.Policy class or the legacy
com.sun.security.auth.PolicyFile is used for backward compatibility
support. It turns out that it's the reverse as it's set in line 241 and
295. Should it be renamed to 'useStandardPolicy' to make it clear?
I agree it is confusing but since that was the prior name I left it
alone. What we are trying to find out is if the application is using a
*custom* (one they wrote themselves and not
com.sun.security.auth.PolicyFile) JAAS policy provider.
The flag essentially means: "if true, provide backwards compatibility
for a deprecated, custom JAAS policy provider".
I am open to changing the name but didn't feel that it was strictly
necessary because I am not changing the meaning of it.
However, in line 273, javax.security.auth.Policy.setPolicy sets
compatPolicy to true. Is the given Policy object a
javax.security.auth.Policy object? Should it set it to false?
No, if someone invokes Policy.setPolicy then they are using a custom
JAAS policy provider.
Probably I'm missing something here:
276 // maintain backwards compatibility for people who provide
277 // their own javax.security.auth.Policy implementations
It would help if some comments are added to explain further.
Ok, let me add some comments and send another webrev.
--Sean
