On 05/04/2015 01:15 PM, Mandy Chung wrote:
On 05/04/2015 05:31 AM, Sean Mullan wrote:
CustomPolicy.implies
50 if (pd == policyPd) {
51 return true;
52 }
This is okay for the test. Just for my understanding, for real world
custom policy, should it check the code source in case the sensitive
operation triggering a permission check involving other classes?
Permissions are granted per ProtectionDomain (PD) so this is
sufficient. However, typically the policy provider would be in a
separate PD from other code (for example, by packaging it in a
separate JAR file), but this is sufficient for testing purposes. If
you remove the lines above from the test, you will get a
StackOverflowError.
Right this is sufficient for testing purpose.
My comment is only for my understanding of the internal implementation.
I see that SecureClassLoader caches one ProtectionDomain per code source
and so checking "==" PD instance works most of the cases (maybe all
cases in practice) while a custom class loader could instantiate
different PD objects to define classes from the same code source.
Anyway, no change is needed for the test.
Ok. I will be thinking more about this issue later. Right now I just
want to gently fix this issue without changing the code too much :)
--Sean
