> On Jan 21, 2017, at 6:37 PM, Weijun Wang <weijun.w...@oracle.com> wrote: > > > > On 01/22/2017 09:18 AM, Mandy Chung wrote: >> AFAIK, no permission check from RB::getBundle loading this resource bundle. >> The implementation should wrap all security sensitive calls with doPriv. I >> also mentioned that in [1] > > I see. > > It just feels strange to see getString() and getAuthResourcesString() > implemented so differently in this webrev. Since you think they should be the > same, how about creating a private method that includes the VM.initLevel and > bundles.computeIfAbsent calls? We'll let Adam to decide if getString() can > also call it. >
I agree it looks strange but I hope Adam can leverage that. It’s better to leave it for the fix for JDK-8168075. Do you approve this fix? Mandy
