On Thu, 3 Jun 2021 08:27:14 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:
>> Bradford Wetmore has updated the pull request with a new target base due to >> a merge or a rebase. The pull request now contains eight commits: >> >> - Address codereview comments >> - Merge branch 'master' into JDK-8267485 >> - Merge branch 'master' into JDK-8267485 >> - Merge branch 'master' into JDK-8267485 >> - Replace missing annotation >> - Merge branch 'master' into JDK-8267485 >> - Updated copyright date. >> - 8267485: Remove the dependency on SecurityManager in >> JceSecurityManager.java > > src/java.base/share/classes/javax/crypto/JceSecurityManager.java line 111: > >> 109: Option.RETAIN_CLASS_REFERENCE) >> 110: .walk((s) -> >> s.collect(Collectors.toList()))); >> 111: > > Note: StackWalker is a stateless capability object. It's not the walk() > method that requires a permission, but the creation of the StackWalker itself > (hence my suggestion to create it in the constructor, or in a static > initializer). If you walk the stack from within a doPrivileged call then the > doPrivileged frame will appear in the returned `List<StackFrame>`; this may > (or may not) be OK - depending on the logic that processes the stack. > > You could consider simplifying: > > > PrivilegedAction<StackWalker> pa = () -> > StackWalker.getInstance(Option.RETAIN_CLASS_REFERENCE); > final List<StackFrame> stack = > AccessController.doPrivileged(pa).walk(Stream::toList); Thanks. I was going to step through this code more thoroughly today, hopefully I would have caught that. This code is only needed in certain deployment and Cipher creation situations, so would rather not create a static CodeWalker that is not normally used. ------------- PR: https://git.openjdk.java.net/jdk/pull/4150
