On Thu, 3 Jun 2021 17:44:22 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/JceSecurityManager.java line 111: >> >>> 109: Option.RETAIN_CLASS_REFERENCE) >>> 110: .walk((s) -> >>> s.collect(Collectors.toList()))); >>> 111: >> >> Note: StackWalker is a stateless capability object. It's not the walk() >> method that requires a permission, but the creation of the StackWalker >> itself (hence my suggestion to create it in the constructor, or in a static >> initializer). If you walk the stack from within a doPrivileged call then the >> doPrivileged frame will appear in the returned `List<StackFrame>`; this may >> (or may not) be OK - depending on the logic that processes the stack. >> >> You could consider simplifying: >> >> >> PrivilegedAction<StackWalker> pa = () -> >> StackWalker.getInstance(Option.RETAIN_CLASS_REFERENCE); >> final List<StackFrame> stack = >> AccessController.doPrivileged(pa).walk(Stream::toList); > > Thanks. I was going to step through this code more thoroughly today, > hopefully I would have caught that. > > This code is only needed in certain deployment and Cipher creation > situations, so would rather not create a static CodeWalker that is not > normally used. Fair enough. ------------- PR: https://git.openjdk.java.net/jdk/pull/4150
