Maybe we need some criteria, that defines what's not easily instrumented?
On 4/08/2021 10:19 am, Peter Firmstone wrote:
Excellent, Ron, that's exactly what I'm after.
I need to be able to implement an authorization layer on top of the
JDK, but reach down into the JDK to use authorization to control access.
Can we find out how many such checks that OpenJDK is prepared to
support, then we will pick the most important?
Don't worry about ClassLoader, I can instrument that (thank you Erik),
and maybe I can instrument Properties, and System.exit. So basically
things we can't easily instrument with agents, that everybody is most
likely to want.
* Network access
* File System access
* User Credentials
Maybe we should have a mailing list dedicated to this where we can
discuss and potentially collaborate?
Regards,
Peter.
On 3/08/2021 10:15 pm, Ron Pressler wrote:
On 3 Aug 2021, at 12:50, Peter Firmstone<peter.firmst...@zeus.net.au> wrote:
Can you think of any workable alternative compromises?
If you mean a compromise between no access checks in the JDK and all access
checks in the JDK, then yes,
which is possibly some callbacks for a small subset of operations that perform
access checks today,
say, System.exit and opening a file or socket. I am not saying this is what
should be done, but that the
effort involved is such that I can conceivably see those whose responsibility
this would be agreeing to
consider it, as the value in such a mechanism might end up being worthy of that
amount of effort. But I’m
guessing that the more such hooks are requested, the less likely it is that the
cost remains acceptable.
— Ron
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.
