[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-security-dev
Subject:    Re: RFR: Re-enable support for non-Principal implementations of PrincipalComparator
From:       Sean Mullan <sean.mullan () oracle ! com>
Date:       2013-02-27 21:43:33
Message-ID: 512E7E05.1000109 () oracle ! com
[Download RAW message or body]

On 02/27/2013 06:24 AM, Alan Bateman wrote:
> On 26/02/2013 18:36, Neil Richards wrote:
>> Hi Sean,
>> Thanks for your quick response.
>>
>> I admit, I hadn't spotted the description of the policy file syntax to
>> which you point.
>>
>> (In my defence, it's a lot easier to overlook than the explicit wording
>> that I found at the top of PrincipalComparator's Javadoc).
>>
>> Just for info, are there other scenarios where (non-Principal)
>> PrincipalComparator impls can (still) be used, which matches that class'
>> Javadoc ?

Yes, I believe the legacy JAAS PolicyFile implementation 
(com.sun.security.auth.PolicyFile) supports PrincipalComparator classes 
that don't implement Principal, though I have not tested that to confirm.

>> And do these other scenarios also (already) support the use of
>> Principal.implies() ?

No for the case above, but the JAAS PolicyFile API is deprecated so I 
don't think we need to enhance that to support the new Principal.implies 
method.

>> I think your answer may have obviated my desire for using the suggested
>> fix.
>> I'm asking around nearby to see if evidence of real use breakage can be
>> found, and will tug on this thread again if/when I have something more
>> to share on this.
>>
> I'll leave it to Sean to comment on this but just to mention that if
> this reflective dependency is added then I think it would be good to
> plan to remove it in jdk9. I suggest this because PolicyFile will most
> likely end up in our base/core module whereas the JDK-specific API to
> JAAS (com.sun.security.auth) may not.

I think we should just wait a bit and see if anything comes up after the 
developer preview is released.

Thanks,
Sean
[prev in list] [next in list] [prev in thread] [next in thread]