Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7083329

Limited doPrivileged

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P3
    • Resolution: Duplicate
    • Affects Version/s: 8
    • Fix Version/s: 8
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Not verified

      Description

      The basic idea is to allow code to assert a subset of it's privileges without
      otherwise preventing the full access control stack walk for other permissions.

      For example, some bootstrap jre code asserts a privilege to GET a configuration
      file via http....

          AccessController.doPrivileged(anon class..., new URLPermission(url, request
      props..., "GET")

         A checkPermission() for a matching URLPermission (done by the http handler)
      would stop walking the acc stack at that doPrivileged() and succeed. However, a
      non-matching URLPermission or a FilePermission, for example, would match the jre
      class's generally assigned privileges and continue walking the full acc stack as
      if the limited doPrivileged() had not been invoked.

      These limited privileges are also captured by getAccessControlContext() and
      thread inheritance.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jdn Jeffrey Nisewanger (Inactive)
              Reporter:
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: