Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8046130

JEP 140: Limited doPrivileged

    XMLWordPrintable

    Details

    • Type: JEP
    • Status: Closed
    • Priority: P4
    • Resolution: Delivered
    • Fix Version/s: 8
    • Component/s: security-libs
    • Labels:
      None
    • Author:
      Sean Mullan
    • JEP Type:
      Feature
    • Exposure:
      Open
    • Scope:
      SE
    • Discussion:
      security dash dev at openjdk dot java dot net
    • Effort:
      S
    • Duration:
      S
    • JEP Number:
      140

      Description

      Summary

      Enable code to assert a subset of its privileges without otherwise preventing the full access-control stack walk to check for other permissions.

      Motivation

      This is very useful when you need to enable some permissions while allowing others to continue the stack walk.

      Description

      Add a java.security.AccessController.doPrivileged method that takes a permission argument.

      For example, some bootstrap JRE code could assert a privilege to GET a configuration file via http:

      AccessController.doPrivileged(anon class...,
                                    new URLPermission(url,
                                                      request props ...,
                                                      "GET") ...

      A checkPermission() for a matching URLPermission (done by the http handler) would stop walking the access-control context (acc) stack at that doPrivileged() invocation and succeed. A check for a non-matching URLPermission or some other permission, however, would match the JRE class's generally assigned privileges and continue walking the full acc stack as if the limited doPrivileged() had not been invoked.

      These limited privileges are also captured by getAccessControlContext() and by thread inheritance.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mullan Sean Mullan
              Reporter:
              mullan Sean Mullan
              Owner:
              Jeffrey Nisewanger Jeffrey Nisewanger (Inactive)
              Endorsed By:
              Brian Goetz
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: