Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8046174

JEP 184: HTTP URL Permissions

    Details

    • Type: JEP
    • Status: Closed
    • Priority: P4
    • Resolution: Delivered
    • Fix Version/s: 8
    • Component/s: core-libs
    • Labels:
      None
    • Author:
      Michael McMahon
    • JEP Type:
      Feature
    • Exposure:
      Open
    • Subcomponent:
    • Scope:
      SE
    • Discussion:
      net dash dev at openjdk dot java dot net
    • Effort:
      S
    • Duration:
      S
    • JEP Number:
      184

      Description

      Summary

      Define a new type of network permission which grants access in terms of URLs rather than low-level IP addresses.

      Motivation

      The only way to specify network permissions today is with the java.net.SocketPermission class, which has two major drawbacks:

      1. Socket permissions govern the initiation of low-level TCP connections. They therefore cannot distinguish between an HTTP connection to some host, which might be permitted, and other kinds of TCP connections to the same host, which might not be permitted.

      2. Socket permissions operate in terms of IP addresses rather than host names. This makes it impossible to distinguish between virtual HTTP servers hosted on the same physical server at the same IP address. Even though two such servers have different domain names, a SocketPermission instance cannot be used to permit access to one server but not the other.

      Description

      This feature will define a higher-level permission type specific to HTTP or perhaps, more generally, to arbitrary URL schemes. The class will be able to express permissions in terms of HTTP request methods (GET, POST, PUT, etc.) and URL scheme, authority, and path components. No DNS lookups will be required in order to do permission checks or to compare permission objects for equality.

      The HTTP protocol handler will check for these new permissions in the call stack and, using the [limited <code class="prettyprint" data-shared-secret="1571476860396-0.8358638045009319">doPrivileged()</code> feature|140], it will effectively convert the URL permission into a SocketPermission for the actual destination.

      Testing

      This feature introduces one new class, which can be tested using the JDK's built-in HTTP server. Unit tests for the class itself, i.e., for testing public methods such as implies(), can be written directly. The engineering work for this feature will include both kinds of tests.

      Dependences

      This feature depends on JEP 140: Limited doPrivileged .

      Impact

      • Security: Introduces a new security permission. The use of limited doPrivileged() should limit the risk of security issues.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                michaelm Michael McMahon
                Reporter:
                michaelm Michael McMahon
                Owner:
                Michael McMahon
                Reviewed By:
                Alan Bateman, Chris Hegarty, Jeffrey Nisewanger (Inactive)
                Endorsed By:
                Brian Goetz
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: