This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Summary: | TopSecurityManager doesn't delegate permission checks | ||
---|---|---|---|
Product: | platform | Reporter: | emi <emi> |
Component: | -- Other -- | Assignee: | Antonin Nebuzelsky <anebuzelsky> |
Status: | RESOLVED WONTFIX | ||
Severity: | blocker | CC: | jtulach, t_h |
Priority: | P3 | ||
Version: | 5.x | ||
Hardware: | All | ||
OS: | All | ||
Issue Type: | ENHANCEMENT | Exception Reporter: | |
Attachments: | My simple changes. It also includes some unnecessary comments and debug info. |
Description
emi
2007-02-26 14:40:43 UTC
Created attachment 38910 [details]
My simple changes. It also includes some unnecessary comments and debug info.
Is this all necessary in TSM? No changes in e.g. (currently empty) checkRead/checkWrite? No. If we go the "delegate" way, all the checkXX should delegate to the other security managers (except checkSetSecurityManager). But my patch should be enough for a first-step that allows you to use custom Permissions so that at some point you can rech JAAS level. I'll try and submit a patch with delegate for all the checks. To avoid the spead-penalty I should probably subclass TopSecurityManager, invent a new property (like use.netbeans.security) and only set the subclass as SecurityManager if that property is set. Any ideas ? Y01 Please investigate whether it is possible to fill the delegates using lookup. E.g. delegates = Lookup.getDefault().lookupAll(SecurityManager.class). Then your modules can just create appropriate META-INF/services/java.lang.SecurityManager file and do not need dependency on core/bootstrap. Potentially the checkExit could be delegated to the same classes as now, and we could delegate all checks to MetaInf services. That way the functionality would stay there, but the performance shall not be impacted at all for IDE (which has no such registrations). Reassigning to new module owner Tomas Holy. I have a feeling that Radek experimented with this a bit. My intention was just to have hook for masterfs - no explicit delegation as required. I think Tomas Holy is the right person. 1) Seems to be in wrong BZ component. 2) There does not seem to be any demand for this. |