-
Enhancement
-
Resolution: Fixed
-
P4
-
1.0
-
merlin
-
generic
-
solaris_7
consider the following call sequence
(assume time goes down):
A
B -> Subject.doAs(X, C)
C
D
security checks end up being:
A AND B AND (C UNION X) AND (D UNION X)
however, consider this case:
A
B -> Subject.doAs(X, A)
A
C
the security check would be:
A AND B AND (A UNION X) AND (C UNION X)
this effectively reduces down to:
A AND B AND (C UNION X)
in other words, we could optimize out (A UNION X).
better stated, any protection domain in the combine method's
"currentDomains" array can be optimized out if it already exists
in the "assignedDomains" array.
(assume time goes down):
A
B -> Subject.doAs(X, C)
C
D
security checks end up being:
A AND B AND (C UNION X) AND (D UNION X)
however, consider this case:
A
B -> Subject.doAs(X, A)
A
C
the security check would be:
A AND B AND (A UNION X) AND (C UNION X)
this effectively reduces down to:
A AND B AND (C UNION X)
in other words, we could optimize out (A UNION X).
better stated, any protection domain in the combine method's
"currentDomains" array can be optimized out if it already exists
in the "assignedDomains" array.
- relates to
-
JDK-4887017 SubjectDomainCombiner optimization incorrect
-
- Resolved
-