Name: nt126004 Date: 01/28/2003


FULL PRODUCT VERSION :
java version "1.4.1_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_01-b01)
Java HotSpot(TM) Client VM (build 1.4.1_01-b01, mixed mode)

FULL OPERATING SYSTEM VERSION :
Any

ADDITIONAL OPERATING SYSTEMS :
All


A DESCRIPTION OF THE PROBLEM :
The java login context constructor should be able to accept
the URL of a policy file containing just the single login
context desired to be parsed, eg:

LoginContext loginContext = new
LoginContext(this.getClass().getResource("MyPolicy.policy"),
"MyPolicyName", myCallbackHandler);

This would allow applets and java web start applications to
load a policy that is specific to the applet/web start,
without needing to install a new Configuration manager.

The advantage of this is that it makes it easy for a web
server to just put all the login specific parts into a
single file, which a third party can potentially customize
for their particular application. Thus, the login can be
dynamically selected at load time as appropriate.

If it has to be in the overall login.configuration or
login.policy file, then the end user actually needs to go to
the applet console and configure an explicit configuration
page. This seems undesireable.

Even just setting the name of the file into a java system
property (which can be done by a trusted applet), is not a
particularly good idea, as this is global, and what is
desired is that the login configuration file be found in the
applet class loader (or web start class loaded.)


REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER WORKAROUND :
Supply a user written version of Configuration. That means
writing actual code for this, which seems a waste since the
code to parse login configuration files is already present
in the java runtime.
(Review ID: 180374)
======================================================================