[JDK-6511709] SubjectDomainCombiner.combineJavaxPolicy should construct ProtectionDomains with dynamic permissions - Java Bug System

Type: Bug
Resolution: Duplicate
Priority: P3
Fix Version/s: None
Affects Version/s: 6
Component/s: security-libs
Labels:
None

Subcomponent:
java.security
CPU:

generic
OS:

generic

SubjectDomainCombiner has compatibility support for javax.security.auth.Policy in its combineJavaxPolicy method.

The implementation of this method, however, constructs new ProtectionDomains using the 2-arg constructor, which results in a static permission collection that does not consult Policy. In other words, the sole permissions granted to the ProtectionDomain are those in the ProtectionDomain instance itself (Policy is not consulted).

The implementation should construct new ProtectionDomains using the 4-arg constructor. This allows dynamic permissions (from Policy) to be granted to the ProtectionDomain instance.

duplicates

JDK-6512054 SUBJECTDOMAINCOMBINER DOES NOT COMBINE CODE-BASED GRANTS IN JAAS MODE

Closed

Assignee:: Sean Mullan

Reporter:: Charlie Lai (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2007-01-10 10:55

Updated:: 2010-04-03 15:20

Resolved:: 2007-01-11 13:05

Imported:: 16/Sep/12 2:17 AM

Indexed:: 17/Jul/12 10:19 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates