-
Bug
-
Resolution: Fixed
-
P3
-
7
-
b18
-
x86
-
linux
-
Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2152966 | OpenJDK6 | Weijun Wang | P3 | Resolved | Fixed | b01 |
Class level specification for java.securityPermissionCollection contains following phrase:
"The PermissionCollection returned by the Permission.newPermissionCollection method is a homogeneous collection, which stores only Permission objects for a given Permission type."
In particular it means that Java API implementation meeds to implement 'BasicPermission.newPermissionCollection' method to return instance of PermissionCollection subclass defining it's add method which stores only BasicPermission subclasses.
At the same time specification of PermissionCollection.add method looks like follows:
"
Adds a permission object to the current collection of permission objects.
Parameters:
permission - the Permission object to add.
Throws:
SecurityException - - if this PermissionCollection object has been marked readonly
"
Nothing specific is said about attempt to add too homogenous permission collection
some irrelevant permission.
Accodingly with this part of specification signle reason to reject permission addition is
marking collection as readonly and it looks like spec inconsistency.
There is another problem. Even if phrase from class level specification would be repeated in
specification of add method it is still non-clear how implementation should behave in such case. Accordingly with current version of spec the most approapriate behavior is just silently
reject such requests. However in JDK 6 at least several subclasses of Permission (BasicPermission, SocketPermission, RuntimePermission, AllPermission) throw IllegalArgumentException in such case.
So it looks reasonable to mention IllegalArgumentException throwing as possible effect of improper 'add' method invocation invocation.
"The PermissionCollection returned by the Permission.newPermissionCollection method is a homogeneous collection, which stores only Permission objects for a given Permission type."
In particular it means that Java API implementation meeds to implement 'BasicPermission.newPermissionCollection' method to return instance of PermissionCollection subclass defining it's add method which stores only BasicPermission subclasses.
At the same time specification of PermissionCollection.add method looks like follows:
"
Adds a permission object to the current collection of permission objects.
Parameters:
permission - the Permission object to add.
Throws:
SecurityException - - if this PermissionCollection object has been marked readonly
"
Nothing specific is said about attempt to add too homogenous permission collection
some irrelevant permission.
Accodingly with this part of specification signle reason to reject permission addition is
marking collection as readonly and it looks like spec inconsistency.
There is another problem. Even if phrase from class level specification would be repeated in
specification of add method it is still non-clear how implementation should behave in such case. Accordingly with current version of spec the most approapriate behavior is just silently
reject such requests. However in JDK 6 at least several subclasses of Permission (BasicPermission, SocketPermission, RuntimePermission, AllPermission) throw IllegalArgumentException in such case.
So it looks reasonable to mention IllegalArgumentException throwing as possible effect of improper 'add' method invocation invocation.
- backported by
-
JDK-2152966 Behavior of PermissionCollection.add() method is not clear
-
- Resolved
-
- relates to
-
-
- Closed
-
-
-
- Closed
-