Details
-
JEP
-
Resolution: Delivered
-
P4
-
None
-
Sean Mullan
-
Feature
-
Open
-
SE
-
-
S
-
S
-
140
Description
Summary
Enable code to assert a subset of its privileges without otherwise preventing the full access-control stack walk to check for other permissions.
Motivation
This is very useful when you need to enable some permissions while allowing others to continue the stack walk.
Description
Add a java.security.AccessController.doPrivileged
method that takes a
permission argument.
For example, some bootstrap JRE code could assert a privilege to GET a configuration file via http:
AccessController.doPrivileged(anon class...,
new URLPermission(url,
request props ...,
"GET") ...
A checkPermission()
for a matching URLPermission
(done by the http
handler) would stop walking the access-control context (acc) stack at that
doPrivileged()
invocation and succeed. A check for a non-matching
URLPermission
or some other permission, however, would match the JRE class's
generally assigned privileges and continue walking the full acc stack as if the
limited doPrivileged()
had not been invoked.
These limited privileges are also captured by getAccessControlContext()
and
by thread inheritance.
Attachments
Issue Links
- blocks
-
JDK-8046173 JEP 183: HTTP Cross-Origin Resource Sharing
- Closed
-
JDK-8046174 JEP 184: HTTP URL Permissions
- Closed
- relates to
-
JDK-7083329 Limited doPrivileged
- Closed