-
Enhancement
-
Resolution: Fixed
-
P3
-
None
-
b78
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8136088 | emb-9 | Sean Mullan | P3 | Resolved | Fixed | team |
Loosen the specification for java.security.SecurityPermission, java.lang.RuntimePermission, and javax.security.auth.AuthPermission to explicitly allow for other named permissions to be used.
The current specification of these classes states "The following table lists all the possible SecurityPermission target names ..." and "The following table lists all the possible RuntimePermission target names ..." which implies that unless the permission target is listed in the table, it cannot be used.
However, there is no such enforcement in the implementation, and it is useful and somewhat common for applications/libraries to create their own permission target names.
We should relax the specification and provide recommendations for naming to avoid name clashes (example, use the reversed domain name syntax).
The current specification of these classes states "The following table lists all the possible SecurityPermission target names ..." and "The following table lists all the possible RuntimePermission target names ..." which implies that unless the permission target is listed in the table, it cannot be used.
However, there is no such enforcement in the implementation, and it is useful and somewhat common for applications/libraries to create their own permission target names.
We should relax the specification and provide recommendations for naming to avoid name clashes (example, use the reversed domain name syntax).
- backported by
-
JDK-8136088 Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
-
- Resolved
-
- relates to
-
JDK-8134981 Document JDK supported permissions in security permissions guide
-
- Resolved
-
-
-
- Closed
-