harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail Loenko" <mloe...@gmail.com>
Subject Re: [classlib][security] BC provider as default Harmony crypto provider
Date Wed, 27 Jun 2007 05:35:25 GMT
2007/6/27, Roman Bushmanov <roman.bushmanov@gmail.com>:
> Hi, Leo
>
> On 6/26/07, Leo Li <liyilei1979@gmail.com> wrote:
> > Hi, Roman:
> >     I think it is reasonable to grant permissions to classes in extension
> > directory and RI has a similar line in its policy file.
>
> You are right, RI has a statement granting AllPermission to extension
> directory. I've missed that.
>
> However, RI doesn't have the problem with initializing the crypto
> provider then the policy file is redefined complitely. I've seen that
> difference on two tests from functional suite.
>
> Probably they create a provider instance before installing security
> manager, e.g. just before they execute application code. However that
> is not an efficient solution because at vm startup we don't know if we
> need a provider.
>
> >     While I must admit that I have tried to delete this line in policy file
> > for RI 6.0 and there seems to be no problem to get instance from crypto
> > provider, I think it is due to the RI's security provider(SunJCE) does not
> > require some priviledge to work and it is the provider's freedom. (Spec does
> > not forbid providers to do this.)
>
> May be I'm missing something but as I understand, each provider
> implementation (a class extending Provider) should set in its
> constructor a variety properties that are required to look up the
> services implemented by this provider. And the only way to do that is
> calling Provider.put() method that performs security access checs. Am
> I right?
>
> >     And Roman, is there an application fails due to this issue? If so, it
> > deserves us to find a solution.
>
> As I've already noted, I've discovered the issue on two functional
> tests. No other applications.

I suggest to mark this as a non-bug difference from RI

Thanks,
Mikhail

>
> Thank you,
> Roman
>

Mime
View raw message