Return-Path: Delivered-To: apmail-harmony-dev-archive@www.apache.org Received: (qmail 15690 invoked from network); 27 Jun 2007 05:35:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Jun 2007 05:35:50 -0000 Received: (qmail 54538 invoked by uid 500); 27 Jun 2007 05:35:51 -0000 Delivered-To: apmail-harmony-dev-archive@harmony.apache.org Received: (qmail 54513 invoked by uid 500); 27 Jun 2007 05:35:51 -0000 Mailing-List: contact dev-help@harmony.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@harmony.apache.org Delivered-To: mailing list dev@harmony.apache.org Received: (qmail 54504 invoked by uid 99); 27 Jun 2007 05:35:51 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Jun 2007 22:35:51 -0700 X-ASF-Spam-Status: No, hits=0.3 required=10.0 tests=MAILTO_TO_SPAM_ADDR,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of mloenko@gmail.com designates 66.249.92.174 as permitted sender) Received: from [66.249.92.174] (HELO ug-out-1314.google.com) (66.249.92.174) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Jun 2007 22:35:47 -0700 Received: by ug-out-1314.google.com with SMTP id o2so252334uge for ; Tue, 26 Jun 2007 22:35:26 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mXkNsCSjgNFp4F/28FIJhEFiu76fwRz77aBFiWSXnmeSQheqJ95GDGQ+LZ6vDwYL/V8w/Uw+BsdYQIJFF4u3G8uErwf1XVm6iAcGy0Iy76QJ8xoi4AxI4issowdiMT2OFk0U0xHmR0H5oOSdJXHg51HdUkCgcy9NZGqA5rG+bFw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=f4QAkRuOtoyNeLUtyIroIijZT3mowDwYhcxoP5QXd44DrwDcylFf0BWFKEiyWtJhmKTannfnz5xOB9t245fjbe61H0N8yN3Az+0KvZgHhVbNTTGMKU2bzIVgIPjU2Ny9uu5bwyS3mtN5ONa9SrlfEXufMsTWAsO+l5SGyfosjSI= Received: by 10.78.185.15 with SMTP id i15mr49200huf.1182922525951; Tue, 26 Jun 2007 22:35:25 -0700 (PDT) Received: by 10.78.77.16 with HTTP; Tue, 26 Jun 2007 22:35:25 -0700 (PDT) Message-ID: <906dd82e0706262235r5a0c760pdd522f50d56995a8@mail.gmail.com> Date: Wed, 27 Jun 2007 09:35:25 +0400 From: "Mikhail Loenko" To: dev@harmony.apache.org Subject: Re: [classlib][security] BC provider as default Harmony crypto provider In-Reply-To: <30a80d190706262230k6ce958a3mba720760a540c80c@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <30a80d190706260521hb16dd6agea67108dea8c10af@mail.gmail.com> <30a80d190706262230k6ce958a3mba720760a540c80c@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org 2007/6/27, Roman Bushmanov : > Hi, Leo > > On 6/26/07, Leo Li wrote: > > Hi, Roman: > > I think it is reasonable to grant permissions to classes in extension > > directory and RI has a similar line in its policy file. > > You are right, RI has a statement granting AllPermission to extension > directory. I've missed that. > > However, RI doesn't have the problem with initializing the crypto > provider then the policy file is redefined complitely. I've seen that > difference on two tests from functional suite. > > Probably they create a provider instance before installing security > manager, e.g. just before they execute application code. However that > is not an efficient solution because at vm startup we don't know if we > need a provider. > > > While I must admit that I have tried to delete this line in policy file > > for RI 6.0 and there seems to be no problem to get instance from crypto > > provider, I think it is due to the RI's security provider(SunJCE) does not > > require some priviledge to work and it is the provider's freedom. (Spec does > > not forbid providers to do this.) > > May be I'm missing something but as I understand, each provider > implementation (a class extending Provider) should set in its > constructor a variety properties that are required to look up the > services implemented by this provider. And the only way to do that is > calling Provider.put() method that performs security access checs. Am > I right? > > > And Roman, is there an application fails due to this issue? If so, it > > deserves us to find a solution. > > As I've already noted, I've discovered the issue on two functional > tests. No other applications. I suggest to mark this as a non-bug difference from RI Thanks, Mikhail > > Thank you, > Roman >