Skip to main content

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

  • From: Bill Shannon <bill.shannon@...>
  • To: jsr342-experts@...
  • Subject: [javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE
  • Date: Fri, 16 Mar 2012 10:59:11 -0700
  • List-id: <jsr342-experts.javaee-spec.java.net>

Markus Eisele wrote on 03/14/12 22:18:
Hi Bill,

thanks for the new proposal. Reads good. Even if I still have my
reservations as expressed in the earlier mail.
Here are some more thoughts and questions:

1) Why are we trying to put this into xml?
What about this:
<permission-grant-request>
     grant { permission java.io.FilePermission "/temp/abc", "read", "write"; }
</permission-grant-request>

The policy file syntax is ugly but if we depend on this we shouldn't
try to hide that fact too much.
Or do you know more about how this is going to look like in the future?

My understanding is that the policy file syntax is not standardized
as part of Java SE, but rather is an implementation detail of the JDK.
Thus, to use it here, we would have to standardize it here, which seems
inappropriate.

2) What about property expansion?
Do we want/allow something like this:
<permission-grant-request>
     grant { permission java.io.FilePermission "${user.home}/temp/abc",
"read", "write"; }
</permission-grant-request>

Good question.  We may need to consider that.

3) Last and simple one. If this is going to stay xml I would love to
have short tag names and add a description to the set.
<permissions>   <grant-request>  <description<classname<name<actions

I think it's just following the style of many existing elements
where the sub-elements have names that are qualified with the name
of the parent element.  See for example <injection-target>.

Adding <description> seems fine, and by our current convention that
name would not be qualified.


[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

(continued)

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Markus Eisele 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Jevgeni Kabanov 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Jeff Genender 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Florent BENOIT 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/14/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Markus Eisele 03/15/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Bill Shannon 03/16/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Jason T. Greene 03/09/2012

[javaee-spec users] [jsr342-experts] Re: security manager requirements in Java EE

Jevgeni Kabanov 03/09/2012
 
 
Close
loading
Please Confirm
Close