I am working on
JDK-8159528 Deprivilege java.security.jgss, jdk.security.jgss and
jdk.security.auth
https://bugs.openjdk.java.net/browse/JDK-8159528
Several questions:
1. How does updating <top>/make/common/Modules.gmk affect an exploded build?
2. I am using Unsafe in two places, once to rewrite a final filed in clone()
[1], and another to call unsafe.ensureClassInitialized(KeyTab.class) so that I
can call a non-public method there [2], but it seems a platform module cannot
use Unsafe. Is there new ways to do these? What I can do now is 1) make it
non-final 2) call a method in KeyTab to get it initialized.
3. I thought I can add something like
grant codeBase "file://${java.home}/modules/java.security.jgss" {
permission java.security.AllPermission;
};
into java.policy so I can test with an exploded build. However, I see
exceptions on ("java.lang.RuntimePermission"
"accessClassInPackage.sun.security.util") not granted. The exception is not
thrown when I am testing with an image build. Is there any way I can avoid it?
Thanks
Max
[1]
http://hg.openjdk.java.net/jdk9/dev/jdk/file/98f89fe2b722/src/java.security.jgss/share/classes/sun/security/krb5/PrincipalName.java#l182
[2]
http://hg.openjdk.java.net/jdk9/dev/jdk/file/98f89fe2b722/src/java.security.jgss/share/classes/sun/security/krb5/KerberosSecrets.java
