There's a new webrev available at: http://cr.openjdk.java.net/~vinnie/6885204/webrev.01/webrev/
Brad Wetmore wrote: > > Vincent Ryan wrote: >> I'm proposing a change that enables JSSE to work when Kerberos is not >> present >> at runtime: >> >> http://cr.openjdk.java.net/~vinnie/6885204/webrev.00/webrev/ > > DelegateHttpsURLConnection.java/HttpsClient.java > ================================================ > > Can you put in a comment here that explains why you've added the > ciphersuite check? I had to think about it for a second, which means it > won't be immediately clear to others. ;) Done. > > CipherSuite.java/JsseJce.java > ================================= > > // It is true because we might not have an ECC or > // Kerberos implementation. > > Here's a small can of worms. The dynamic code was added when ECC was > only available via the PKCS11 provider, and people could remove the ECC > tokens at will and thus effectively disable ECC. With the addition of > your full-time ECC provider, this could have gone away. But since some > of the open source folks wanted to make your ECC provider optional, I > guess we're have to continue this check. > > That said, what you're trying to solve here is different. Either the > Kerberos implementation is there or it isn't. It doesn't get > dynamically installed into the JRE during the middle of a run, right? If > it's not made available dynamically, a simple one-time check should be > sufficient. Right. I've changed the code to perform the Kerberos check just once (in a static initializer). > > Is the doPrivileged necessary here? Yes, because the Class.forName references a class from a different package. > > Brad > >
