On 08/14/2014 10:49 AM, Xuelei Fan wrote:
I meant to pointed out the modification permissions as well. As update
to the returned value needs the related permissions as the following
line talked about:
149 * <p> To modify the Principals Set, the caller must have
150 * {@code AuthPermission("modifyPrincipals")}.
151 * To modify the public credential Set, the caller must have
152 * {@code AuthPermission("modifyPublicCredentials")}.
153 * To modify the private credential Set, the caller must have
154 * {@code AuthPermission("modifyPrivateCredentials")}.
Yes, I understand the comment now. I have fixed it, but I had to adjust
the wording a bit. getPrivateCredentials() now says:
* <p> If a security manager is installed, the caller must have a
* {@link AuthPermission#AuthPermission(String)
* AuthPermission("modifyPrivateCredentials")} permission to modify
* the returned set, or a {@code SecurityException} will be thrown.
*
* <p> While iterating through the {@code Set},
* a {@code SecurityException} is thrown if a security manager is
installed
* and the caller does not have a {@link PrivateCredentialPermission}
* to access a particular Credential. The {@code Iterator}
* is nevertheless advanced to the next element in the {@code Set}.
I also added a similar paragraph as the first above to the
getPublicCredentials() and getPrincipals() methods.
Updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/7026255/webrev.02/
--Sean
