On 08/14/2014 10:49 AM, Xuelei Fan wrote:
I meant to pointed out the modification permissions as well.  As update
to the returned value needs the related permissions as the following
line talked about:

  149      * <p> To modify the Principals Set, the caller must have
  150      * {@code AuthPermission("modifyPrincipals")}.
  151      * To modify the public credential Set, the caller must have
  152      * {@code AuthPermission("modifyPublicCredentials")}.
  153      * To modify the private credential Set, the caller must have
  154      * {@code AuthPermission("modifyPrivateCredentials")}.

Yes, I understand the comment now. I have fixed it, but I had to adjust the wording a bit. getPrivateCredentials() now says:

     * <p> If a security manager is installed, the caller must have a
     * {@link AuthPermission#AuthPermission(String)
     * AuthPermission("modifyPrivateCredentials")} permission to modify
     * the returned set, or a {@code SecurityException} will be thrown.
     *
     * <p> While iterating through the {@code Set},
* a {@code SecurityException} is thrown if a security manager is installed
     * and the caller does not have a {@link PrivateCredentialPermission}
     * to access a particular Credential.  The {@code Iterator}
     * is nevertheless advanced to the next element in the {@code Set}.

I also added a similar paragraph as the first above to the getPublicCredentials() and getPrincipals() methods.

Updated webrev: http://cr.openjdk.java.net/~mullan/webrevs/7026255/webrev.02/

--Sean

Reply via email to