On 4/15/20 9:58 PM, Weijun Wang wrote:
Parsing of the denyAfter constraint is required to verify the signed JAR, which
happens very early. This causes SL to search for a LocaleProvider to parse the
denyAfter date field which triggers a permission check, causes the policy
machinery to bootstrap, and which triggers further permission checks, etc.
Do we really need a LocaleProvider here? Or, is the grammar really
locale-dependent? This does not look user-friendly to me.
Just take a look. The grammar is simple but we use SimpleDateFormat for
debugging messages and Calendar to validate the input.
Maybe we can use
LocalDateTime.of(year, month, day, 0,
0).atOffset(ZoneOffset.UTC).toInstant()
to load the date. It takes care of validation and very easy to compare to
Instant.now().
Good points. SimpleDateFormat definitely looks like additional overhead
that can be avoided. And using LocalDateTime looks like it also might work.
I would like to handle this separately though, so I will file a separate
issue.
I don't have any other comment on the code change.
Great, thanks for reviewing.
--Sean
