|

»

OpenJDK Security Development

[security-dev 01357]: 6894643: Separate out dependency on Kerberos

View: New views

5 Messages — Rating Filter: Alert me

	[security-dev 01357]: 6894643: Separate out dependency on Kerberos by vincent.ryan :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hello all, I'm proposing a further change that enables JSSE to work when Kerberos is not present at runtime: http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/ (This continues the removal of static dependencies begun in CR 6885204.) Please comment. Thanks.
	[security-dev 01358]: Re: 6894643: Separate out dependency on Kerberos by Alan Bateman :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Vincent Ryan wrote: > Hello all, > > I'm proposing a further change that enables JSSE to work when Kerberos is not > present at runtime: > > http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/ > > (This continues the removal of static dependencies begun in CR 6885204.) > > Please comment. > Thanks. > This separation looks quite good. What would you think about moving sun.security.util.HostnameChecker into sun.security.ssl.HostnameChecker? It's only usage in the JNDI LDAP provider should be when using SSL. Minor comment on the new KerberosClientKeyExchange is that the indenting of the parameters to several months seems a bit strange (no big deal). Also, I assume that getImpl isn't really needed and that impl should be initialized as: impl = AccessController.doPrivileged( new PrivilegedAction<KerberosClientKeyExchange>() { public KerberosClientKeyExchange run() { .. .}; Good to see a test included. -Alan.
	[security-dev 01359]: Re: 6894643: Separate out dependency on Kerberos by vincent.ryan :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Alan Bateman wrote: > Vincent Ryan wrote: >> Hello all, >> >> I'm proposing a further change that enables JSSE to work when Kerberos >> is not >> present at runtime: >> >> http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/ >> >> (This continues the removal of static dependencies begun in CR 6885204.) >> >> Please comment. >> Thanks. >> > This separation looks quite good. > > What would you think about moving sun.security.util.HostnameChecker into > sun.security.ssl.HostnameChecker? It's only usage in the JNDI LDAP > provider should be when using SSL. Fine for LDAP but HostnameChecker is used by HTTPS too. src/share/classes/sun/security/ssl/X509TrustManagerImpl.java src/share/classes/sun/net/www/protocol/https/HttpsClient.java src/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java src/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java > > Minor comment on the new KerberosClientKeyExchange is that the indenting > of the parameters to several months seems a bit strange (no big deal). > Also, I assume that getImpl isn't really needed and that impl should be > initialized as: > > impl = AccessController.doPrivileged( > new PrivilegedAction<KerberosClientKeyExchange>() { > public KerberosClientKeyExchange run() { .. .}; I've corrected that. > > Good to see a test included. > > -Alan.
	[security-dev 01360]: Re: 6894643: Separate out dependency on Kerberos by vincent.ryan :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message There's an updated webrev at: http://cr.openjdk.java.net/~vinnie/6894643/webrev.01/ The reflection code in KerberosClientKeyExchange has been reworked to avoid an object initializer problem. Vincent Ryan wrote: > Hello all, > > I'm proposing a further change that enables JSSE to work when Kerberos is not > present at runtime: > > http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/ > > (This continues the removal of static dependencies begun in CR 6885204.) > > Please comment. > Thanks.
	[security-dev 01362]: Re: 6894643: Separate out dependency on Kerberos by xuelei.fan :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Looks fine to me. Xuelei Vincent Ryan wrote: > There's an updated webrev at: > > http://cr.openjdk.java.net/~vinnie/6894643/webrev.01/ > > The reflection code in KerberosClientKeyExchange has been reworked to avoid > an object initializer problem. > > > Vincent Ryan wrote: >> Hello all, >> >> I'm proposing a further change that enables JSSE to work when Kerberos is not >> present at runtime: >> >> http://cr.openjdk.java.net/~vinnie/6894643/webrev.00/ >> >> (This continues the removal of static dependencies begun in CR 6885204.) >> >> Please comment. >> Thanks.