Update doPrivilegedWithCombinerHelper function #20430
Conversation
JinhangZhang
changed the title
JinhangZhang
changed the title
JinhangZhang
changed the title
JinhangZhang
force-pushed
the
compat
branch
4 times, most recently
from
4f2a353 to
05d9970
Compare
JinhangZhang
force-pushed
the
compat
branch
3 times, most recently
from
04afd31 to
5c436bf
Compare
JinhangZhang
changed the title
|
@keithc-ca please help to review |
Hello, the failed case in #19499 is https://github.com/ibmruntimes/openj9-openjdk-jdk23/blob/openj9/test/jdk/javax/security/auth/Subject/Compat.java#L101. There is a personal build that pass
|
| AccessControlContext parentContext = getContextHelper(context == null); | ||
| DomainCombiner domaincombiner = parentContext.getCombiner(); | ||
|
|
||
| return new AccessControlContext(pdArray, domaincombiner, parentContext, context, getNewAuthorizedState(context, domain)); |
There was a problem hiding this comment.
| return new AccessControlContext(pdArray, domaincombiner, parentContext, context, getNewAuthorizedState(context, domain)); | |
| return new AccessControlContext(pdArray, parentContext, context, getNewAuthorizedState(context, domain)); |
domaincombiner = parentContext.getCombiner() can be invoked within the constructor.
There was a problem hiding this comment.
It still passes both parentContext.getCombiner() and parentContext, only parentContext is needed.
In addition, pls use tabs instead of spaces to be consistent with the existing codebase.
JinhangZhang
force-pushed
the
compat
branch
4 times, most recently
from
55d5f54 to
7bafa71
Compare
| @@ -351,6 +350,36 @@ public AccessControlContext(ProtectionDomain[] fromContext) { | |||
| this.containPrivilegedContext = true; | |||
| } | |||
|
|
|||
| AccessControlContext(ProtectionDomain[] pdArray, AccessControlContext parent, AccessControlContext acc, int authorizeState) { | |||
There was a problem hiding this comment.
| AccessControlContext(ProtectionDomain[] pdArray, AccessControlContext parent, AccessControlContext acc, int authorizeState) { | |
| AccessControlContext(ProtectionDomain[] pdArray, AccessControlContext parentAcc, AccessControlContext context, int authorizeState) { |
| case STATE_AUTHORIZED: | ||
| if (null != acc) { | ||
| // when parent combiner is not null, use parent combiner to combine the current context | ||
| if (parent.getCombiner() != null) { |
| } | ||
| this.doPrivilegedAcc = acc; | ||
| this.authorizeState = authorizeState; | ||
| this.containPrivilegedContext = true; |
There was a problem hiding this comment.
Can AccessControlContext(AccessControlContext acc, ProtectionDomain[] context, int authorizeState) invoke this constructor to avoid code duplication?
There was a problem hiding this comment.
Should be in a new constructor.
There was a problem hiding this comment.
Jason makes a good suggstion: the two constructors above can use the new one:
AccessControlContext(ProtectionDomain[] context, int authorizeState) {
this(context, null, null, authorizeState);
}
AccessControlContext(AccessControlContext acc, ProtectionDomain[] context, int authorizeState) {
this(context, null, acc, authorizeState);
}| /*[IF JAVA_SPEC_VERSION >= 24]*/ | ||
| /*[MSG "K002e", "checking permissions is not supported"]*/ | ||
| throw new AccessControlException(Msg.getString("K002e")); //$NON-NLS-1$ | ||
| /*[ELSE] JAVA_SPEC_VERSION >= 24 */ |
There was a problem hiding this comment.
Please not remove this and other recent merged changes.
JinhangZhang
force-pushed
the
compat
branch
3 times, most recently
from
29e2976 to
6d202c9
Compare
| } else { | ||
| this.domainCombiner = parentAcc.domainCombiner; | ||
| this.context = pdArray; | ||
| this.nextStackAcc = parentAcc; |
There was a problem hiding this comment.
This changed the AccessControlContext(AccessControlContext acc, ProtectionDomain[] context, int authorizeState) behaviour.
To avoid the uncertainty of existing AccessControlContext() constructors which is being disabled permanently for JDK24+, I revert the previous suggestion. Pls separate this new constructor from others.
JinhangZhang
force-pushed
the
compat
branch
2 times, most recently
from
0b44640 to
520741c
Compare
|
Please verify that the updated change still passes #19499 and the compliance tests. |
jcl/src/java.base/share/classes/java/security/AccessController.java
Outdated
Show resolved
Hide resolved
| } | ||
| this.doPrivilegedAcc = acc; | ||
| this.authorizeState = authorizeState; | ||
| this.containPrivilegedContext = true; |
There was a problem hiding this comment.
Jason makes a good suggstion: the two constructors above can use the new one:
AccessControlContext(ProtectionDomain[] context, int authorizeState) {
this(context, null, null, authorizeState);
}
AccessControlContext(AccessControlContext acc, ProtectionDomain[] context, int authorizeState) {
this(context, null, acc, authorizeState);
}
jcl/src/java.base/share/classes/java/security/AccessControlContext.java
Outdated
Show resolved
Hide resolved
jcl/src/java.base/share/classes/java/security/AccessControlContext.java
Outdated
Show resolved
Hide resolved
jcl/src/java.base/share/classes/java/security/AccessControlContext.java
Outdated
Show resolved
Hide resolved
JinhangZhang
force-pushed
the
compat
branch
3 times, most recently
from
ad23095 to
d51c66b
Compare
JinhangZhang
force-pushed
the
compat
branch
2 times, most recently
from
a992864 to
9dd994d
Compare
jcl/src/java.base/share/classes/java/security/AccessControlContext.java
Outdated
Show resolved
Hide resolved
jcl/src/java.base/share/classes/java/security/AccessController.java
Outdated
Show resolved
Hide resolved
JinhangZhang
force-pushed
the
compat
branch
2 times, most recently
from
ba0a69c to
041311e
Compare
jcl/src/java.base/share/classes/java/security/AccessControlContext.java
Outdated
Show resolved
Hide resolved
jcl/src/java.base/share/classes/java/security/AccessControlContext.java
Outdated
Show resolved
Hide resolved
|
Please squash in preparation for testing. |
|
When we try to invoke doPrivilegedWithCombiner function to perform a privileged action under an existing context environment, we are used to construct a new context but ignore the parent context. We should take consideration of a combination of the current and parent context, rather than just choose either the current or the parent. This patch solves a failed case in issue eclipse-openj9#19499. Issue: eclipse-openj9#19499 Signed-off-by: Jinhang Zhang <[email protected]>
done |
|
Jenkins test sanity amac jdk23 |
When we try to invoke doPrivilegedWithCombiner function to
perform a privileged action under an existing context
environment, we are used to construct a new context but ignore
the parent context.
We should take consideration of a combination of the current
and parent context, rather than just choose either the current
or the parent.
This patch solves the failed case in issue #19499.