On Fri, 25 Oct 2024 15:12:00 GMT, Alexey Ivanov <aiva...@openjdk.org> wrote:
>> Sean Mullan has updated the pull request with a new target base due to a >> merge or a rebase. The pull request now contains 150 commits: >> >> - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411 >> - Merge >> - Update @summary to replace "if the right permission is granted" can be >> replaced with "package java.lang is open to unnamed module". >> - Remove println about Security Manager. >> - Remove unused static variable NEW_PROXY_IN_PKG. >> - Remove static variable `DEFAULT_POLICY` and unused imports. >> - Remove hasSM() method and code that calls it, and remove comment about >> running test manually with SM. >> - clientlibs: import order >> - warning-string >> - java/net/httpclient/websocket/security/WSURLPermissionTest.java: >> integrated review feedback in renamed WSSanityTest.java >> - ... and 140 more: https://git.openjdk.org/jdk/compare/f7a61fce...cb50dfde > > test/jdk/javax/swing/UIDefaults/6622002/bug6622002.java line 1: > >> 1: /* > > Again, I'm unsure this test has a value after the security manager is > removed. All it verifies is that whatever reflection is used in > `UIDefaults.ProxyLazyValue` works. > > Anyway, the updated test doesn't verify the issue reported in the bug, which > is to prevent instantiation of values using non-public classes. This doubt applies to all the tests which exercise lazy values or similar logic… without and *with* the security manager. Now, without the security manager, the problematic cases are no longer relevant; the common path *without* the SM remains unchanged and was never an issue. However, a more thorough analysis is required. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21498#discussion_r1816923550
