On 26/04/2013 15:36, Michael McMahon wrote:
Hi,
The is the suggested API for one of the two new JEPs recently submitted.
This is for JEP 184: HTTP URL Permissions
The idea here is to define a higher level http permission class
which "knows about" URLs, HTTP request methods and headers.
So, it is no longer necessary to grant blanket permission for any kind
of TCP connection to a host/port. Instead a HttpURLPermission restricts
access to only the Http protocol itself. Restrictions can also be imposed
based on URL paths, specific request methods and request headers.
The API change can be seen at the URL below:
http://cr.openjdk.java.net/~michaelm/8010464/api/
In addition to defining a new permission class, HttpURLConnection
is modified to make use of it and the documentation change describing
this
can be seen at the link below:
http://cr.openjdk.java.net/~michaelm/8010464/api/blender.html
All comments welcome.
Just a few other comments.
In the class description then it probably needs to explain that the
"path component" is considered to be a sequence of segments, separated
by "/". I suggest this because it currently has wording such as " same
number of path components" whereas there is only one path component and
you really mean the components of the path component.
The serial form includes "uristring", is that needed as I assume the URI
string will be serialized as the name.
A minor suggestion for the 2-arg constructor where "and which permits"
might be clearer as "that permits".
Otherwise I think this looks quite good.
-Alan.
