On 02/12/13 12:40, Alan Bateman wrote:
On 02/12/2013 12:22, Michael McMahon wrote:
Okay. I think the best approach is to recognise the userinfo but just
remove it when constructing
URLPermissions thereby effectively ignoring it.
This is what the http protocol handler (and other support classes)
have been doing all the time
since the field is not directly of interest to http itself. That
doesn't prevent higher level software from
using it, as in the case here that provoked the bug report (the Java
GIT client used in netbeans and eclipse)
Michael
I think this makes the most sense. Even more so when you consider
configuring the policy to grant permission to GET or POST to a
specific HTTP URL then this grant is independent of whether of any
authentication that might be required.
-Alan.
The second webrev is at link below. This is somewhat simpler now.
I think it still needs a spec change though. So, I would like to propose
that to the CCC asap.
http://cr.openjdk.java.net/~michaelm/8029354/webrev.2/
I added a test that uses the protocol handler. it should be reliable enough
as it does not actually go as far as opening an actual socket connection.
Thanks
Michael
