On Fri, 4 Apr 2025 19:00:02 GMT, Roger Riggs wrote:
>> Now that the Security Manager is permanently disabled, the following
>> permission classes in the core libraries area can be deprecated for removal
>> as they are no longer useful: FilePermission, LinkPermission,
>> LoggingPermission, Prop
On Fri, 4 Apr 2025 14:55:45 GMT, Daniel Fuchs wrote:
>> test/jdk/java/net/httpclient/HttpResponseConnectionLabelTest.java line 190:
>>
>>> 188: private static HttpTestServer createServer(Version version,
>>> SSLContext sslContext) {
>>> 189: try {
>>> 190: re
On Sat, 29 Mar 2025 17:27:20 GMT, Patrick Strawderman wrote:
> Use `HexFormat.fromHexDigits` in URLDecoder, instead of `Integer.parseInt`.
Looks good.
-
Marked as reviewed by rriggs (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/24314#pullrequestreview-2743911875
On Thu, 20 Mar 2025 08:37:45 GMT, Volkan Yazici wrote:
> Guards against multi-deletes in `UnixSocketChannelReadWrite`.
>
> The fix can be verified as follows:
>
>
> make build-microbenchmark
> build/linux-x64/jdk/bin/java \
> -jar build/linux-x64/images/test/micro/benchmarks.jar \
> -f 1 -
On Fri, 4 Apr 2025 10:25:35 GMT, Eirik Bjørsnøs wrote:
>> Please review this test-only PR which introduces testing of the unspecified
>> but long-standing fallback to FTP for non-local files in the 'file' URL
>> scheme.
>>
>> This in preparation for the upcoming proposal to disable the featur
On Fri, 4 Apr 2025 06:47:02 GMT, Tabata Daishi wrote:
>> The output `jwebserver` and `java -m jdk.httpserver` uses UTF-8 encoding.
>> Therefore, if the console encoding is not set to UTF-8 (for example, MS932
>> on Japanese Windows), garbled characters may appear.
>> Since System.out knows the
On Fri, 4 Apr 2025 10:58:51 GMT, Daniel Fuchs wrote:
> Interesting. That looks like a bug to me. stop() should probably look at
> `exchangeCount` too - but that will require some thinking to get the
> asynchronous stops to work correctly. Should be worth logging a bug :-)
Let's see if this cap
On Mon, 31 Mar 2025 14:46:32 GMT, Eirik Bjørsnøs wrote:
> Please help review this cleanup PR which consolidates 'local file' URL checks
> across the 'file:' and 'jar:' URL scheme implementations and defines this
> check in terms of RFC 8089, Section 2.
>
> This PR:
>
> * Moves `URLJarFile.isF
On Fri, 4 Apr 2025 09:13:30 GMT, Daishi Tabata wrote:
>> The output `jwebserver` and `java -m jdk.httpserver` uses UTF-8 encoding.
>> Therefore, if the console encoding is not set to UTF-8 (for example, MS932
>> on Japanese Windows), garbled characters may appear.
>> Since System.out knows the
On Fri, 4 Apr 2025 10:36:51 GMT, Daniel Fuchs wrote:
>> Daishi Tabata has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update full name
>
> Hi, it's not completely clear to me why `static final String LOCALE_OPT =
> "-Duser.language=en -
On Fri, 4 Apr 2025 10:24:25 GMT, Eirik Bjørsnøs wrote:
>> test/jdk/sun/net/www/protocol/file/NonLocalFtpFallback.java line 122:
>>
>>> 120: public void verifyNonLocalFtpFallback() throws Exception {
>>> 121: URL localURL = file.toUri().toURL();
>>> 122: URL nonLocalURL = new
On Fri, 4 Apr 2025 10:25:01 GMT, Daniel Fuchs wrote:
> Ok - I see that 127.0.0.1 should not be directly used. Would it work if we
> replaced that with a fake host name then?
Yeah, you're right, the FTP request never materializes (our proxy just swallows
it). So we only use it to assert against
On Fri, 4 Apr 2025 09:13:30 GMT, Daishi Tabata wrote:
>> The output `jwebserver` and `java -m jdk.httpserver` uses UTF-8 encoding.
>> Therefore, if the console encoding is not set to UTF-8 (for example, MS932
>> on Japanese Windows), garbled characters may appear.
>> Since System.out knows the
On Tue, 1 Apr 2025 19:18:18 GMT, Volkan Yazici wrote:
>> src/java.net.http/share/classes/jdk/internal/net/http/HttpConnection.java
>> line 81:
>>
>>> 79: = Comparator.comparing(HttpConnection::id);
>>> 80:
>>> 81: private static final AtomicLong LABEL_COUNTER = new AtomicLong()
Please review this change to terminally deprecate the following security
related permission classes: `java.security.AllPermission`,
`java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`,
`javax.security.auth.AuthPermission`,
`javax.security.auth.PrivateCredentialPermission`,
`jav
On Fri, 4 Apr 2025 12:37:32 GMT, Roger Riggs wrote:
> Now that the Security Manager is permanently disabled, the following
> permission classes in the core libraries area can be deprecated for removal
> as they are no longer useful: FilePermission, LinkPermission,
> LoggingPermission, Property
On Fri, 4 Apr 2025 18:04:39 GMT, Sean Mullan wrote:
>> Please review this change to terminally deprecate the following security
>> related permission classes: `java.security.UnresolvedPermission`,
>> `javax.net.ssl.SSLPermission`, `javax.security.auth.AuthPermission`,
>> `javax.security.auth.P
On Thu, 20 Mar 2025 13:55:11 GMT, Michael McMahon wrote:
>> Volkan Yazici has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Apply review feedback on naming in `Masker`
>>
>> `reset` -> `setMask`
>> `initGallopingMask` -> `initVector
On Fri, 4 Apr 2025 15:08:25 GMT, Jaikiran Pai wrote:
>> Volkan Yazici has updated the pull request incrementally with five
>> additional commits since the last revision:
>>
>> - Remove timeout from `CountDownLatch::await` calls
>> - Replace `@AutoClose` with a corresponding `@AfterEach` metho
On Fri, 4 Apr 2025 10:37:58 GMT, Eirik Bjørsnøs wrote:
>> Please review this test-only PR which introduces testing of the unspecified
>> but long-standing fallback to FTP for non-local files in the 'file' URL
>> scheme.
>>
>> This in preparation for the upcoming proposal to disable the featur
On Fri, 4 Apr 2025 10:19:29 GMT, Daniel Fuchs wrote:
> The URL should not assume that the loopback is an IPv4 address. Or is this
> handled by the proxy?
Right. The following returns "127.0.0.1" for me, would that be the correct API
to use?
`InetAddress.getLoopbackAddress().getHostAddress()`
> Please review this test-only PR which introduces testing of the unspecified
> but long-standing fallback to FTP for non-local files in the 'file' URL
> scheme.
>
> This in preparation for the upcoming proposal to disable the feature by
> default in JDK-8353440.
>
> Since we cannot reliably
On Fri, 4 Apr 2025 10:40:24 GMT, Eirik Bjørsnøs wrote:
> @dfuch Tagnential observation: `proxyServer.stop(2)` will always wait 2
> seconds here. I was assuming it would only do that if there was an ongoing
> exchange.
>
> Looking at the `ServerImpl` class, it looks like `finished` is never set
Now that the Security Manager is permanently disabled, the following permission
classes in the core libraries area can be deprecated for removal as they are no
longer useful: FilePermission, LinkPermission, LoggingPermission,
PropertyPermission, ReflectPermission, RuntimePermission, and
Seriali
> Adds `HttpResponse::connectionLabel` method that provides an identifier for
> the connection.
>
> **Implementation note:** The feature is facilitated by
> `HttpConnection::label`, which should not be confused with
> `HttpConnection::id`. This distinction is explained in the JavaDoc of both
>
On Fri, 4 Apr 2025 09:13:30 GMT, Daishi Tabata wrote:
>> The output `jwebserver` and `java -m jdk.httpserver` uses UTF-8 encoding.
>> Therefore, if the console encoding is not set to UTF-8 (for example, MS932
>> on Japanese Windows), garbled characters may appear.
>> Since System.out knows the
On Wed, 2 Apr 2025 11:08:38 GMT, Jaikiran Pai wrote:
>> Volkan Yazici has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Apply review suggestions
>
> src/java.net.http/share/classes/jdk/internal/net/http/HttpConnection.java
> line 114:
>
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote:
> Please review this change to terminally deprecate the following security
> related permission classes: `java.security.AllPermission`,
> `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`,
> `javax.security.auth.AuthPermissi
On Mon, 31 Mar 2025 10:35:55 GMT, serhiysachkov wrote:
> 8330598: java/net/httpclient/Http1ChunkedTest.java fails with
> java.util.MissingFormatArgumentException: Format specifier '%s'
@serhiysachkov
Your change (at version 9abbaf2e4849ef4a6c06e244ccd31ce4af03ab80) is now ready
to be sponsore
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote:
> Please review this change to terminally deprecate the following security
> related permission classes: `java.security.AllPermission`,
> `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`,
> `javax.security.auth.AuthPermissi
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote:
> Please review this change to terminally deprecate the following security
> related permission classes: `java.security.AllPermission`,
> `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`,
> `javax.security.auth.AuthPermissi
> Please review this test-only PR which introduces testing of the unspecified
> but long-standing fallback to FTP for non-local files in the 'file' URL
> scheme.
>
> This in preparation for the upcoming proposal to disable the feature by
> default in JDK-8353440.
>
> Since we cannot reliably
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote:
> Please review this change to terminally deprecate the following security
> related permission classes: `java.security.AllPermission`,
> `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`,
> `javax.security.auth.AuthPermissi
Greetings Daniel,
For the sake of discussion, I will look at these classes as classifiable
into two groups: classes that we use (or are useful) only in the context of
a security manager, and classes that we use (or are useful) independently
of any other JDK API.
I would put all three of these cla
On Fri, 4 Apr 2025 12:47:19 GMT, Volkan Yazici wrote:
>> Adds `HttpResponse::connectionLabel` method that provides an identifier for
>> the connection.
>>
>> **Implementation note:** The feature is facilitated by
>> `HttpConnection::label`, which should not be confused with
>> `HttpConnection
On Fri, 4 Apr 2025 14:48:16 GMT, Jaikiran Pai wrote:
>> Volkan Yazici has updated the pull request incrementally with five
>> additional commits since the last revision:
>>
>> - Remove timeout from `CountDownLatch::await` calls
>> - Replace `@AutoClose` with a corresponding `@AfterEach` metho
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote:
> Please review this change to terminally deprecate the following security
> related permission classes: `java.security.AllPermission`,
> `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`,
> `javax.security.auth.AuthPermissi
Hi David,
Are there other subclasses of Permission that this framework uses?
More specifically - would it be fine to deprecate NetPermission,
URLPermission and SocketPermission classes?
best regards,
-- daniel
On 04/04/2025 15:51, David M. Lloyd wrote:
Can you elaborate or give an example/poi
On Fri, 4 Apr 2025 14:49:36 GMT, David M. Lloyd wrote:
> `AllPermission` is an integral concept of permission sets, and thus we would
> be obliged to create our own if the JDK one disappeared, causing
> compatibility problems due to the class moving to a new package from the
> point of view of
> Now that the Security Manager is permanently disabled, the following
> permission classes in the core libraries area can be deprecated for removal
> as they are no longer useful: FilePermission, LinkPermission,
> LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission,
> a
On Fri, 4 Apr 2025 15:27:25 GMT, Daniel Fuchs wrote:
>> test/jdk/java/net/httpclient/HttpResponseConnectionLabelTest.java line 412:
>>
>>> 410: HttpResponse response1 = client.send(pair.request,
>>> BodyHandlers.ofString(CHARSET));
>>> 411: LOGGER.log("Firing request 2...");
>>>
On Fri, 4 Apr 2025 16:36:38 GMT, Jaikiran Pai wrote:
>> Good point - our default idle timeout is 30s IIRC. There would need to be a
>> pause of 30s between the two calls to `client.send` however. Not impossible
>> but unlikely. We could either pass a higher timeout (with e.g.
>> `-Djdk.httpcli
On Fri, 4 Apr 2025 10:31:08 GMT, Eirik Bjørsnøs wrote:
>> Ok - I see that 127.0.0.1 should not be directly used. Would it work if we
>> replaced that with a fake host name then?
>
>> Ok - I see that 127.0.0.1 should not be directly used. Would it work if we
>> replaced that with a fake host nam
On Fri, 4 Apr 2025 12:47:19 GMT, Volkan Yazici wrote:
>> Adds `HttpResponse::connectionLabel` method that provides an identifier for
>> the connection.
>>
>> **Implementation note:** The feature is facilitated by
>> `HttpConnection::label`, which should not be confused with
>> `HttpConnection
> Please review this change to terminally deprecate the following security
> related permission classes: `java.security.UnresolvedPermission`,
> `javax.net.ssl.SSLPermission`, `javax.security.auth.AuthPermission`,
> `javax.security.auth.PrivateCredentialPermission`,
> `javax.security.auth.kerbe
On Wed, 2 Apr 2025 11:10:19 GMT, Daniel Fuchs wrote:
>> Hello Volkan, I think having the mention of ordering on the `id` field is
>> OK. I still find it confusing to have this sentence on the `label`:
>>
>>>
>>> As a result, compared to {@link #id}, this label does not give a total
>>> order a
On Wed, 2 Apr 2025 11:10:40 GMT, Daniel Fuchs wrote:
>> Volkan Yazici has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Apply review suggestions
>
> src/java.net.http/share/classes/jdk/internal/net/http/HttpConnection.java
> line 100:
>
> Now that the Security Manager is permanently disabled, the following
> permission classes in the core libraries area can be deprecated for removal
> as they are no longer useful: FilePermission, LinkPermission,
> LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission,
> a
On Fri, 4 Apr 2025 18:21:29 GMT, Roger Riggs wrote:
>> Now that the Security Manager is permanently disabled, the following
>> permission classes in the core libraries area can be deprecated for removal
>> as they are no longer useful: FilePermission, LinkPermission,
>> LoggingPermission, Prop
On Fri, 4 Apr 2025 14:12:55 GMT, Sean Mullan wrote:
> > > Please review this change to terminally deprecate the following security
> > > related permission classes: `java.security.AllPermission`,
> > > `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`,
> > > `javax.security.a
On Tue, 18 Mar 2025 14:58:51 GMT, Matthew Donovan wrote:
>> This PR updates the CertificateBuilder with a new method that creates a new
>> instance with common fields (subject name, public key, serial number,
>> validity, and key uses) filled-in. One test, IPIdentities.java, is updated
>> to s
On Fri, 4 Apr 2025 18:04:39 GMT, Sean Mullan wrote:
>> Please review this change to terminally deprecate the following security
>> related permission classes: `java.security.UnresolvedPermission`,
>> `javax.net.ssl.SSLPermission`, `javax.security.auth.AuthPermission`,
>> `javax.security.auth.P
On Fri, 4 Apr 2025 19:00:02 GMT, Roger Riggs wrote:
>> Now that the Security Manager is permanently disabled, the following
>> permission classes in the core libraries area can be deprecated for removal
>> as they are no longer useful: FilePermission, LinkPermission,
>> LoggingPermission, Prop
> Now that the Security Manager is permanently disabled, the following
> permission classes in the core libraries area can be deprecated for removal
> as they are no longer useful: FilePermission, LinkPermission,
> LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission,
> a
On Sat, 29 Mar 2025 17:27:20 GMT, Patrick Strawderman wrote:
> Use `HexFormat.fromHexDigits` in URLDecoder, instead of `Integer.parseInt`.
Is there a particular reason for this change? Like is this a significant
performance bottleneck?
-
PR Comment: https://git.openjdk.org/jdk/pul
On Mon, 17 Mar 2025 07:52:43 GMT, Volkan Yazici wrote:
>> Fixes endian handling `jdk.internal.net.http.websocket.Frame.Masker`.
>>
>> ### Implementation notes
>>
>> I deleted the `Frame` clone in tests, and rewired the test code depending on
>> it to the actual `Frame`. To enable this, I relax
> Now that the Security Manager is permanently disabled, the following
> permission classes in the core libraries area can be deprecated for removal
> as they are no longer useful: FilePermission, LinkPermission,
> LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission,
> a
> Now that the Security Manager is permanently disabled, the following
> permission classes in the core libraries area can be deprecated for removal
> as they are no longer useful: FilePermission, LinkPermission,
> LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission,
> a
On Fri, 4 Apr 2025 12:47:19 GMT, Volkan Yazici wrote:
>> Adds `HttpResponse::connectionLabel` method that provides an identifier for
>> the connection.
>>
>> **Implementation note:** The feature is facilitated by
>> `HttpConnection::label`, which should not be confused with
>> `HttpConnection
On Mon, 31 Mar 2025 14:46:32 GMT, Eirik Bjørsnøs wrote:
> Please help review this cleanup PR which consolidates 'local file' URL checks
> across the 'file:' and 'jar:' URL scheme implementations and defines this
> check in terms of RFC 8089, Section 2.
>
> This PR:
>
> * Moves `URLJarFile.isF
On Sat, 29 Mar 2025 17:27:20 GMT, Patrick Strawderman wrote:
> Use `HexFormat.fromHexDigits` in URLDecoder, instead of `Integer.parseInt`.
@kilink
Your change (at version 64ddccdaeeaec4e1196976d3c5f4c329008dd4ef) is now ready
to be sponsored by a Committer.
-
PR Comment: https://
On Mon, 31 Mar 2025 10:35:55 GMT, serhiysachkov wrote:
> 8330598: java/net/httpclient/Http1ChunkedTest.java fails with
> java.util.MissingFormatArgumentException: Format specifier '%s'
This pull request has now been integrated.
Changeset: c9c3c153
Author:Serhiy Sachkov
Committer: Mark She
62 matches
Mail list logo