Duplicate :
|
Name: nt126004 Date: 01/28/2003 FULL PRODUCT VERSION : java version "1.4.1_01" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_01-b01) Java HotSpot(TM) Client VM (build 1.4.1_01-b01, mixed mode) FULL OPERATING SYSTEM VERSION : Any ADDITIONAL OPERATING SYSTEMS : All A DESCRIPTION OF THE PROBLEM : The java login context constructor should be able to accept the URL of a policy file containing just the single login context desired to be parsed, eg: LoginContext loginContext = new LoginContext(this.getClass().getResource("MyPolicy.policy"), "MyPolicyName", myCallbackHandler); This would allow applets and java web start applications to load a policy that is specific to the applet/web start, without needing to install a new Configuration manager. The advantage of this is that it makes it easy for a web server to just put all the login specific parts into a single file, which a third party can potentially customize for their particular application. Thus, the login can be dynamically selected at load time as appropriate. If it has to be in the overall login.configuration or login.policy file, then the end user actually needs to go to the applet console and configure an explicit configuration page. This seems undesireable. Even just setting the name of the file into a java system property (which can be done by a trusted applet), is not a particularly good idea, as this is global, and what is desired is that the login configuration file be found in the applet class loader (or web start class loaded.) REPRODUCIBILITY : This bug can be reproduced always. CUSTOMER WORKAROUND : Supply a user written version of Configuration. That means writing actual code for this, which seems a waste since the code to parse login configuration files is already present in the java runtime. (Review ID: 180374) ======================================================================