JDK-4714838 : Document that PolicyProviders must answer for its own ProtectionDomain
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 1.4.1
  • Priority: P4
  • Status: Resolved
  • Resolution: Won't Fix
  • OS: generic
  • CPU: generic
  • Submitted: 2002-07-15
  • Updated: 2013-05-21
  • Resolved: 2013-05-21
Related Reports
Relates :  
JDK-5034011 - ProtectionDomain.toString() in Policy.implies() causes StackOverflowError
Relates :  
JDK-4202504 - Should allow policy class to be provided as an extension or on CLASSPATH
Description
We should document that PolicyProviders must be able to answer for  its own ProtectionDomain without triggering additional security checks. If this is not done than an stack overflow due to recursion will occur.

See also 4202504
Comments
This is a documentation issue, but it seems to be a rare issue probably because implementing your own policy provider is somewhat rare. Since the bug is >10 years old, I am closing as won't fix. We can reconsider adding some documentation about this issue should it become more common again.
21-05-2013
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: tiger-beta2
14-06-2004
EVALUATION One suggestion is to add "How to Implement a Policy Provider" in the java security web page. ###@###.### 2002-07-15 See also the bug 4202504. ###@###.### 2002-10-03 Though this bug is committed for tiger, this can be fixed any time since all is needed is update to our security web page. ###@###.### 2002-11-04
03-10-2002