JDK-8046174 : JEP 184: HTTP URL Permissions
  • Type: JEP
  • Component: core-libs
  • Sub-Component: java.net
  • Priority: P4
  • Status: Closed
  • Resolution: Delivered
  • Fix Versions: 8
  • Submitted: 2013-03-26
  • Updated: 2017-06-14
  • Resolved: 2017-06-14
Related Reports
Blocks :  
JDK-8046130 - JEP 140: Limited doPrivileged
Relates :  
JDK-8010464 - Evolve java networking same origin policy
Description
Summary
-------

Define a new type of network permission which grants access in terms of
URLs rather than low-level IP addresses.


Motivation
----------

The only way to specify network permissions today is with the
`java.net.SocketPermission` class, which has two major drawbacks:

  1. Socket permissions govern the initiation of low-level TCP
     connections.  They therefore cannot distinguish between an HTTP
     connection to some host, which might be permitted, and other kinds
     of TCP connections to the same host, which might not be permitted.

  2. Socket permissions operate in terms of IP addresses rather than host
     names.  This makes it impossible to distinguish between virtual HTTP
     servers hosted on the same physical server at the same IP address.
     Even though two such servers have different domain names, a
     `SocketPermission` instance cannot be used to permit access to one
     server but not the other.


Description
-----------

This feature will define a higher-level permission type specific to HTTP
or perhaps, more generally, to arbitrary URL schemes.  The class will be
able to express permissions in terms of HTTP request methods (`GET`,
`POST`, `PUT`, _etc._) and URL scheme, authority, and path components.
No DNS lookups will be required in order to do permission checks or to
compare permission objects for equality.

The HTTP protocol handler will check for these new permissions in the
call stack and, using the [limited `doPrivileged()` feature](140), it
will effectively convert the URL permission into a `SocketPermission` for
the actual destination.


Testing
-------

This feature introduces one new class, which can be tested using the
JDK's built-in HTTP server.  Unit tests for the class itself, _i.e._, for
testing public methods such as `implies()`, can be written directly.  The
engineering work for this feature will include both kinds of tests.


Dependences
-----------

This feature depends on [JEP 140: Limited doPrivileged](JDK-8046130).


Impact
------

   - Security: Introduces a new security permission.  The use of limited
     `doPrivileged()` should limit the risk of security issues.