JDK-8154188 : Deprivilege java.httpclient module
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 9
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2016-04-13
  • Updated: 2016-12-09
  • Resolved: 2016-12-09
Related Reports
Blocks :  
CODETOOLS-7901792 - testng.jar requires permissions
Duplicate :  
JDK-8170648 - Move java.net.http package out of Java SE to incubator namespace
Description
java.httpclient module does not need to be in the boot loader.

Move java.httpclient to be defined by platform class loader and grant specific set of permissions rather than AllPermissions.
Comments
Fixed in sandbox
09-12-2016
Run with Minimal Permissions: http://hg.openjdk.java.net/jdk9/sandbox/jdk/rev/1e817c897d81
19-09-2016
Moved to the platform loader, with all permissions for now. http://hg.openjdk.java.net/jdk9/sandbox/rev/f13bac4f0296 http://hg.openjdk.java.net/jdk9/sandbox/jdk/rev/dd19e386bf7a
14-09-2016
With JDK-8138980 resolved, it is now possible to load java.* types from the platform class loader.
14-09-2016
Note that the permission grants for de-privileged modules must go in jdk/src/java.base/share/lib/security/default.policy and not jdk/src/java.base/share/conf/security/java.policy. See JDK-8159752 for more information.
29-07-2016