Hi.
I was thinking a little about how to properly document what
permissions a method requires, and to help do static checking on
Classpath when it comes to permissions. Usually the Javadoc for a
method will declare what permissions it requires, and with what
arguments, sometimes in a @throws SecurityException tag. This is OK,
but it doesn't really lend itself well to doing automatic checking
(like, for example, checking if that permission is actually checked
in the method body in likely branchings, or if some method has an
*implied* permission check, because it calls a method that requires
some permission -- which implied permission checks may be incorrect,
per the spec).
Annotations seem like a pretty good way to do this, so I'd like to
propose that we add an annotation type to capture what permissions a
method requires, gnu.java.security.Requires. For example:
@Documented @Retention(CLASS) @Target(METHOD)
public @interface Requires
{
Class<? extends Permission> permissionClass();
String target();
String action();
}
And using it looks like:
@Requires(permissionClass = FooPermission.class,
target = "target", action = "action")
public void foo()
{
...
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new FooPermission("target", "action"));
...
}
Thoughts?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 478 bytes
Desc: This is a digitally signed message part
Url : http://developer.classpath.org/pipermail/classpath/attachments/20060612/bc14174b/PGP.pgp
