HTTP/2 301
server: AkamaiGHost
content-length: 0
location: https://bugs.openjdk.org/browse/JDK-4943650
date: Mon, 28 Jul 2025 10:21:32 GMT
HTTP/2 200
content-type: text/html;charset=UTF-8
x-arequestid: 621x3556125x2
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
strict-transport-security: max-age=31536000
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-ausername: anonymous
x-akamai-transformed: 0 - 0 -
vary: Accept-Encoding
content-encoding: gzip
date: Mon, 28 Jul 2025 10:21:34 GMT
content-length: 16882
set-cookie: atlassian.xsrf.token=BI6B-LGJG-J48D-LFXB_ccbb8bd80f48680980d1b7f79132a9103e7c1c1c_lout; Path=/; Secure; SameSite=None
set-cookie: JSESSIONID=4D3F3AC897513E692064ADC2DEF01751; Path=/; Secure; HttpOnly
set-cookie: _abck=4CDC16FB51BCB35FE4F4D85C716BD6CF~-1~YAAQNAHARa7DJT2YAQAA/k6NUA7TiWZmwWqieTQQOto/fZVvjAHPe/0s5L8LSha5txOqH5X3QMxQp5hfOc8Ns3DqMIViJ3sFW7n6Vzr4BMA2DJSE7TvekZnzjuVZX5gIo//hgRSseW31uiRLQTTHwEduyJuUBDmidDtwCOlOqC/cXyrYARqsyiOcYGF0D/Eh2JskVaJJmdqc6xLQpcRCWIb0QF66Uswe/EkWA3cA9A9OJECxV7+qBMdiVysWlL4PwXXg05Z9w3k1t2/wiltPmAhcmmBimnWnZn6Ei8QBqK+RJ4xsGaWnOgOm5RzSyeM2yr2/2XGBxl0f3KKJhGyicbd9Gq1mMrFgtTi18IhHM1NIfOGhT10SfiqO53exzCa/vz7EZBzBN5lYLviXUWf7KoHQTxF2W5LxNzp6J7Xr3+uLejLSjNbsl1SV5yuUw2X9mhDtr74=~-1~-1~-1; Domain=.openjdk.org; Path=/; Expires=Tue, 28 Jul 2026 10:21:34 GMT; Max-Age=31536000; Secure
set-cookie: bm_sz=708ABFD3A75D6DBC8C869BBABB36E6A1~YAAQNAHARa/DJT2YAQAA/k6NUBwinasry5IhJsuAFBHXLJ+sMRhlc4AlQVIaCS9rVnhXq72PHJuoANI1TtOZ4kk8gLkwLh0HDisR8E+3n8b1esuhUAIVu1M3BQnW16CkhL/hQZEYtTc18WdYNDQp8T1INact2T57lbK/k/WSUB7WNiH6TZBI0eYEoeDQ/GlsQlj3rkLW3Jhqk/lFI8TyBQmLyLM0NVQEeCCI0kNP5MdgM2gdFOx+I7bhbQAsXQ5shw19gYBBQOqBGfC4b2sTUh0FZcOZUdC58IUp9NgIuCYxN20JQBj9BpxJrOr/n3x2eY3cD1/+/gp+cMLpQHw2adLd96Hi5El8+iNo8OFx+Kx5rqgI33ztOpI=~3551794~3750192; Domain=.openjdk.org; Path=/; Expires=Mon, 28 Jul 2025 14:21:33 GMT; Max-Age=14399
Loading...
Type:
Enhancement
Resolution:
Won't Fix
Priority:
P3
Fix Version/s:
None
Affects Version/s:
1.4.1
Name: rl43681 Date: 10/24/2003
A DESCRIPTION OF THE REQUEST :
I would like to be able to restrict access to some parts of my system while leaving others open. It is far, far easier for me to enumerate what's forbidden than what's allowed.
JUSTIFICATION :
In my case what I want to do is allow people access to any network address that isn't one of a restricted set, including ones in the internet, so it is not possible to enumerate what's allowed.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I am only suggesting a possible syntax to which I'm not wedded at all:
grant {
restriction SocketPermission "*.restricted.example.com", "*";
permission SocketPermission "*.example.com", "*";
}
This would forbid access to anything in the "restricted" subdomain, but access to all other systems in the domain.
ACTUAL -
No equivalent behavior exists currently.
(Incident Review ID: 217542)
======================================================================