8266459: Implement JEP 411: Deprecate the Security Manager for Removal

Co-authored-by: Sean Mullan <mullan@openjdk.org> Co-authored-by: Lance Andersen <lancea@openjdk.org> Co-authored-by: Weijun Wang <weijun@openjdk.org> Reviewed-by: erikj, darcy, chegar, naoto, joehw, alanb, mchung, kcr, prr, lancea
2025-08-27 06:45:07 +02:00 · 2021-06-02 11:57:31 +00:00 · 2021-06-02 11:57:31 +00:00 · 6765f90250
commit 6765f90250
parent 19450b9951
826 changed files with 2734 additions and 757 deletions
--- a/src/java.base/share/classes/java/io/ObjectInputStream.java
+++ b/src/java.base/share/classes/java/io/ObjectInputStream.java
@ -404,6 +404,7 @@ public class ObjectInputStream
     * @see java.io.SerializablePermission
     */
    protected ObjectInputStream() throws IOException, SecurityException {
+        @SuppressWarnings("removal")
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
@ -915,6 +916,7 @@ public class ObjectInputStream
            return enable;
        }
        if (enable) {
+            @SuppressWarnings("removal")
            SecurityManager sm = System.getSecurityManager();
            if (sm != null) {
                sm.checkPermission(SUBSTITUTION_PERMISSION);
@ -1307,6 +1309,7 @@ public class ObjectInputStream
     * @since 9
     */
    public final void setObjectInputFilter(ObjectInputFilter filter) {
+        @SuppressWarnings("removal")
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(ObjectStreamConstants.SERIAL_FILTER_PERMISSION);
@ -1575,6 +1578,7 @@ public class ObjectInputStream
        if (cl == ObjectInputStream.class) {
            return;
        }
+        @SuppressWarnings("removal")
        SecurityManager sm = System.getSecurityManager();
        if (sm == null) {
            return;
@ -1596,6 +1600,7 @@ public class ObjectInputStream
     * override security-sensitive non-final methods.  Returns TRUE if subclass
     * is "safe", FALSE otherwise.
     */
+    @SuppressWarnings("removal")
    private static Boolean auditSubclass(Class<?> subcl) {
        return AccessController.doPrivileged(
            new PrivilegedAction<Boolean>() {
@ -2660,10 +2665,11 @@ public class ObjectInputStream
            final ObjectInputValidation obj;
            final int priority;
            Callback next;
+            @SuppressWarnings("removal")
            final AccessControlContext acc;

            Callback(ObjectInputValidation obj, int priority, Callback next,
-                AccessControlContext acc)
+                @SuppressWarnings("removal") AccessControlContext acc)
            {
                this.obj = obj;
                this.priority = priority;
@ -2697,6 +2703,7 @@ public class ObjectInputStream
                prev = cur;
                cur = cur.next;
            }
+            @SuppressWarnings("removal")
            AccessControlContext acc = AccessController.getContext();
            if (prev != null) {
                prev.next = new Callback(obj, priority, cur, acc);
@ -2712,6 +2719,7 @@ public class ObjectInputStream
         * throws an InvalidObjectException, the callback process is terminated
         * and the exception propagated upwards.
         */
+        @SuppressWarnings("removal")
        void doCallbacks() throws InvalidObjectException {
            try {
                while (list != null) {