archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8266459: Implement JEP 411: Deprecate the Security Manager for Removal

Browse source 
Co-authored-by: Sean Mullan <mullan@openjdk.org>
Co-authored-by: Lance Andersen <lancea@openjdk.org>
Co-authored-by: Weijun Wang <weijun@openjdk.org>
Reviewed-by: erikj, darcy, chegar, naoto, joehw, alanb, mchung, kcr, prr, lancea
This commit is contained in:
Weijun Wang 2021-06-02 11:57:31 +00:00
parent 19450b9951
commit 6765f90250
826 changed files with 2734 additions and 757 deletions
Download patch file Download diff file Expand all files Collapse all files

89
src/java.base/share/classes/java/lang/System.java
View file

@ -181,6 +181,7 @@ public final class System {
private static @Stable int allowSecurityManager;
// current security manager
@SuppressWarnings("removal")
private static volatile SecurityManager security; // read by VM
// return true if a security manager is allowed
@ -312,6 +313,7 @@ public final class System {
}
private static void checkIO() {
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("setIO"));
@ -352,26 +354,19 @@ public final class System {
* @see #getSecurityManager
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
* @deprecated This method is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is
* deprecated and subject to removal in a future release.
* Consequently, this method is also deprecated and subject to
* removal. There is no replacement for the Security Manager or this
* method.
*/
public static void setSecurityManager(SecurityManager sm) {
@Deprecated(since="17", forRemoval=true)
public static void setSecurityManager(@SuppressWarnings("removal") SecurityManager sm) {
if (allowSecurityManager()) {
if (security == null) {
// ensure image reader is initialized
Object.class.getResource("java/lang/ANY");
// ensure the default file system is initialized
DefaultFileSystemProvider.theFileSystem();
}
if (sm != null) {
try {
// pre-populates the SecurityManager.packageAccess cache
// to avoid recursive permission checking issues with custom
// SecurityManager implementations
sm.checkPackageAccess("java.lang");
} catch (Exception e) {
// no-op
}
}
setSecurityManager0(sm);
System.err.println("WARNING: java.lang.System::setSecurityManager" +
" is deprecated and will be removed in a future release.");
implSetSecurityManager(sm);
} else {
// security manager not allowed
if (sm != null) {
@ -381,6 +376,27 @@ public final class System {
}
}
private static void implSetSecurityManager(@SuppressWarnings("removal") SecurityManager sm) {
if (security == null) {
// ensure image reader is initialized
Object.class.getResource("java/lang/ANY");
// ensure the default file system is initialized
DefaultFileSystemProvider.theFileSystem();
}
if (sm != null) {
try {
// pre-populates the SecurityManager.packageAccess cache
// to avoid recursive permission checking issues with custom
// SecurityManager implementations
sm.checkPackageAccess("java.lang");
} catch (Exception e) {
// no-op
}
}
setSecurityManager0(sm);
}
@SuppressWarnings("removal")
private static synchronized
void setSecurityManager0(final SecurityManager s) {
SecurityManager sm = getSecurityManager();
@ -418,7 +434,15 @@ public final class System {
* current application, then that security manager is returned;
* otherwise, {@code null} is returned.
* @see #setSecurityManager
* @deprecated This method is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is
* deprecated and subject to removal in a future release.
* Consequently, this method is also deprecated and subject to
* removal. There is no replacement for the Security Manager or this
* method.
*/
@SuppressWarnings("removal")
@Deprecated(since="17", forRemoval=true)
public static SecurityManager getSecurityManager() {
if (allowSecurityManager()) {
return security;
@ -750,6 +774,7 @@ public final class System {
* @see java.util.Properties
*/
public static Properties getProperties() {
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPropertiesAccess();
@ -802,6 +827,7 @@ public final class System {
* @see java.lang.SecurityManager#checkPropertiesAccess()
*/
public static void setProperties(Properties props) {
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPropertiesAccess();
@ -847,6 +873,7 @@ public final class System {
*/
public static String getProperty(String key) {
checkKey(key);
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPropertyAccess(key);
@ -882,6 +909,7 @@ public final class System {
*/
public static String getProperty(String key, String def) {
checkKey(key);
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPropertyAccess(key);
@ -925,6 +953,7 @@ public final class System {
*/
public static String setProperty(String key, String value) {
checkKey(key);
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new PropertyPermission(key,
@ -966,6 +995,7 @@ public final class System {
*/
public static String clearProperty(String key) {
checkKey(key);
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new PropertyPermission(key, "write"));
@ -1030,6 +1060,7 @@ public final class System {
* @see ProcessBuilder#environment()
*/
public static String getenv(String name) {
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("getenv."+name));
@ -1079,6 +1110,7 @@ public final class System {
* @since 1.5
*/
public static java.util.Map<String,String> getenv() {
@SuppressWarnings("removal")
SecurityManager sm = getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("getenv.*"));
@ -1546,6 +1578,7 @@ public final class System {
}
private static Void checkPermission() {
@SuppressWarnings("removal")
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(LOGGERFINDER_PERMISSION);
@ -1629,6 +1662,7 @@ public final class System {
* {@code RuntimePermission("loggerFinder")}.
*/
public static LoggerFinder getLoggerFinder() {
@SuppressWarnings("removal")
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(LOGGERFINDER_PERMISSION);
@ -1638,6 +1672,7 @@ public final class System {
private static volatile LoggerFinder service;
@SuppressWarnings("removal")
static LoggerFinder accessProvider() {
// We do not need to synchronize: LoggerFinderLoader will
// always return the same instance, so if we don't have it,
@ -1741,6 +1776,7 @@ public final class System {
*
* @since 9
*/
@SuppressWarnings("removal")
@CallerSensitive
public static Logger getLogger(String name, ResourceBundle bundle) {
final ResourceBundle rb = Objects.requireNonNull(bundle);
@ -2103,6 +2139,7 @@ public final class System {
* The security manager and system class loader may be a custom class from
* the application classpath or modulepath.
*/
@SuppressWarnings("removal")
private static void initPhase3() {
// Initialize the StringConcatFactory eagerly to avoid potential
@ -2111,6 +2148,7 @@ public final class System {
Unsafe.getUnsafe().ensureClassInitialized(StringConcatFactory.class);
String smProp = System.getProperty("java.security.manager");
boolean needWarning = false;
if (smProp != null) {
switch (smProp) {
case "disallow":
@ -2121,8 +2159,9 @@ public final class System {
break;
case "":
case "default":
setSecurityManager(new SecurityManager());
implSetSecurityManager(new SecurityManager());
allowSecurityManager = MAYBE;
needWarning = true;
break;
default:
try {
@ -2140,7 +2179,8 @@ public final class System {
// custom security manager may be in non-exported package
ctor.setAccessible(true);
SecurityManager sm = (SecurityManager) ctor.newInstance();
setSecurityManager(sm);
implSetSecurityManager(sm);
needWarning = true;
} catch (Exception e) {
throw new InternalError("Could not create SecurityManager", e);
}
@ -2150,6 +2190,11 @@ public final class System {
allowSecurityManager = MAYBE;
}
if (needWarning) {
System.err.println("WARNING: The Security Manager is deprecated" +
" and will be removed in a future release.");
}
// initializing the system class loader
VM.initLevel(3);
@ -2200,7 +2245,7 @@ public final class System {
public void registerShutdownHook(int slot, boolean registerShutdownInProgress, Runnable hook) {
Shutdown.add(slot, registerShutdownInProgress, hook);
}
public Thread newThreadWithAcc(Runnable target, AccessControlContext acc) {
public Thread newThreadWithAcc(Runnable target, @SuppressWarnings("removal") AccessControlContext acc) {
return new Thread(target, acc);
}
@SuppressWarnings("deprecation")
@ -2226,9 +2271,11 @@ public final class System {
public String fastUUID(long lsb, long msb) {
return Long.fastUUID(lsb, msb);
}
@SuppressWarnings("removal")
public void addNonExportedPackages(ModuleLayer layer) {
SecurityManager.addNonExportedPackages(layer);
}
@SuppressWarnings("removal")
public void invalidatePackageAccessCache() {
SecurityManager.invalidatePackageAccessCache();
}