8266459: Implement JEP 411: Deprecate the Security Manager for Removal

Co-authored-by: Sean Mullan <mullan@openjdk.org> Co-authored-by: Lance Andersen <lancea@openjdk.org> Co-authored-by: Weijun Wang <weijun@openjdk.org> Reviewed-by: erikj, darcy, chegar, naoto, joehw, alanb, mchung, kcr, prr, lancea
2025-08-27 06:45:07 +02:00 · 2021-06-02 11:57:31 +00:00 · 2021-06-02 11:57:31 +00:00 · 6765f90250
commit 6765f90250
parent 19450b9951
826 changed files with 2734 additions and 757 deletions
--- a/src/java.base/share/classes/java/security/AccessControlContext.java
+++ b/src/java.base/share/classes/java/security/AccessControlContext.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -75,8 +75,14 @@ import sun.security.util.SecurityConstants;
 *
 * @author Roland Schemers
 * @since 1.2
+ * @deprecated This class is only useful in conjunction with
+ *       {@linkplain SecurityManager the Security Manager}, which is deprecated
+ *       and subject to removal in a future release. Consequently, this class
+ *       is also deprecated and subject to removal. There is no replacement for
+ *       the Security Manager or this class.
 */

+@Deprecated(since="17", forRemoval=true)
 public final class AccessControlContext {

    private ProtectionDomain[] context;
@ -89,6 +95,7 @@ public final class AccessControlContext {
    // native codes. Don't touch it.
    private AccessControlContext privilegedContext;

+    @SuppressWarnings("removal")
    private DomainCombiner combiner = null;

    // limited privilege scope
@ -103,6 +110,7 @@ public final class AccessControlContext {
    private static boolean debugInit = false;
    private static Debug debug = null;

+    @SuppressWarnings("removal")
    static Debug getDebug()
    {
        if (debugInit)
@ -171,7 +179,7 @@ public final class AccessControlContext {
     * @since 1.3
     */
    public AccessControlContext(AccessControlContext acc,
-                                DomainCombiner combiner) {
+                                @SuppressWarnings("removal") DomainCombiner combiner) {

        this(acc, combiner, false);
    }
@ -182,9 +190,10 @@ public final class AccessControlContext {
     * permission
     */
    AccessControlContext(AccessControlContext acc,
-                        DomainCombiner combiner,
+                        @SuppressWarnings("removal") DomainCombiner combiner,
                        boolean preauthorized) {
        if (!preauthorized) {
+            @SuppressWarnings("removal")
            SecurityManager sm = System.getSecurityManager();
            if (sm != null) {
                sm.checkPermission(SecurityConstants.CREATE_ACC_PERMISSION);
@ -211,7 +220,7 @@ public final class AccessControlContext {
     * This "argument wrapper" context will be passed as the actual context
     * parameter on an internal doPrivileged() call used in the implementation.
     */
-    AccessControlContext(ProtectionDomain caller, DomainCombiner combiner,
+    AccessControlContext(ProtectionDomain caller, @SuppressWarnings("removal") DomainCombiner combiner,
        AccessControlContext parent, AccessControlContext context,
        Permission[] perms)
    {
@ -323,6 +332,7 @@ public final class AccessControlContext {
    /**
     * get the assigned combiner from the privileged or inherited context
     */
+    @SuppressWarnings("removal")
    DomainCombiner getAssignedCombiner() {
        AccessControlContext acc;
        if (isPrivileged) {
@ -349,6 +359,7 @@ public final class AccessControlContext {
     *          {@link SecurityPermission}
     * @since 1.3
     */
+    @SuppressWarnings("removal")
    public DomainCombiner getDomainCombiner() {

        SecurityManager sm = System.getSecurityManager();
@ -361,6 +372,7 @@ public final class AccessControlContext {
    /**
     * package private for AccessController
     */
+    @SuppressWarnings("removal")
    DomainCombiner getCombiner() {
        return combiner;
    }
@ -388,6 +400,7 @@ public final class AccessControlContext {
     * context encapsulated by this object.
     * @throws    NullPointerException if the permission to check for is null.
     */
+    @SuppressWarnings("removal")
    public void checkPermission(Permission perm)
        throws AccessControlException
    {
@ -548,6 +561,7 @@ public final class AccessControlContext {
     * The limited privilege scope can indirectly flow from the inherited
     * parent thread or an assigned context previously captured by getContext().
     */
+    @SuppressWarnings("removal")
    AccessControlContext optimize() {
        // the assigned (privileged or inherited) context
        AccessControlContext acc;