archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8266459: Implement JEP 411: Deprecate the Security Manager for Removal

Browse source 
Co-authored-by: Sean Mullan <mullan@openjdk.org>
Co-authored-by: Lance Andersen <lancea@openjdk.org>
Co-authored-by: Weijun Wang <weijun@openjdk.org>
Reviewed-by: erikj, darcy, chegar, naoto, joehw, alanb, mchung, kcr, prr, lancea
This commit is contained in:
Weijun Wang 2021-06-02 11:57:31 +00:00
parent 19450b9951
commit 6765f90250
826 changed files with 2734 additions and 757 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/java.base/share/classes/javax/crypto/JceSecurity.java.template
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -73,6 +73,7 @@ import sun.security.util.Debug;
* @since 1.4
*/
@SuppressWarnings("removal")
final class JceSecurity {
private static final Debug debug = Debug.getInstance("jca");

3
src/java.base/share/classes/javax/crypto/JceSecurityManager.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -46,6 +46,7 @@ import java.util.concurrent.ConcurrentMap;
* @since 1.4
*/
@SuppressWarnings("removal")
final class JceSecurityManager extends SecurityManager {
private static final CryptoPermissions defaultPolicy;

3
src/java.base/share/classes/javax/crypto/ProviderVerifier.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -83,6 +83,7 @@ final class ProviderVerifier {
* In OpenJDK, we just need to examine the "cryptoperms" file to see
* if any permissions were bundled together with this jar file.
*/
@SuppressWarnings("removal")
void verify() throws IOException {
// Short-circuit. If we weren't asked to save any, we're done.

5
src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -230,6 +230,7 @@ public abstract class HttpsURLConnection extends HttpURLConnection {
"no default HostnameVerifier specified");
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SSLPermission("setHostnameVerifier"));
@ -311,6 +312,7 @@ public abstract class HttpsURLConnection extends HttpURLConnection {
"no default SSLSocketFactory specified");
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkSetFactory();
@ -360,6 +362,7 @@ public abstract class HttpsURLConnection extends HttpURLConnection {
"no SSLSocketFactory specified");
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkSetFactory();

3
src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -62,6 +62,7 @@ public class KeyManagerFactory {
* {@code ssl.KeyManagerFactory.algorithm} security property, or an
* implementation-specific default if no such property exists.
*/
@SuppressWarnings("removal")
public static final String getDefaultAlgorithm() {
String type;
type = AccessController.doPrivileged(new PrivilegedAction<>() {

3
src/java.base/share/classes/javax/net/ssl/SSLContext.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -132,6 +132,7 @@ public class SSLContext {
if (context == null) {
throw new NullPointerException();
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SSLPermission("setDefaultSSLContext"));

3
src/java.base/share/classes/javax/net/ssl/SSLSocketFactory.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -86,6 +86,7 @@ public abstract class SSLSocketFactory extends SocketFactory {
}
}
@SuppressWarnings("removal")
static String getSecurityProperty(final String name) {
return AccessController.doPrivileged(new PrivilegedAction<>() {
@Override

3
src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -74,6 +74,7 @@ public class TrustManagerFactory {
* {@code ssl.TrustManagerFactory.algorithm} security property, or an
* implementation-specific default if no such property exists.
*/
@SuppressWarnings("removal")
public static final String getDefaultAlgorithm() {
String type;
type = AccessController.doPrivileged(new PrivilegedAction<>() {

41
src/java.base/share/classes/javax/security/auth/Subject.java
View file

@ -242,6 +242,7 @@ public final class Subject implements java.io.Serializable {
* {@code Subject} to be read-only.
*/
public void setReadOnly() {
@SuppressWarnings("removal")
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION);
@ -284,7 +285,16 @@ public final class Subject implements java.io.Serializable {
*
* @throws NullPointerException if the provided
* {@code AccessControlContext} is {@code null}.
*
* @deprecated This method depends on {@link AccessControlContext}
* which, in conjunction with
* {@linkplain SecurityManager the Security Manager}, is deprecated
* and subject to removal in a future release. However, obtaining a
* Subject is useful independent of the Security Manager, so a
* replacement for this method may be added in a future release.
*/
@SuppressWarnings("removal")
@Deprecated(since="17", forRemoval=true)
public static Subject getSubject(final AccessControlContext acc) {
java.lang.SecurityManager sm = System.getSecurityManager();
@ -345,6 +355,7 @@ public final class Subject implements java.io.Serializable {
* AuthPermission("doAs")} permission to invoke this
* method.
*/
@SuppressWarnings("removal")
public static <T> T doAs(final Subject subject,
final java.security.PrivilegedAction<T> action) {
@ -407,6 +418,7 @@ public final class Subject implements java.io.Serializable {
* AuthPermission("doAs")} permission to invoke this
* method.
*/
@SuppressWarnings("removal")
public static <T> T doAs(final Subject subject,
final java.security.PrivilegedExceptionAction<T> action)
throws java.security.PrivilegedActionException {
@ -463,7 +475,16 @@ public final class Subject implements java.io.Serializable {
* {@link AuthPermission#AuthPermission(String)
* AuthPermission("doAsPrivileged")} permission to invoke
* this method.
*
* @deprecated This method is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is
* deprecated and subject to removal in a future release.
* Consequently, this method is also deprecated and subject to
* removal. There is no replacement for the Security Manager or this
* method.
*/
@SuppressWarnings("removal")
@Deprecated(since="17", forRemoval=true)
public static <T> T doAsPrivileged(final Subject subject,
final java.security.PrivilegedAction<T> action,
final java.security.AccessControlContext acc) {
@ -529,7 +550,16 @@ public final class Subject implements java.io.Serializable {
* {@link AuthPermission#AuthPermission(String)
* AuthPermission("doAsPrivileged")} permission to invoke
* this method.
*
* @deprecated This method is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is
* deprecated and subject to removal in a future release.
* Consequently, this method is also deprecated and subject to
* removal. There is no replacement for the Security Manager or this
* method.
*/
@SuppressWarnings("removal")
@Deprecated(since="17", forRemoval=true)
public static <T> T doAsPrivileged(final Subject subject,
final java.security.PrivilegedExceptionAction<T> action,
final java.security.AccessControlContext acc)
@ -555,6 +585,7 @@ public final class Subject implements java.io.Serializable {
createContext(subject, callerAcc));
}
@SuppressWarnings("removal")
private static AccessControlContext createContext(final Subject subject,
final AccessControlContext acc) {
@ -1090,6 +1121,7 @@ public final class Subject implements java.io.Serializable {
return i.next();
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
@ -1111,6 +1143,7 @@ public final class Subject implements java.io.Serializable {
("Subject.is.read.only"));
}
@SuppressWarnings("removal")
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
switch (which) {
@ -1140,6 +1173,7 @@ public final class Subject implements java.io.Serializable {
(ResourcesMgr.getString("Subject.is.read.only"));
}
@SuppressWarnings("removal")
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
switch (which) {
@ -1175,6 +1209,7 @@ public final class Subject implements java.io.Serializable {
}
}
@SuppressWarnings("removal")
public boolean remove(Object o) {
Objects.requireNonNull(o,
@ -1202,6 +1237,7 @@ public final class Subject implements java.io.Serializable {
return false;
}
@SuppressWarnings("removal")
public boolean contains(Object o) {
Objects.requireNonNull(o,
@ -1253,6 +1289,7 @@ public final class Subject implements java.io.Serializable {
return result;
}
@SuppressWarnings("removal")
public boolean removeAll(Collection<?> c) {
c = collectionNullClean(c);
@ -1295,6 +1332,7 @@ public final class Subject implements java.io.Serializable {
return true;
}
@SuppressWarnings("removal")
public boolean retainAll(Collection<?> c) {
c = collectionNullClean(c);
@ -1322,6 +1360,7 @@ public final class Subject implements java.io.Serializable {
return modified;
}
@SuppressWarnings("removal")
public void clear() {
final Iterator<E> e = iterator();
while (e.hasNext()) {
@ -1488,7 +1527,7 @@ public final class Subject implements java.io.Serializable {
}
}
@SuppressWarnings("unchecked") /*To suppress warning from line 1374*/
@SuppressWarnings({"removal","unchecked"}) /*To suppress warning from line 1374*/
private void populateSet() {
final Iterator<?> iterator;
switch(which) {

9
src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,7 +39,14 @@ import java.lang.ref.WeakReference;
* {@code SubjectDomainCombiner}.
*
* @since 1.4
* @deprecated This class is only useful in conjunction with
* {@linkplain SecurityManager the Security Manager}, which is deprecated
* and subject to removal in a future release. Consequently, this class
* is also deprecated and subject to removal. There is no replacement for
* the Security Manager or this class.
*/
@SuppressWarnings("removal")
@Deprecated(since="17", forRemoval=true)
public class SubjectDomainCombiner implements java.security.DomainCombiner {
private Subject subject;

6
src/java.base/share/classes/javax/security/auth/login/Configuration.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -190,10 +190,12 @@ public abstract class Configuration {
private static Configuration configuration;
@SuppressWarnings("removal")
private final java.security.AccessControlContext acc =
java.security.AccessController.getContext();
private static void checkPermission(String type) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new AuthPermission
@ -220,6 +222,7 @@ public abstract class Configuration {
*
* @see #setConfiguration
*/
@SuppressWarnings("removal")
public static Configuration getConfiguration() {
SecurityManager sm = System.getSecurityManager();
@ -296,6 +299,7 @@ public abstract class Configuration {
* @see #getConfiguration
*/
public static void setConfiguration(Configuration configuration) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new AuthPermission("setLoginConfiguration"));

14
src/java.base/share/classes/javax/security/auth/login/LoginContext.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -207,6 +207,7 @@ public class LoginContext {
private Map<String,?> state = new HashMap<String,Object>();
private Configuration config;
@SuppressWarnings("removal")
private AccessControlContext creatorAcc = null; // customized config only
private ModuleInfo[] moduleStack;
private ClassLoader contextClassLoader = null;
@ -222,6 +223,7 @@ public class LoginContext {
private static final sun.security.util.Debug debug =
sun.security.util.Debug.getInstance("logincontext", "\t[LoginContext]");
@SuppressWarnings("removal")
private void init(String name) throws LoginException {
SecurityManager sm = System.getSecurityManager();
@ -288,6 +290,7 @@ public class LoginContext {
});
}
@SuppressWarnings("removal")
private void loadDefaultCallbackHandler() throws LoginException {
// get the default handler class
@ -407,6 +410,7 @@ public class LoginContext {
* the caller does not additionally have
* AuthPermission("createLoginContext.other")
*/
@SuppressWarnings("removal")
public LoginContext(String name, CallbackHandler callbackHandler)
throws LoginException {
init(name);
@ -446,6 +450,7 @@ public class LoginContext {
* the caller does not additionally have
* AuthPermission("createLoginContext.other")
*/
@SuppressWarnings("removal")
public LoginContext(String name, Subject subject,
CallbackHandler callbackHandler) throws LoginException {
this(name, subject);
@ -490,6 +495,7 @@ public class LoginContext {
*
* @since 1.5
*/
@SuppressWarnings("removal")
public LoginContext(String name, Subject subject,
CallbackHandler callbackHandler,
Configuration config) throws LoginException {
@ -657,6 +663,7 @@ public class LoginContext {
* This version is called if the caller did not instantiate
* the LoginContext with a Configuration object.
*/
@SuppressWarnings("removal")
private void invokePriv(final String methodName) throws LoginException {
try {
java.security.AccessController.doPrivileged
@ -684,6 +691,7 @@ public class LoginContext {
// locate and instantiate the LoginModule
//
String name = moduleStack[i].entry.getLoginModuleName();
@SuppressWarnings("removal")
ServiceLoader<LoginModule> sc = AccessController.doPrivileged(
(PrivilegedAction<ServiceLoader<LoginModule>>)
() -> ServiceLoader.load(
@ -885,15 +893,17 @@ public class LoginContext {
*/
private static class SecureCallbackHandler implements CallbackHandler {
@SuppressWarnings("removal")
private final java.security.AccessControlContext acc;
private final CallbackHandler ch;
SecureCallbackHandler(java.security.AccessControlContext acc,
SecureCallbackHandler(@SuppressWarnings("removal") java.security.AccessControlContext acc,
CallbackHandler ch) {
this.acc = acc;
this.ch = ch;
}
@SuppressWarnings("removal")
public void handle(final Callback[] callbacks)
throws java.io.IOException, UnsupportedCallbackException {
try {