diff --git a/src/java.base/share/classes/sun/security/util/SecurityConstants.java b/src/java.base/share/classes/sun/security/util/SecurityConstants.java index 21ec592c766..9d49bbba0a1 100644 --- a/src/java.base/share/classes/sun/security/util/SecurityConstants.java +++ b/src/java.base/share/classes/sun/security/util/SecurityConstants.java @@ -96,10 +96,6 @@ public final class SecurityConstants { public static final RuntimePermission GET_PD_PERMISSION = new RuntimePermission("getProtectionDomain"); - // java.lang.Class, java.lang.ClassLoader, java.lang.Thread - public static final RuntimePermission GET_CLASSLOADER_PERMISSION = - new RuntimePermission("getClassLoader"); - // java.lang.Thread public static final RuntimePermission GET_STACK_TRACE_PERMISSION = new RuntimePermission("getStackTrace"); diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/ClientId.java b/src/java.naming/share/classes/com/sun/jndi/ldap/ClientId.java index 7348692ad30..20a8cdcf148 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/ClientId.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/ClientId.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -84,8 +84,8 @@ class ClientId { if ((socketFactory != null) && !socketFactory.equals(LdapCtx.DEFAULT_SSL_FACTORY)) { try { - Class socketFactoryClass = - Obj.helper.loadClass(socketFactory); + Class socketFactoryClass = Class.forName(socketFactory, + true, Thread.currentThread().getContextClassLoader()); this.sockComparator = socketFactoryClass.getMethod( "compare", new Class[]{Object.class, Object.class}); Method getDefault = socketFactoryClass.getMethod( diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/Connection.java b/src/java.naming/share/classes/com/sun/jndi/ldap/Connection.java index f270a34d5b7..8166fe97a4a 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/Connection.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/Connection.java @@ -44,8 +44,6 @@ import javax.naming.ldap.Control; import java.lang.reflect.Method; import java.lang.reflect.InvocationTargetException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Arrays; @@ -183,10 +181,8 @@ public final class Connection implements Runnable { = hostnameVerificationDisabledValue(); private static boolean hostnameVerificationDisabledValue() { - PrivilegedAction act = () -> System.getProperty( + String prop = System.getProperty( "com.sun.jndi.ldap.object.disableEndpointIdentification"); - @SuppressWarnings("removal") - String prop = AccessController.doPrivileged(act); if (prop == null) { return false; } @@ -259,7 +255,7 @@ public final class Connection implements Runnable { throw ce; } - worker = Obj.helper.createThread(this); + worker = new Thread(this); worker.setDaemon(true); worker.start(); } @@ -313,7 +309,8 @@ public final class Connection implements Runnable { } @SuppressWarnings("unchecked") Class socketFactoryClass = - (Class) Obj.helper.loadClass(socketFactoryName); + (Class) Class.forName(socketFactoryName, + true, Thread.currentThread().getContextClassLoader()); Method getDefault = socketFactoryClass.getMethod("getDefault"); SocketFactory factory = (SocketFactory) getDefault.invoke(null, new Object[]{}); diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/EventQueue.java b/src/java.naming/share/classes/com/sun/jndi/ldap/EventQueue.java index 3d88e179894..4f1cb9ec6a7 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/EventQueue.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/EventQueue.java @@ -71,7 +71,7 @@ final class EventQueue implements Runnable { // package private EventQueue() { - qThread = Obj.helper.createThread(this); + qThread = new Thread(this); qThread.setDaemon(true); // not a user thread qThread.start(); } diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java index 53a33a57097..5259cb63801 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,10 +25,6 @@ package com.sun.jndi.ldap; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.Vector; import javax.naming.*; import javax.naming.directory.*; @@ -41,16 +37,12 @@ import com.sun.naming.internal.ObjectFactoriesFilter; final class LdapBindingEnumeration extends AbstractLdapNamingEnumeration { - @SuppressWarnings("removal") - private final AccessControlContext acc = AccessController.getContext(); - LdapBindingEnumeration(LdapCtx homeCtx, LdapResult answer, Name remain, Continuation cont) throws NamingException { super(homeCtx, answer, remain, cont); } - @SuppressWarnings("removal") @Override protected Binding createItem(String dn, Attributes attrs, Vector respCtls) @@ -61,12 +53,7 @@ final class LdapBindingEnumeration if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) { // serialized object or object reference - try { - PrivilegedExceptionAction pa = () -> Obj.decodeObject(attrs); - obj = AccessController.doPrivileged(pa, acc); - } catch (PrivilegedActionException e) { - throw (NamingException)e.getException(); - } + obj = Obj.decodeObject(attrs); } if (obj == null) { // DirContext object diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java index 27ecb9e4ca1..0695894f300 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,8 +32,6 @@ import javax.naming.ldap.*; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Collections; import java.util.Locale; @@ -220,7 +218,7 @@ public final class LdapCtx extends ComponentDirContext // System property value private static final String ALLOWED_MECHS_SP_VALUE = - getMechsAllowedToSendCredentials(); + System.getProperty(ALLOWED_MECHS_SP); // Set of authentication mechanisms allowed by the system property private static final Set MECHS_ALLOWED_BY_SP = @@ -2706,13 +2704,6 @@ public final class LdapCtx extends ComponentDirContext ensureOpen(); // open or reauthenticated } - // Load 'mechsAllowedToSendCredentials' system property value - @SuppressWarnings("removal") - private static String getMechsAllowedToSendCredentials() { - PrivilegedAction pa = () -> System.getProperty(ALLOWED_MECHS_SP); - return System.getSecurityManager() == null ? pa.run() : AccessController.doPrivileged(pa); - } - // Get set of allowed authentication mechanism names from the property value private static Set getMechsFromPropertyValue(String propValue) { if (propValue == null || propValue.isBlank()) { diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapDnsProviderService.java b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapDnsProviderService.java index 9330782f48c..da9c66489ad 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapDnsProviderService.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapDnsProviderService.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,14 +25,11 @@ package com.sun.jndi.ldap; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.*; import java.util.concurrent.locks.ReentrantLock; import javax.naming.NamingException; import javax.naming.ldap.spi.LdapDnsProvider; import javax.naming.ldap.spi.LdapDnsProviderResult; -import sun.security.util.SecurityConstants; /** * The {@code LdapDnsProviderService} is responsible for creating and providing @@ -50,25 +47,10 @@ final class LdapDnsProviderService { /** * Creates a new instance of LdapDnsProviderService */ - @SuppressWarnings("removal") private LdapDnsProviderService() { - SecurityManager sm = System.getSecurityManager(); - if (sm == null) { - providers = ServiceLoader.load( - LdapDnsProvider.class, - ClassLoader.getSystemClassLoader()); - } else { - final PrivilegedAction> pa = - () -> ServiceLoader.load( - LdapDnsProvider.class, - ClassLoader.getSystemClassLoader()); - - providers = AccessController.doPrivileged( - pa, - null, - new RuntimePermission("ldapDnsProvider"), - SecurityConstants.GET_CLASSLOADER_PERMISSION); - } + providers = ServiceLoader.load( + LdapDnsProvider.class, + ClassLoader.getSystemClassLoader()); } /** diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapPoolManager.java b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapPoolManager.java index ef122351437..384e1ace289 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapPoolManager.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapPoolManager.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,8 +34,6 @@ import java.util.StringTokenizer; import javax.naming.ldap.Control; import javax.naming.NamingException; import javax.naming.CommunicationException; -import java.security.AccessController; -import java.security.PrivilegedAction; import com.sun.jndi.ldap.pool.PoolCleaner; import com.sun.jndi.ldap.pool.Pool; @@ -60,10 +58,10 @@ public final class LdapPoolManager { "com.sun.jndi.ldap.connect.pool.debug"; public static final boolean debug = - "all".equalsIgnoreCase(getProperty(DEBUG, null)); + "all".equalsIgnoreCase(System.getProperty(DEBUG)); public static final boolean trace = debug || - "fine".equalsIgnoreCase(getProperty(DEBUG, null)); + "fine".equalsIgnoreCase(System.getProperty(DEBUG)); // ---------- System properties for connection pooling @@ -120,16 +118,16 @@ public final class LdapPoolManager { private static final Pool[] pools = new Pool[3]; static { - maxSize = getInteger(MAX_POOL_SIZE, DEFAULT_MAX_POOL_SIZE); + maxSize = Integer.getInteger(MAX_POOL_SIZE, DEFAULT_MAX_POOL_SIZE); - prefSize = getInteger(PREF_POOL_SIZE, DEFAULT_PREF_POOL_SIZE); + prefSize = Integer.getInteger(PREF_POOL_SIZE, DEFAULT_PREF_POOL_SIZE); - initSize = getInteger(INIT_POOL_SIZE, DEFAULT_INIT_POOL_SIZE); + initSize = Integer.getInteger(INIT_POOL_SIZE, DEFAULT_INIT_POOL_SIZE); - idleTimeout = getLong(POOL_TIMEOUT, DEFAULT_TIMEOUT); + idleTimeout = Long.getLong(POOL_TIMEOUT, DEFAULT_TIMEOUT); // Determine supported authentication mechanisms - String str = getProperty(POOL_AUTH, DEFAULT_AUTH_MECHS); + String str = System.getProperty(POOL_AUTH, DEFAULT_AUTH_MECHS); StringTokenizer parser = new StringTokenizer(str); int count = parser.countTokens(); String mech; @@ -147,7 +145,7 @@ public final class LdapPoolManager { } // Determine supported protocols - str= getProperty(POOL_PROTOCOL, DEFAULT_PROTOCOLS); + str = System.getProperty(POOL_PROTOCOL, DEFAULT_PROTOCOLS); parser = new StringTokenizer(str); count = parser.countTokens(); String proto; @@ -171,20 +169,15 @@ public final class LdapPoolManager { } } - @SuppressWarnings("removal") private static void startCleanerThread() { // Create cleaner to expire idle connections - PrivilegedAction pa = new PrivilegedAction() { - public Void run() { - Thread t = InnocuousThread.newSystemThread( - "LDAP PoolCleaner", - new PoolCleaner(idleTimeout, pools)); - assert t.getContextClassLoader() == null; - t.setDaemon(true); - t.start(); - return null; - }}; - AccessController.doPrivileged(pa); + Thread t = InnocuousThread.newSystemThread( + "LDAP PoolCleaner", + new PoolCleaner(idleTimeout, pools)); + assert t.getContextClassLoader() == null; + t.setDaemon(true); + t.start(); + } // Cannot instantiate one of these @@ -252,7 +245,8 @@ public final class LdapPoolManager { if ((socketFactory != null) && !socketFactory.equals(LdapCtx.DEFAULT_SSL_FACTORY)) { try { - Class socketFactoryClass = Obj.helper.loadClass(socketFactory); + Class socketFactoryClass = Class.forName(socketFactory, true, + Thread.currentThread().getContextClassLoader()); Class[] interfaces = socketFactoryClass.getInterfaces(); for (int i = 0; i < interfaces.length; i++) { if (interfaces[i].getCanonicalName().equals(COMPARATOR)) { @@ -399,22 +393,4 @@ public final class LdapPoolManager { System.err.println("LdapPoolManager: " + msg + o); } } - - @SuppressWarnings("removal") - private static final String getProperty(final String propName, final String defVal) { - PrivilegedAction pa = () -> System.getProperty(propName, defVal); - return AccessController.doPrivileged(pa); - } - - @SuppressWarnings("removal") - private static final int getInteger(final String propName, final int defVal) { - PrivilegedAction pa = () -> Integer.getInteger(propName, defVal); - return AccessController.doPrivileged(pa); - } - - @SuppressWarnings("removal") - private static final long getLong(final String propName, final long defVal) { - PrivilegedAction pa = () -> Long.getLong(propName, defVal); - return AccessController.doPrivileged(pa); - } } diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java index 50f26851892..6f1981df102 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,10 +25,6 @@ package com.sun.jndi.ldap; -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; import java.util.Vector; import javax.naming.*; import javax.naming.directory.*; @@ -45,9 +41,6 @@ final class LdapSearchEnumeration private Name startName; // prefix of names of search results private LdapCtx.SearchArgs searchArgs = null; - @SuppressWarnings("removal") - private final AccessControlContext acc = AccessController.getContext(); - LdapSearchEnumeration(LdapCtx homeCtx, LdapResult search_results, String starter, LdapCtx.SearchArgs args, Continuation cont) throws NamingException { @@ -61,7 +54,6 @@ final class LdapSearchEnumeration searchArgs = args; } - @SuppressWarnings("removal") @Override protected SearchResult createItem(String dn, Attributes attrs, Vector respCtls) @@ -121,12 +113,7 @@ final class LdapSearchEnumeration if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) { // Entry contains Java-object attributes (ser/ref object) // serialized object or object reference - try { - PrivilegedExceptionAction pea = () -> Obj.decodeObject(attrs); - obj = AccessController.doPrivileged(pea, acc); - } catch (PrivilegedActionException e) { - throw (NamingException)e.getException(); - } + obj = Obj.decodeObject(attrs); } if (obj == null) { obj = new LdapCtx(homeCtx, dn); diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java index f26e086d6a7..140f025b779 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,6 @@ import javax.naming.*; import java.net.MalformedURLException; import java.io.UnsupportedEncodingException; import java.net.URI; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Locale; import java.util.StringTokenizer; import com.sun.jndi.toolkit.url.Uri; @@ -73,12 +71,9 @@ public final class LdapURL extends Uri { public static final ParseMode PARSE_MODE; static { - PrivilegedAction action = () -> - System.getProperty(PARSE_MODE_PROP, DEFAULT_PARSE_MODE.toString()); ParseMode parseMode = DEFAULT_PARSE_MODE; try { - @SuppressWarnings("removal") - String mode = AccessController.doPrivileged(action); + String mode = System.getProperty(PARSE_MODE_PROP, DEFAULT_PARSE_MODE.toString()); parseMode = ParseMode.valueOf(mode.toUpperCase(Locale.ROOT)); } catch (Throwable t) { parseMode = DEFAULT_PARSE_MODE; diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/NamingEventNotifier.java b/src/java.naming/share/classes/com/sun/jndi/ldap/NamingEventNotifier.java index 27b83b91515..40a8173b768 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/NamingEventNotifier.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/NamingEventNotifier.java @@ -86,7 +86,7 @@ final class NamingEventNotifier implements Runnable { namingListeners = new Vector<>(); namingListeners.addElement(firstListener); - worker = Obj.helper.createThread(this); + worker = new Thread(this); worker.setDaemon(true); // not a user thread worker.start(); } diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/Obj.java b/src/java.naming/share/classes/com/sun/jndi/ldap/Obj.java index 0d28928559f..5e34f954302 100644 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/Obj.java +++ b/src/java.naming/share/classes/com/sun/jndi/ldap/Obj.java @@ -57,8 +57,19 @@ final class Obj { private Obj () {}; // Make sure no one can create one - // package private; used by Connection - static VersionHelper helper = VersionHelper.getVersionHelper(); + /** + * Determines whether objects may be deserialized or reconstructed from a content of + * 'javaSerializedData', 'javaRemoteLocation' or 'javaReferenceAddress' LDAP attributes. + */ + private static final boolean trustSerialData; + + static { + // System property to control whether classes are allowed to be loaded from + // 'javaSerializedData', 'javaRemoteLocation' or 'javaReferenceAddress' attributes. + String trustSerialDataSp = System.getProperty( + "com.sun.jndi.ldap.object.trustSerialData", "false"); + trustSerialData = "true".equalsIgnoreCase(trustSerialDataSp); + } // LDAP attributes used to support Java objects. static final String[] JAVA_ATTRIBUTES = { @@ -233,14 +244,14 @@ final class Obj { String[] codebases = getCodebases(attrs.get(JAVA_ATTRIBUTES[CODEBASE])); try { if ((attr = attrs.get(JAVA_ATTRIBUTES[SERIALIZED_DATA])) != null) { - if (!VersionHelper.isSerialDataAllowed()) { + if (!trustSerialData) { throw new NamingException("Object deserialization is not allowed"); } ClassLoader cl = Thread.currentThread().getContextClassLoader(); return deserializeObject((byte[])attr.get(), cl); } else if ((attr = attrs.get(JAVA_ATTRIBUTES[REMOTE_LOC])) != null) { // javaRemoteLocation attribute (RMI stub will be created) - if (!VersionHelper.isSerialDataAllowed()) { + if (!trustSerialData) { throw new NamingException("Object deserialization is not allowed"); } // For backward compatibility only @@ -471,7 +482,7 @@ final class Obj { } else if (val.charAt(start) == separator) { // Check if deserialization of binary RefAddr is allowed from // 'javaReferenceAddress' LDAP attribute. - if (!VersionHelper.isSerialDataAllowed()) { + if (!trustSerialData) { throw new NamingException("Object deserialization is not allowed"); } diff --git a/src/java.naming/share/classes/com/sun/jndi/ldap/VersionHelper.java b/src/java.naming/share/classes/com/sun/jndi/ldap/VersionHelper.java deleted file mode 100644 index bb888a1457a..00000000000 --- a/src/java.naming/share/classes/com/sun/jndi/ldap/VersionHelper.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.jndi.ldap; - -public final class VersionHelper { - - private static final VersionHelper helper = new VersionHelper(); - - /** - * Determines whether objects may be deserialized or reconstructed from a content of - * 'javaSerializedData', 'javaRemoteLocation' or 'javaReferenceAddress' LDAP attributes. - */ - private static final boolean trustSerialData; - - static { - // System property to control whether classes are allowed to be loaded from - // 'javaSerializedData', 'javaRemoteLocation' or 'javaReferenceAddress' attributes. - String trustSerialDataSp = System.getProperty( - "com.sun.jndi.ldap.object.trustSerialData", "false"); - trustSerialData = "true".equalsIgnoreCase(trustSerialDataSp); - } - - private VersionHelper() { - } - - static VersionHelper getVersionHelper() { - return helper; - } - - /** - * Returns true if deserialization or reconstruction of objects from - * 'javaSerializedData', 'javaRemoteLocation' and 'javaReferenceAddress' - * LDAP attributes is allowed. - * - * @return true if deserialization is allowed; false - otherwise - */ - public static boolean isSerialDataAllowed() { - return trustSerialData; - } - - Class loadClass(String className) throws ClassNotFoundException { - return Class.forName(className, true, - Thread.currentThread().getContextClassLoader()); - } - - Thread createThread(Runnable r) { - return new Thread(r); - } -} diff --git a/src/java.naming/share/classes/javax/naming/ldap/StartTlsRequest.java b/src/java.naming/share/classes/javax/naming/ldap/StartTlsRequest.java index 1e519609484..1e45ff511c5 100644 --- a/src/java.naming/share/classes/javax/naming/ldap/StartTlsRequest.java +++ b/src/java.naming/share/classes/javax/naming/ldap/StartTlsRequest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,13 +26,10 @@ package javax.naming.ldap; import java.util.Iterator; -import java.security.AccessController; -import java.security.PrivilegedAction; import javax.naming.ConfigurationException; import javax.naming.NamingException; import com.sun.naming.internal.VersionHelper; import java.util.ServiceLoader; -import java.util.ServiceConfigurationError; /** * This class implements the LDAPv3 Extended Request for StartTLS as @@ -181,10 +178,10 @@ public class StartTlsRequest implements ExtendedRequest { StartTlsResponse resp = null; ServiceLoader sl = ServiceLoader.load( - StartTlsResponse.class, getContextClassLoader()); + StartTlsResponse.class, Thread.currentThread().getContextClassLoader()); Iterator iter = sl.iterator(); - while (resp == null && privilegedHasNext(iter)) { + while (resp == null && iter.hasNext()) { resp = iter.next(); } if (resp != null) { @@ -216,20 +213,5 @@ public class StartTlsRequest implements ExtendedRequest { return ce; } - /* - * Acquire the class loader associated with this thread. - */ - @SuppressWarnings("removal") - private final ClassLoader getContextClassLoader() { - PrivilegedAction pa = Thread.currentThread()::getContextClassLoader; - return AccessController.doPrivileged(pa); - } - - @SuppressWarnings("removal") - private static final boolean privilegedHasNext(final Iterator iter) { - PrivilegedAction pa = iter::hasNext; - return AccessController.doPrivileged(pa); - } - private static final long serialVersionUID = 4441679576360753397L; } diff --git a/src/java.naming/share/classes/javax/naming/ldap/spi/LdapDnsProvider.java b/src/java.naming/share/classes/javax/naming/ldap/spi/LdapDnsProvider.java index 0cb240a891c..21fbca5d1e7 100644 --- a/src/java.naming/share/classes/javax/naming/ldap/spi/LdapDnsProvider.java +++ b/src/java.naming/share/classes/javax/naming/ldap/spi/LdapDnsProvider.java @@ -53,29 +53,10 @@ import java.util.Optional; */ public abstract class LdapDnsProvider { - // The {@code RuntimePermission("ldapDnsProvider")} is - // necessary to subclass and instantiate the {@code LdapDnsProvider} class. - private static final RuntimePermission DNSPROVIDER_PERMISSION = - new RuntimePermission("ldapDnsProvider"); - /** * Creates a new instance of {@code LdapDnsProvider}. */ protected LdapDnsProvider() { - this(checkPermission()); - } - - private LdapDnsProvider(Void unused) { - // nothing to do. - } - - private static Void checkPermission() { - @SuppressWarnings("removal") - final SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(DNSPROVIDER_PERMISSION); - } - return null; } /** diff --git a/src/java.naming/share/classes/javax/naming/spi/NamingManager.java b/src/java.naming/share/classes/javax/naming/spi/NamingManager.java index 4d57b541ec1..83f0ec2dd78 100644 --- a/src/java.naming/share/classes/javax/naming/spi/NamingManager.java +++ b/src/java.naming/share/classes/javax/naming/spi/NamingManager.java @@ -25,8 +25,6 @@ package javax.naming.spi; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.*; import javax.naming.*; @@ -471,7 +469,6 @@ public class NamingManager { * @see javax.naming.InitialContext * @see javax.naming.directory.InitialDirContext */ - @SuppressWarnings("removal") public static Context getInitialContext(Hashtable env) throws NamingException { ClassLoader loader; @@ -492,16 +489,8 @@ public class NamingManager { throw ne; } - if (System.getSecurityManager() == null) { - loader = Thread.currentThread().getContextClassLoader(); - if (loader == null) loader = ClassLoader.getSystemClassLoader(); - } else { - PrivilegedAction pa = () -> { - ClassLoader cl = Thread.currentThread().getContextClassLoader(); - return (cl == null) ? ClassLoader.getSystemClassLoader() : cl; - }; - loader = AccessController.doPrivileged(pa); - } + loader = Thread.currentThread().getContextClassLoader(); + if (loader == null) loader = ClassLoader.getSystemClassLoader(); var key = FACTORIES_CACHE.sub(className); try { @@ -570,12 +559,6 @@ public class NamingManager { if (initctx_factory_builder != null) throw new IllegalStateException( "InitialContextFactoryBuilder already set"); - - @SuppressWarnings("removal") - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkSetFactory(); - } initctx_factory_builder = builder; } diff --git a/src/java.naming/share/classes/sun/security/provider/certpath/ldap/JdkLDAP.java b/src/java.naming/share/classes/sun/security/provider/certpath/ldap/JdkLDAP.java index d03a4f06221..b42c6971126 100644 --- a/src/java.naming/share/classes/sun/security/provider/certpath/ldap/JdkLDAP.java +++ b/src/java.naming/share/classes/sun/security/provider/certpath/ldap/JdkLDAP.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -69,25 +69,20 @@ public final class JdkLDAP extends Provider { } } - @SuppressWarnings("removal") public JdkLDAP() { super("JdkLDAP", PROVIDER_VER, "JdkLDAP Provider (implements LDAP CertStore)"); final Provider p = this; - PrivilegedAction pa = () -> { - HashMap attrs = new HashMap<>(2); - attrs.put("LDAPSchema", "RFC2587"); - attrs.put("ImplementedIn", "Software"); + HashMap attrs = new HashMap<>(2); + attrs.put("LDAPSchema", "RFC2587"); + attrs.put("ImplementedIn", "Software"); - /* - * CertStore - * attrs: LDAPSchema, ImplementedIn - */ - putService(new ProviderService(p, "CertStore", - "LDAP", "sun.security.provider.certpath.ldap.LDAPCertStore", - null, attrs)); - return null; - }; - AccessController.doPrivileged(pa); + /* + * CertStore + * attrs: LDAPSchema, ImplementedIn + */ + putService(new ProviderService(p, "CertStore", + "LDAP", "sun.security.provider.certpath.ldap.LDAPCertStore", + null, attrs)); } } diff --git a/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java b/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java index 7ff6dc8d925..b12e53cb7ec 100644 --- a/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java +++ b/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -136,12 +136,6 @@ public final class LDAPCertStore extends CertStoreSpi { + params.getClass().getName() + " passed"); } - @SuppressWarnings("removal") - SecurityManager security = System.getSecurityManager(); - if (security != null) { - security.checkConnect(serverName, port); - } - Key k = new Key(serverName, port); LDAPCertStoreImpl lci = certStoreCache.get(k); if (lci == null) { diff --git a/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java b/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java index 39a787bf4fb..8f18e04760a 100644 --- a/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java +++ b/src/java.naming/share/classes/sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -97,9 +97,7 @@ final class LDAPCertStoreImpl { "sun.security.certpath.ldap.disable.app.resource.files"; static { - @SuppressWarnings("removal") - String s = AccessController.doPrivileged( - (PrivilegedAction) () -> System.getProperty(PROP_LIFETIME)); + String s = System.getProperty(PROP_LIFETIME); if (s != null) { LIFETIME = Integer.parseInt(s); // throws NumberFormatException } else { @@ -172,9 +170,8 @@ final class LDAPCertStoreImpl { env.put(Context.PROVIDER_URL, url); // If property is set to true, disable application resource file lookup. - @SuppressWarnings("removal") - boolean disableAppResourceFiles = AccessController.doPrivileged( - (PrivilegedAction) () -> Boolean.getBoolean(PROP_DISABLE_APP_RESOURCE_FILES)); + boolean disableAppResourceFiles = + Boolean.getBoolean(PROP_DISABLE_APP_RESOURCE_FILES); if (disableAppResourceFiles) { if (debug != null) { debug.println("LDAPCertStore disabling app resource files"); diff --git a/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DNSDatagramChannelFactory.java b/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DNSDatagramChannelFactory.java index 73585c23f86..a278987ad3b 100644 --- a/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DNSDatagramChannelFactory.java +++ b/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DNSDatagramChannelFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,6 @@ import java.net.DatagramSocket; import java.net.ProtocolFamily; import java.net.InetSocketAddress; import java.nio.channels.DatagramChannel; -import java.security.AccessController; -import java.security.PrivilegedExceptionAction; import java.util.Objects; import java.util.Random; @@ -52,11 +50,9 @@ class DNSDatagramChannelFactory { } private static int findFirstFreePort() { - PrivilegedExceptionAction action = () -> new DatagramSocket(0); int port; try { - @SuppressWarnings({"deprecated", "removal"}) - DatagramSocket ds = AccessController.doPrivileged(action); + DatagramSocket ds = new DatagramSocket(0); try (DatagramSocket ds1 = ds) { port = ds1.getLocalPort(); } diff --git a/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsContextFactory.java b/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsContextFactory.java index 7b8a30a52d0..645fac074e5 100644 --- a/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsContextFactory.java +++ b/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsContextFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -90,9 +90,8 @@ public class DnsContextFactory implements InitialContextFactory { * Public for use by product test suite. */ public static boolean platformServersAvailable() { - return !filterNameServers( - ResolverConfiguration.open().nameservers(), true - ).isEmpty(); + return !ResolverConfiguration + .open().nameservers().isEmpty(); } private static Context urlToContext(String url, Hashtable env) @@ -145,8 +144,8 @@ public class DnsContextFactory implements InitialContextFactory { // No server or port given, so look to underlying platform. // ResolverConfiguration does some limited caching, so the // following is reasonably efficient even if called rapid-fire. - List platformServers = filterNameServers( - ResolverConfiguration.open().nameservers(), false); + List platformServers = + ResolverConfiguration.open().nameservers(); if (!platformServers.isEmpty()) { servers.addAll(platformServers); continue; // on to next URL (if any, which is unlikely) @@ -216,42 +215,4 @@ public class DnsContextFactory implements InitialContextFactory { String url = (String) env.get(Context.PROVIDER_URL); return ((url != null) ? url : DEFAULT_URL); } - - /** - * Removes any DNS server that's not permitted to access - * @param input the input server[:port] list, must not be null - * @param oneIsEnough return output once there exists one ok - * @return the filtered list, all non-permitted input removed - */ - private static List filterNameServers(List input, boolean oneIsEnough) { - @SuppressWarnings("removal") - SecurityManager security = System.getSecurityManager(); - if (security == null || input == null || input.isEmpty()) { - return input; - } else { - List output = new ArrayList<>(); - for (String platformServer: input) { - int colon = platformServer.indexOf(':', - platformServer.indexOf(']') + 1); - - int p = (colon < 0) - ? DEFAULT_PORT - : Integer.parseInt( - platformServer.substring(colon + 1)); - String s = (colon < 0) - ? platformServer - : platformServer.substring(0, colon); - try { - security.checkConnect(s, p); - output.add(platformServer); - if (oneIsEnough) { - return output; - } - } catch (SecurityException se) { - continue; - } - } - return output; - } - } } diff --git a/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsUrl.java b/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsUrl.java index 5d5703c85eb..6c6b42021c9 100644 --- a/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsUrl.java +++ b/src/jdk.naming.dns/share/classes/com/sun/jndi/dns/DnsUrl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,8 +29,6 @@ package com.sun.jndi.dns; import java.net.MalformedURLException; import java.net.URI; import java.net.URISyntaxException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Locale; import java.util.StringTokenizer; @@ -65,12 +63,10 @@ public class DnsUrl extends Uri { public static final ParseMode PARSE_MODE; static { - PrivilegedAction action = () -> - System.getProperty(PARSE_MODE_PROP, DEFAULT_PARSE_MODE.toString()); ParseMode parseMode = DEFAULT_PARSE_MODE; try { - @SuppressWarnings("removal") - String mode = AccessController.doPrivileged(action); + String mode = System.getProperty( + PARSE_MODE_PROP, DEFAULT_PARSE_MODE.toString()); parseMode = ParseMode.valueOf(mode.toUpperCase(Locale.ROOT)); } catch (Throwable t) { parseMode = DEFAULT_PARSE_MODE; diff --git a/src/jdk.naming.rmi/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java b/src/jdk.naming.rmi/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java index 5becceb8294..e5090cbaae1 100644 --- a/src/jdk.naming.rmi/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java +++ b/src/jdk.naming.rmi/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java @@ -58,11 +58,6 @@ public class RegistryContext implements Context, Referenceable { Reference reference = null; // ref used to create this context, if any - // Environment property that, if set, indicates that a security - // manager should be installed (if none is already in place). - public static final String SECURITY_MGR = - "java.naming.rmi.security.manager"; - /** * Returns a context for the registry at a given host and port. * If "host" is null, uses default host. @@ -77,9 +72,6 @@ public class RegistryContext implements Context, Referenceable { environment = (env == null) ? new Hashtable(5) : (Hashtable) env; - if (environment.get(SECURITY_MGR) != null) { - installSecurityMgr(); - } // chop off '[' and ']' in an IPv6 literal address if ((host != null) && (host.charAt(0) == '[')) { @@ -295,9 +287,6 @@ public class RegistryContext implements Context, Referenceable { public Object addToEnvironment(String propName, Object propVal) throws NamingException { - if (propName.equals(SECURITY_MGR)) { - installSecurityMgr(); - } return environment.put(propName, propVal); } @@ -412,19 +401,6 @@ public class RegistryContext implements Context, Referenceable { } } - /** - * Attempts to install a security manager if none is currently in - * place. - */ - @SuppressWarnings("removal") - private static void installSecurityMgr() { - - try { - System.setSecurityManager(new SecurityManager()); - } catch (Exception e) { - } - } - /** * Encodes an object prior to binding it in the registry. First, * NamingManager.getStateToBind() is invoked. If the resulting diff --git a/src/jdk.naming.rmi/share/classes/com/sun/jndi/url/rmi/rmiURLContext.java b/src/jdk.naming.rmi/share/classes/com/sun/jndi/url/rmi/rmiURLContext.java index cfa66ed9174..c2972a87092 100644 --- a/src/jdk.naming.rmi/share/classes/com/sun/jndi/url/rmi/rmiURLContext.java +++ b/src/jdk.naming.rmi/share/classes/com/sun/jndi/url/rmi/rmiURLContext.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,6 @@ package com.sun.jndi.url.rmi; import java.net.URI; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Hashtable; import java.util.Locale; @@ -57,12 +55,9 @@ public class rmiURLContext extends GenericURLContext { public static final ParseMode PARSE_MODE; static { - PrivilegedAction action = () -> - System.getProperty(PARSE_MODE_PROP, DEFAULT_PARSE_MODE.toString()); ParseMode parseMode = DEFAULT_PARSE_MODE; try { - @SuppressWarnings("removal") - String mode = AccessController.doPrivileged(action); + String mode = System.getProperty(PARSE_MODE_PROP, DEFAULT_PARSE_MODE.toString()); parseMode = ParseMode.valueOf(mode.toUpperCase(Locale.ROOT)); } catch (Throwable t) { parseMode = DEFAULT_PARSE_MODE;