archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8193032: Remove terminally deprecated SecurityManager APIs

Browse source 
Remove the checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess, and checkMemberAccess methods.

Reviewed-by: alanb, mchung, kcr
This commit is contained in:
Sean Mullan 2018-04-04 11:26:10 -04:00
parent 9644c91625
commit ceea439679
5 changed files with 5 additions and 216 deletions
Download patch file Download diff file Expand all files Collapse all files

104
src/java.base/share/classes/java/lang/SecurityManager.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -235,19 +235,6 @@ public class SecurityManager {
*/
private boolean initialized = false;
/**
* returns true if the current context has been granted AllPermission
*/
private boolean hasAllPermission() {
try {
checkPermission(SecurityConstants.ALL_PERMISSION);
return true;
} catch (SecurityException se) {
return false;
}
}
/**
* Constructs a new <code>SecurityManager</code>.
*
@ -1080,28 +1067,6 @@ public class SecurityManager {
SecurityConstants.PROPERTY_READ_ACTION));
}
/**
* Returns {@code true} if the calling thread has {@code AllPermission}.
*
* @param window not used except to check if it is {@code null}.
* @return {@code true} if the calling thread has {@code AllPermission}.
* @exception NullPointerException if the {@code window} argument is
* {@code null}.
* @deprecated This method was originally used to check if the calling thread
* was trusted to bring up a top-level window. The method has been
* obsoleted and code should instead use {@link #checkPermission}
* to check {@code AWTPermission("showWindowWithoutWarningBanner")}.
* This method is subject to removal in a future version of Java SE.
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated(since="1.8", forRemoval=true)
public boolean checkTopLevelWindow(Object window) {
if (window == null) {
throw new NullPointerException("window can't be null");
}
return hasAllPermission();
}
/**
* Throws a <code>SecurityException</code> if the
* calling thread is not allowed to initiate a print job request.
@ -1124,44 +1089,6 @@ public class SecurityManager {
checkPermission(new RuntimePermission("queuePrintJob"));
}
/**
* Throws {@code SecurityException} if the calling thread does
* not have {@code AllPermission}.
*
* @since 1.1
* @exception SecurityException if the calling thread does not have
* {@code AllPermission}
* @deprecated This method was originally used to check if the calling
* thread could access the system clipboard. The method has been
* obsoleted and code should instead use {@link #checkPermission}
* to check {@code AWTPermission("accessClipboard")}.
* This method is subject to removal in a future version of Java SE.
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated(since="1.8", forRemoval=true)
public void checkSystemClipboardAccess() {
checkPermission(SecurityConstants.ALL_PERMISSION);
}
/**
* Throws {@code SecurityException} if the calling thread does
* not have {@code AllPermission}.
*
* @since 1.1
* @exception SecurityException if the calling thread does not have
* {@code AllPermission}
* @deprecated This method was originally used to check if the calling
* thread could access the AWT event queue. The method has been
* obsoleted and code should instead use {@link #checkPermission}
* to check {@code AWTPermission("accessEventQueue")}.
* This method is subject to removal in a future version of Java SE.
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated(since="1.8", forRemoval=true)
public void checkAwtEventQueueAccess() {
checkPermission(SecurityConstants.ALL_PERMISSION);
}
/*
* We have an initial invalid bit (initially false) for the class
* variables which tell if the cache is valid. If the underlying
@ -1474,35 +1401,6 @@ public class SecurityManager {
checkPermission(new RuntimePermission("setFactory"));
}
/**
* Throws a {@code SecurityException} if the calling thread does
* not have {@code AllPermission}.
*
* @param clazz the class that reflection is to be performed on.
* @param which type of access, PUBLIC or DECLARED.
* @throws SecurityException if the caller does not have
* {@code AllPermission}
* @throws NullPointerException if the {@code clazz} argument is
* {@code null}
* @deprecated This method was originally used to check if the calling
* thread was allowed to access members. It relied on the
* caller being at a stack depth of 4 which is error-prone and
* cannot be enforced by the runtime. The method has been
* obsoleted and code should instead use
* {@link #checkPermission} to check
* {@code RuntimePermission("accessDeclaredMembers")}. This
* method is subject to removal in a future version of Java SE.
* @since 1.1
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated(since="1.8", forRemoval=true)
public void checkMemberAccess(Class<?> clazz, int which) {
if (clazz == null) {
throw new NullPointerException("class can't be null");
}
checkPermission(SecurityConstants.ALL_PERMISSION);
}
/**
* Determines whether the permission with the specified permission target
* name should be granted or denied.

26
src/java.desktop/share/classes/sun/applet/AppletSecurity.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -370,30 +370,6 @@ class AppletSecurity extends AWTSecurityManager {
}
}
/**
* Tests if a client can get access to the AWT event queue.
* <p>
* This method calls {@code checkPermission} with the
* {@code AWTPermission("accessEventQueue")} permission.
*
* @since 1.1
* @exception SecurityException if the caller does not have
* permission to access the AWT event queue.
*/
@SuppressWarnings({"deprecation",
"removal"}) // SecurityManager.checkAwtEventQueueAccess
public void checkAwtEventQueueAccess() {
AppContext appContext = AppContext.getAppContext();
AppletClassLoader appletClassLoader = currentAppletClassLoader();
if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) {
// If we're about to allow access to the main EventQueue,
// and anything untrusted is on the class context stack,
// disallow access.
super.checkPermission(AWTPermissions.CHECK_AWT_EVENTQUEUE_PERMISSION);
}
} // checkAwtEventQueueAccess()
/**
* Returns the thread group of the applet. We consult the classloader
* if there is one.

5
src/java.desktop/share/classes/sun/applet/resources/MsgAppletViewer.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -188,10 +188,7 @@ public class MsgAppletViewer extends ListResourceBundle {
{"appletsecurityexception.checkpackageaccess", "Security Exception: cannot access package: {0}"},
{"appletsecurityexception.checkpackagedefinition", "Security Exception: cannot define package: {0}"},
{"appletsecurityexception.cannotsetfactory", "Security Exception: cannot set factory"},
{"appletsecurityexception.checkmemberaccess", "Security Exception: check member access"},
{"appletsecurityexception.checkgetprintjob", "Security Exception: getPrintJob"},
{"appletsecurityexception.checksystemclipboardaccess", "Security Exception: getSystemClipboard"},
{"appletsecurityexception.checkawteventqueueaccess", "Security Exception: getEventQueue"},
{"appletsecurityexception.checksecurityaccess", "Security Exception: security operation: {0}"},
{"appletsecurityexception.getsecuritycontext.unknown", "unknown class loader type. unable to check for getContext"},
{"appletsecurityexception.checkread.unknown", "unknown class loader type. unable to check for checking read {0}"},

4
test/hotspot/jtreg/runtime/RedefineObject/WalkThroughInvoke.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,7 +29,7 @@ public class WalkThroughInvoke {
SecurityManager sm = new SecurityManager();
// Walks the stack with Method.invoke in the stack (which is the
// purpose of the test) before it gets an AccessControlException.
sm.checkMemberAccess(b, Member.DECLARED);
sm.checkPermission(new RuntimePermission("accessDeclaredMembers"));
} catch (java.security.AccessControlException e) {
// Ignoring an 'AccessControlException' exception since
// it is expected as part of this test.

82
test/jdk/java/lang/SecurityManager/DepMethodsRequireAllPerm.java
View file

@ -1,82 +0,0 @@
/*
* Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8004502 8008793 8029886 8186535
* @summary Sanity check that the SecurityManager checkMemberAccess method and
* methods that used to check AWTPermission now check for AllPermission
*/
import java.security.AllPermission;
import java.security.Permission;
public class DepMethodsRequireAllPerm {
static class MySecurityManager extends SecurityManager {
final Class<?> expectedClass;
MySecurityManager(Class<?> c) {
expectedClass = c;
}
@Override
public void checkPermission(Permission perm) {
if (perm.getClass() != expectedClass)
throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass);
super.checkPermission(perm);
}
}
public static void main(String[] args) {
MySecurityManager sm = new MySecurityManager(AllPermission.class);
try {
sm.checkAwtEventQueueAccess();
throw new RuntimeException("SecurityException expected");
} catch (SecurityException expected) { }
try {
sm.checkSystemClipboardAccess();
throw new RuntimeException("SecurityException expected");
} catch (SecurityException expected) { }
try {
sm.checkTopLevelWindow(null);
throw new RuntimeException("NullPointException expected");
} catch (NullPointerException expected) { }
if (sm.checkTopLevelWindow(new Object())) {
throw new RuntimeException("checkTopLevelWindow expected to return false");
}
try {
sm.checkMemberAccess(Object.class, java.lang.reflect.Member.DECLARED);
throw new RuntimeException("SecurityException expected");
} catch (SecurityException expected) { }
try {
sm.checkMemberAccess(null, java.lang.reflect.Member.DECLARED);
throw new RuntimeException("NullPointerException expected");
} catch (NullPointerException expected) { }
}
}