archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8344855: Remove calls to SecurityManager and doPrivileged in HTTP related implementation classes in the sun.net and sun.net.www.http packages after JEP 486 integration

Browse source 
Reviewed-by: jpai
This commit is contained in:
Daniel Fuchs 2024-11-25 09:56:07 +00:00
parent da4b7a8c56
commit d112f35d92
7 changed files with 52 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/java.base/share/classes/sun/net/NetProperties.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,8 +27,6 @@ package sun.net;
import jdk.internal.util.StaticProperty;
import java.io.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Properties;
/*
@ -39,18 +37,8 @@ import java.util.Properties;
* @author Jean-Christophe Collet
*
*/
@SuppressWarnings("removal")
public class NetProperties {
private static Properties props = new Properties();
static {
AccessController.doPrivileged(
new PrivilegedAction<Void>() {
public Void run() {
loadDefaultProperties();
return null;
}});
}
private static final Properties props = loadDefaultProperties(new Properties());
private NetProperties() { };
@ -59,7 +47,7 @@ public class NetProperties {
* Loads the default networking system properties
* the file is in jre/lib/net.properties
*/
private static void loadDefaultProperties() {
private static Properties loadDefaultProperties(Properties props) {
String fname = StaticProperty.javaHome();
if (fname == null) {
throw new Error("Can't find java.home ??");
@ -75,6 +63,7 @@ public class NetProperties {
// Do nothing. We couldn't find or access the file
// so we won't have default properties...
}
return props;
}
/**
@ -82,9 +71,6 @@ public class NetProperties {
* returns the default value, if it exists, otherwise returns
* <code>null</code>.
* @param key the property name.
* @throws SecurityException if a security manager exists and its
* <code>checkPropertiesAccess</code> method doesn't allow access
* to the system properties.
* @return the <code>String</code> value for the property,
* or <code>null</code>
*/
@ -103,9 +89,6 @@ public class NetProperties {
* <code>null</code>.
* @param key the property name.
* @param defval the default value to use if the property is not found
* @throws SecurityException if a security manager exists and its
* <code>checkPropertiesAccess</code> method doesn't allow access
* to the system properties.
* @return the <code>Integer</code> value for the property,
* or <code>null</code>
*/
@ -131,9 +114,6 @@ public class NetProperties {
* defined returns the default value, if it exists, otherwise returns
* <code>null</code>.
* @param key the property name.
* @throws SecurityException if a security manager exists and its
* <code>checkPropertiesAccess</code> method doesn't allow access
* to the system properties.
* @return the <code>Boolean</code> value for the property,
* or <code>null</code>
*/

51
src/java.base/share/classes/sun/net/NetworkClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1994, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1994, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,18 +28,14 @@ import java.io.*;
import java.net.Socket;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.net.Proxy;
import java.util.Arrays;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* This is the base class for network clients.
*
* @author Jonathan Payne
*/
@SuppressWarnings("removal")
public class NetworkClient {
/* Default value of read timeout, if not specified (infinity) */
public static final int DEFAULT_READ_TIMEOUT = -1;
@ -66,26 +62,17 @@ public class NetworkClient {
protected static String encoding;
static {
final int vals[] = {0, 0};
final String encs[] = { null };
AccessController.doPrivileged(
new PrivilegedAction<>() {
public Void run() {
vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 0).intValue();
vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0).intValue();
encs[0] = System.getProperty("file.encoding", "ISO8859_1");
return null;
}
});
if (vals[0] != 0) {
defaultSoTimeout = vals[0];
}
if (vals[1] != 0) {
defaultConnectTimeout = vals[1];
int soTimeout = Integer.getInteger("sun.net.client.defaultReadTimeout", 0);
if (soTimeout != 0) {
defaultSoTimeout = soTimeout;
}
encoding = encs[0];
int connTimeout = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0);
if (connTimeout != 0) {
defaultConnectTimeout = connTimeout;
}
encoding = System.getProperty("file.encoding", "ISO8859_1");
try {
if (!isASCIISuperset (encoding)) {
encoding = "ISO8859_1";
@ -131,7 +118,7 @@ public class NetworkClient {
/** Open a connection to the server. */
public void openServer(String server, int port)
throws IOException, UnknownHostException {
throws IOException {
if (serverSocket != null)
closeServer();
serverSocket = doConnect (server, port);
@ -150,15 +137,11 @@ public class NetworkClient {
* appropriate options pre-established
*/
protected Socket doConnect (String server, int port)
throws IOException, UnknownHostException {
throws IOException {
Socket s;
if (proxy != null) {
if (proxy.type() == Proxy.Type.SOCKS) {
s = AccessController.doPrivileged(
new PrivilegedAction<>() {
public Socket run() {
return new Socket(proxy);
}});
s = new Socket(proxy);
} else if (proxy.type() == Proxy.Type.DIRECT) {
s = createSocket();
} else {
@ -203,13 +186,7 @@ public class NetworkClient {
protected InetAddress getLocalAddress() throws IOException {
if (serverSocket == null)
throw new IOException("not connected");
return AccessController.doPrivileged(
new PrivilegedAction<>() {
public InetAddress run() {
return serverSocket.getLocalAddress();
}
});
return serverSocket.getLocalAddress();
}
/** Close an open connection to the server. */

11
src/java.base/share/classes/sun/net/www/http/HttpCapture.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -65,13 +65,8 @@ public class HttpCapture {
private static synchronized void init() {
initialized = true;
@SuppressWarnings("removal")
String rulesFile = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public String run() {
return NetProperties.get("sun.net.http.captureRules");
}
});
String rulesFile = NetProperties.get("sun.net.http.captureRules");
if (rulesFile != null && !rulesFile.isEmpty()) {
BufferedReader in;
try {

58
src/java.base/share/classes/sun/net/www/http/HttpClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1994, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1994, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,7 +42,6 @@ import sun.net.www.protocol.http.AuthCacheImpl;
import sun.net.www.protocol.http.HttpURLConnection;
import sun.util.logging.PlatformLogger;
import static sun.net.www.protocol.http.HttpURLConnection.TunnelState.*;
import sun.security.action.GetPropertyAction;
/**
* @author Herb Jellinek
@ -70,10 +69,10 @@ public class HttpClient extends NetworkClient {
/** Response code for CONTINUE */
private boolean ignoreContinue = true;
private static final int HTTP_CONTINUE = 100;
private static final int HTTP_CONTINUE = 100;
/** Default port number for http daemons. REMIND: make these private */
static final int httpPortNumber = 80;
static final int httpPortNumber = 80;
/** return default port number (subclasses may override) */
protected int getDefaultPort () { return httpPortNumber; }
@ -194,7 +193,7 @@ public class HttpClient extends NetworkClient {
}
static {
Properties props = GetPropertyAction.privilegedGetProperties();
Properties props = System.getProperties();
String keepAlive = props.getProperty("http.keepAlive");
String retryPost = props.getProperty("sun.net.http.retryPost");
String cacheNTLM = props.getProperty("jdk.ntlm.cache");
@ -243,11 +242,6 @@ public class HttpClient extends NetworkClient {
protected HttpClient() {
}
private HttpClient(URL url)
throws IOException {
this(url, (String)null, -1, false);
}
protected HttpClient(URL url,
boolean proxyDisabled) throws IOException {
this(url, null, -1, proxyDisabled);
@ -388,15 +382,6 @@ public class HttpClient extends NetworkClient {
ret.authcache = httpuc.getAuthCache();
}
} else {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
if (ret.proxy == Proxy.NO_PROXY || ret.proxy == null) {
security.checkConnect(InetAddress.getByName(url.getHost()).getHostAddress(), url.getPort());
} else {
security.checkConnect(url.getHost(), url.getPort());
}
}
ret.url = url;
}
return ret;
@ -571,29 +556,18 @@ public class HttpClient extends NetworkClient {
* be done; for proxy tunneling, the socket needs to be converted
* into an SSL socket before ssl handshake can take place.
*/
public void afterConnect() throws IOException, UnknownHostException {
public void afterConnect() throws IOException {
// NO-OP. Needs to be overwritten by HttpsClient
}
/*
* call openServer in a privileged block
* call openServer
*/
@SuppressWarnings("removal")
private void privilegedOpenServer(final InetSocketAddress server)
private void openServer(final InetSocketAddress server)
throws IOException
{
assert clientLock.isHeldByCurrentThread();
try {
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<>() {
public Void run() throws IOException {
openServer(server.getHostString(), server.getPort());
return null;
}
});
} catch (java.security.PrivilegedActionException pae) {
throw (IOException) pae.getException();
}
openServer(server.getHostString(), server.getPort());
}
/*
@ -601,7 +575,7 @@ public class HttpClient extends NetworkClient {
*/
private void superOpenServer(final String proxyHost,
final int proxyPort)
throws IOException, UnknownHostException
throws IOException
{
super.openServer(proxyHost, proxyPort);
}
@ -610,14 +584,8 @@ public class HttpClient extends NetworkClient {
*/
protected void openServer() throws IOException {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
lock();
try {
if (security != null) {
security.checkConnect(host, port);
}
if (keepingAlive) { // already opened
return;
@ -628,7 +596,7 @@ public class HttpClient extends NetworkClient {
if ((proxy != null) && (proxy.type() == Proxy.Type.HTTP)) {
sun.net.www.URLConnection.setProxiedHost(host);
privilegedOpenServer((InetSocketAddress) proxy.address());
openServer((InetSocketAddress) proxy.address());
usingProxy = true;
return;
} else {
@ -644,7 +612,7 @@ public class HttpClient extends NetworkClient {
*/
if ((proxy != null) && (proxy.type() == Proxy.Type.HTTP)) {
sun.net.www.URLConnection.setProxiedHost(host);
privilegedOpenServer((InetSocketAddress) proxy.address());
openServer((InetSocketAddress) proxy.address());
usingProxy = true;
return;
} else {
@ -663,7 +631,7 @@ public class HttpClient extends NetworkClient {
String fileName;
/**
/*
* proxyDisabled is set by subclass HttpsClient!
*/
if (usingProxy && !proxyDisabled) {
@ -817,7 +785,7 @@ public class HttpClient extends NetworkClient {
keepAliveConnections = -1;
keepAliveTimeout = 0;
boolean ret = false;
boolean ret;
byte[] b = new byte[8];
try {

26
src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java
View file

@ -30,8 +30,6 @@ import java.io.NotSerializableException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.HashMap;
@ -39,7 +37,6 @@ import java.util.List;
import java.util.concurrent.locks.ReentrantLock;
import jdk.internal.misc.InnocuousThread;
import sun.security.action.GetIntegerAction;
import sun.net.www.protocol.http.HttpURLConnection;
import sun.util.logging.PlatformLogger;
@ -69,10 +66,8 @@ public class KeepAliveCache
static final PlatformLogger logger = HttpURLConnection.getHttpLogger();
@SuppressWarnings("removal")
static int getUserKeepAliveSeconds(String type) {
int v = AccessController.doPrivileged(
new GetIntegerAction(keepAliveProp+type, -1)).intValue();
int v = Integer.getInteger(keepAliveProp+type, -1);
return v < -1 ? -1 : v;
}
@ -89,12 +84,9 @@ public class KeepAliveCache
*/
static final int MAX_CONNECTIONS = 5;
static int result = -1;
@SuppressWarnings("removal")
static int getMaxConnections() {
if (result == -1) {
result = AccessController.doPrivileged(
new GetIntegerAction("http.maxConnections", MAX_CONNECTIONS))
.intValue();
result = Integer.getInteger("http.maxConnections", MAX_CONNECTIONS);
if (result <= 0) {
result = MAX_CONNECTIONS;
}
@ -119,7 +111,6 @@ public class KeepAliveCache
* @param url The URL contains info about the host and port
* @param http The HttpClient to be cached
*/
@SuppressWarnings("removal")
public void put(final URL url, Object obj, HttpClient http) {
// this method may need to close an HttpClient, either because
// it is not cacheable, or because the cache is at its capacity.
@ -144,15 +135,10 @@ public class KeepAliveCache
* The robustness to get around this is in HttpClient.parseHTTP()
*/
final KeepAliveCache cache = this;
AccessController.doPrivileged(new PrivilegedAction<>() {
public Void run() {
keepAliveTimer = InnocuousThread.newSystemThread("Keep-Alive-Timer", cache);
keepAliveTimer.setDaemon(true);
keepAliveTimer.setPriority(Thread.MAX_PRIORITY - 2);
keepAliveTimer.start();
return null;
}
});
keepAliveTimer = InnocuousThread.newSystemThread("Keep-Alive-Timer", cache);
keepAliveTimer.setDaemon(true);
keepAliveTimer.setPriority(Thread.MAX_PRIORITY - 2);
keepAliveTimer.start();
}
KeepAliveKey key = new KeepAliveKey(url, obj);

16
src/java.base/share/classes/sun/net/www/http/KeepAliveStream.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -176,16 +176,10 @@ class KeepAliveStream extends MeteredStream implements Hurryable {
}
if (startCleanupThread) {
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
cleanerThread = InnocuousThread.newSystemThread("Keep-Alive-SocketCleaner", queue);
cleanerThread.setDaemon(true);
cleanerThread.setPriority(Thread.MAX_PRIORITY - 2);
cleanerThread.start();
return null;
}
});
cleanerThread = InnocuousThread.newSystemThread("Keep-Alive-SocketCleaner", queue);
cleanerThread.setDaemon(true);
cleanerThread.setPriority(Thread.MAX_PRIORITY - 2);
cleanerThread.start();
}
} finally {
queue.unlock();

28
src/java.base/share/classes/sun/net/www/http/KeepAliveStreamCleaner.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,18 +28,16 @@ package sun.net.www.http;
import java.io.IOException;
import java.util.LinkedList;
import sun.net.NetProperties;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.ReentrantLock;
/**
* This class is used to cleanup any remaining data that may be on a KeepAliveStream
* This class is used to clean up any remaining data that may be on a KeepAliveStream
* so that the connection can be cached in the KeepAliveCache.
* Instances of this class can be used as a FIFO queue for KeepAliveCleanerEntry objects.
* Executing this Runnable removes each KeepAliveCleanerEntry from the Queue, reads
* the reamining bytes on its KeepAliveStream, and if successful puts the connection in
* the remaining bytes on its KeepAliveStream, and if successful puts the connection in
* the KeepAliveCache.
*
* @author Chris Hegarty
@ -50,8 +48,8 @@ class KeepAliveStreamCleaner
extends LinkedList<KeepAliveCleanerEntry>
implements Runnable
{
// maximum amount of remaining data that we will try to cleanup
protected static final int MAX_DATA_REMAINING;
// maximum amount of remaining data that we will try to clean up
protected static final long MAX_DATA_REMAINING;
// maximum amount of KeepAliveStreams to be queued
protected static final int MAX_CAPACITY;
@ -64,22 +62,10 @@ class KeepAliveStreamCleaner
static {
final String maxDataKey = "http.KeepAlive.remainingData";
@SuppressWarnings("removal")
int maxData = AccessController.doPrivileged(
new PrivilegedAction<Integer>() {
public Integer run() {
return NetProperties.getInteger(maxDataKey, 512);
}}).intValue() * 1024;
MAX_DATA_REMAINING = maxData;
MAX_DATA_REMAINING = NetProperties.getInteger(maxDataKey, 512) * 1024L;
final String maxCapacityKey = "http.KeepAlive.queuedConnections";
@SuppressWarnings("removal")
int maxCapacity = AccessController.doPrivileged(
new PrivilegedAction<Integer>() {
public Integer run() {
return NetProperties.getInteger(maxCapacityKey, 10);
}}).intValue();
MAX_CAPACITY = maxCapacity;
MAX_CAPACITY = NetProperties.getInteger(maxCapacityKey, 10);
}