archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8338411: Implement JEP 486: Permanently Disable the Security Manager

Browse source 
Co-authored-by: Sean Mullan <mullan@openjdk.org>
Co-authored-by: Alan Bateman <alanb@openjdk.org>
Co-authored-by: Weijun Wang <weijun@openjdk.org>
Co-authored-by: Aleksei Efimov <aefimov@openjdk.org>
Co-authored-by: Brian Burkhalter <bpb@openjdk.org>
Co-authored-by: Daniel Fuchs <dfuchs@openjdk.org>
Co-authored-by: Harshitha Onkar <honkar@openjdk.org>
Co-authored-by: Joe Wang <joehw@openjdk.org>
Co-authored-by: Jorn Vernee <jvernee@openjdk.org>
Co-authored-by: Justin Lu <jlu@openjdk.org>
Co-authored-by: Kevin Walls <kevinw@openjdk.org>
Co-authored-by: Lance Andersen <lancea@openjdk.org>
Co-authored-by: Naoto Sato <naoto@openjdk.org>
Co-authored-by: Roger Riggs <rriggs@openjdk.org>
Co-authored-by: Brent Christian <bchristi@openjdk.org>
Co-authored-by: Stuart Marks <smarks@openjdk.org>
Co-authored-by: Ian Graves <igraves@openjdk.org>
Co-authored-by: Phil Race <prr@openjdk.org>
Co-authored-by: Erik Gahlin <egahlin@openjdk.org>
Co-authored-by: Jaikiran Pai <jpai@openjdk.org>
Reviewed-by: kevinw, aivanov, rriggs, lancea, coffeys, dfuchs, ihse, erikj, cjplummer, coleenp, naoto, mchung, prr, weijun, joehw, azvegint, psadhukhan, bchristi, sundar, attila
This commit is contained in:
Sean Mullan 2024-11-12 17:16:15 +00:00
parent c12b386d19
commit db85090553
1885 changed files with 5528 additions and 65650 deletions
Download patch file Download diff file Expand all files Collapse all files

79
src/java.base/share/classes/java/net/Authenticator.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -107,22 +107,9 @@ class Authenticator {
/**
* Sets the authenticator that will be used by the networking code
* when a proxy or an HTTP server asks for authentication.
* <p>
* First, if there is a security manager, its {@code checkPermission}
* method is called with a
* {@code NetPermission("setDefaultAuthenticator")} permission.
* This may result in a java.lang.SecurityException.
*
* @param a The authenticator to be set. If a is {@code null} then
* any previously set authenticator is removed.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* setting the default authenticator.
*
* @see SecurityManager#checkPermission
* @see java.net.NetPermission
*/
public static synchronized void setDefault(Authenticator a) {
@SuppressWarnings("removal")
@ -138,22 +125,9 @@ class Authenticator {
/**
* Gets the default authenticator.
* First, if there is a security manager, its {@code checkPermission}
* method is called with a
* {@code NetPermission("requestPasswordAuthentication")} permission.
* This may result in a java.lang.SecurityException.
* Then the default authenticator, if set, is returned.
* Otherwise, {@code null} is returned.
*
* @return The default authenticator, if set, {@code null} otherwise.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* requesting password authentication.
* @since 9
* @see SecurityManager#checkPermission
* @see java.net.NetPermission
*/
public static Authenticator getDefault() {
@SuppressWarnings("removal")
@ -169,11 +143,6 @@ class Authenticator {
/**
* Ask the authenticator that has been registered with the system
* for a password.
* <p>
* First, if there is a security manager, its {@code checkPermission}
* method is called with a
* {@code NetPermission("requestPasswordAuthentication")} permission.
* This may result in a java.lang.SecurityException.
*
* @param addr The InetAddress of the site requesting authorization,
* or null if not known.
@ -184,14 +153,6 @@ class Authenticator {
* @param scheme The authentication scheme
*
* @return The username/password, or null if one can't be gotten.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* the password authentication request.
*
* @see SecurityManager#checkPermission
* @see java.net.NetPermission
*/
public static PasswordAuthentication requestPasswordAuthentication(
InetAddress addr,
@ -229,11 +190,6 @@ class Authenticator {
* for a password. This is the preferred method for requesting a password
* because the hostname can be provided in cases where the InetAddress
* is not available.
* <p>
* First, if there is a security manager, its {@code checkPermission}
* method is called with a
* {@code NetPermission("requestPasswordAuthentication")} permission.
* This may result in a java.lang.SecurityException.
*
* @param host The hostname of the site requesting authentication.
* @param addr The InetAddress of the site requesting authentication,
@ -246,13 +202,6 @@ class Authenticator {
*
* @return The username/password, or null if one can't be gotten.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* the password authentication request.
*
* @see SecurityManager#checkPermission
* @see java.net.NetPermission
* @since 1.4
*/
public static PasswordAuthentication requestPasswordAuthentication(
@ -291,11 +240,6 @@ class Authenticator {
/**
* Ask the authenticator that has been registered with the system
* for a password.
* <p>
* First, if there is a security manager, its {@code checkPermission}
* method is called with a
* {@code NetPermission("requestPasswordAuthentication")} permission.
* This may result in a java.lang.SecurityException.
*
* @param host The hostname of the site requesting authentication.
* @param addr The InetAddress of the site requesting authorization,
@ -311,14 +255,6 @@ class Authenticator {
*
* @return The username/password, or null if one can't be gotten.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* the password authentication request.
*
* @see SecurityManager#checkPermission
* @see java.net.NetPermission
*
* @since 1.5
*/
public static PasswordAuthentication requestPasswordAuthentication(
@ -363,11 +299,6 @@ class Authenticator {
* {@code authenticator} is null, the authenticator, if any, that has been
* registered with the system using {@link #setDefault(java.net.Authenticator)
* setDefault} is used.
* <p>
* First, if there is a security manager, its {@code checkPermission}
* method is called with a
* {@code NetPermission("requestPasswordAuthentication")} permission.
* This may result in a java.lang.SecurityException.
*
* @param authenticator the authenticator, or {@code null}.
* @param host The hostname of the site requesting authentication.
@ -384,14 +315,6 @@ class Authenticator {
*
* @return The username/password, or {@code null} if one can't be gotten.
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* the password authentication request.
*
* @see SecurityManager#checkPermission
* @see java.net.NetPermission
*
* @since 9
*/
public static PasswordAuthentication requestPasswordAuthentication(

6
src/java.base/share/classes/java/net/ContentHandler.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -67,10 +67,6 @@ import java.io.IOException;
* If no user-defined content handler is found, then the system
* tries to load a specific <i>content-type</i> handler from one
* of the built-in handlers, if one exists.
* <p>
* If the loading of the content handler class would be performed by
* a classloader that is outside of the delegation chain of the caller,
* the JVM will need the RuntimePermission "getClassLoader".
*
* @author James Gosling
* @see java.net.ContentHandler#getContent(java.net.URLConnection)

8
src/java.base/share/classes/java/net/CookieHandler.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -70,9 +70,6 @@ public abstract class CookieHandler {
*
* @return the system-wide cookie handler; A null return means
* there is no system-wide cookie handler currently set.
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link NetPermission}{@code ("getCookieHandler")}
* @see #setDefault(CookieHandler)
*/
public static synchronized CookieHandler getDefault() {
@ -91,9 +88,6 @@ public abstract class CookieHandler {
*
* @param cHandler The HTTP cookie handler, or
* {@code null} to unset.
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link NetPermission}{@code ("setCookieHandler")}
* @see #getDefault()
*/
public static synchronized void setDefault(CookieHandler cHandler) {

129
src/java.base/share/classes/java/net/DatagramSocket.java
View file

@ -271,17 +271,8 @@ public class DatagramSocket implements java.io.Closeable {
* on the local host machine. The socket will be bound to the
* {@link InetAddress#isAnyLocalAddress wildcard} address.
*
* <p>If there is a security manager,
* its {@code checkListen} method is first called
* with 0 as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @throws SocketException if the socket could not be opened,
* or the socket could not be bound.
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the operation.
*
* @see SecurityManager#checkListen
*/
public DatagramSocket() throws SocketException {
this(new InetSocketAddress(0));
@ -305,23 +296,14 @@ public class DatagramSocket implements java.io.Closeable {
* <p>
* If the address is {@code null} an unbound socket will be created.
*
* <p>If there is a security manager,
* its {@code checkListen} method is first called
* with the port from the socket address
* as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param bindaddr local socket address to bind, or {@code null}
* for an unbound socket.
*
* @throws SocketException if the socket could not be opened,
* or the socket could not bind to the specified local port.
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the operation.
* @throws IllegalArgumentException if bindaddr is a
* SocketAddress subclass not supported by this socket.
*
* @see SecurityManager#checkListen
* @since 1.4
*/
public DatagramSocket(SocketAddress bindaddr) throws SocketException {
@ -333,21 +315,11 @@ public class DatagramSocket implements java.io.Closeable {
* on the local host machine. The socket will be bound to the
* {@link InetAddress#isAnyLocalAddress wildcard} address.
*
* <p>If there is a security manager,
* its {@code checkListen} method is first called
* with the {@code port} argument
* as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param port local port to use in the bind operation.
* @throws SocketException if the socket could not be opened,
* or the socket could not bind to the specified local port.
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the operation.
* @throws IllegalArgumentException if port is <a href="#PortRange">
* out of range.</a>
*
* @see SecurityManager#checkListen
*/
public DatagramSocket(int port) throws SocketException {
this(port, null);
@ -364,23 +336,13 @@ public class DatagramSocket implements java.io.Closeable {
* address, or is {@code null}, the socket will be bound to the wildcard
* address.
*
* <p>If there is a security manager,
* its {@code checkListen} method is first called
* with the {@code port} argument
* as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param port local port to use in the bind operation.
* @param laddr local address to bind (can be {@code null})
*
* @throws SocketException if the socket could not be opened,
* or the socket could not bind to the specified local port.
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the operation.
* @throws IllegalArgumentException if port is <a href="#PortRange">
* out of range.</a>
*
* @see SecurityManager#checkListen
* @since 1.1
*/
public DatagramSocket(int port, InetAddress laddr) throws SocketException {
@ -396,8 +358,6 @@ public class DatagramSocket implements java.io.Closeable {
* @param addr The address and port to bind to.
* @throws SocketException if any error happens during the bind, or if the
* socket is already bound or is closed.
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the operation.
* @throws IllegalArgumentException if addr is a SocketAddress subclass
* not supported by this socket.
* @since 1.4
@ -427,19 +387,6 @@ public class DatagramSocket implements java.io.Closeable {
* this socket is unknown - it may or may not be connected to the address
* that it was previously connected to.
*
* <p> If a security manager has been installed then it is invoked to check
* access to the remote address. Specifically, if the given {@code address}
* is a {@link InetAddress#isMulticastAddress multicast address},
* the security manager's {@link
* java.lang.SecurityManager#checkMulticast(InetAddress)
* checkMulticast} method is invoked with the given {@code address}.
* Otherwise, the security manager's {@link
* java.lang.SecurityManager#checkConnect(String,int) checkConnect}
* and {@link java.lang.SecurityManager#checkAccept checkAccept} methods
* are invoked, with the given {@code address} and {@code port}, to
* verify that datagrams are permitted to be sent and received
* respectively.
*
* <p> Care should be taken to ensure that a connected datagram socket
* is not shared with untrusted code. When a socket is connected,
* {@link #receive receive} and {@link #send send} <b>will not perform
@ -461,10 +408,6 @@ public class DatagramSocket implements java.io.Closeable {
* if the address is null, or the port is <a href="#PortRange">
* out of range.</a>
*
* @throws SecurityException
* if a security manager has been installed and it does
* not permit access to the given remote address
*
* @throws UncheckedIOException
* if the port is 0 or connect fails, for example, if the
* destination address is non-routable
@ -503,10 +446,6 @@ public class DatagramSocket implements java.io.Closeable {
* if {@code addr} is {@code null}, or {@code addr} is a SocketAddress
* subclass not supported by this socket
*
* @throws SecurityException
* if a security manager has been installed and it does
* not permit access to the given remote address
*
* @since 1.4
*/
public void connect(SocketAddress addr) throws SocketException {
@ -638,25 +577,9 @@ public class DatagramSocket implements java.io.Closeable {
* data to be sent, its length, the IP address of the remote host,
* and the port number on the remote host.
*
* <p>If there is a security manager, and the socket is not currently
* connected to a remote address, this method first performs some
* security checks. First, if {@code p.getAddress().isMulticastAddress()}
* is true, this method calls the
* security manager's {@code checkMulticast} method
* with {@code p.getAddress()} as its argument.
* If the evaluation of that expression is false,
* this method instead calls the security manager's
* {@code checkConnect} method with arguments
* {@code p.getAddress().getHostAddress()} and
* {@code p.getPort()}. Each call to a security manager method
* could result in a SecurityException if the operation is not allowed.
*
* @param p the {@code DatagramPacket} to be sent.
*
* @throws IOException if an I/O error occurs, or the socket is closed.
* @throws SecurityException if a security manager exists and its
* {@code checkMulticast} or {@code checkConnect}
* method doesn't allow the send.
* @throws PortUnreachableException may be thrown if the socket is connected
* to a currently unreachable destination. Note, there is no
* guarantee that the exception will be thrown.
@ -670,8 +593,6 @@ public class DatagramSocket implements java.io.Closeable {
* range.</a>
*
* @see java.net.DatagramPacket
* @see SecurityManager#checkMulticast(InetAddress)
* @see SecurityManager#checkConnect
*/
public void send(DatagramPacket p) throws IOException {
delegate().send(p);
@ -704,12 +625,6 @@ public class DatagramSocket implements java.io.Closeable {
* {@code SocketException} with the interrupt status set.
* </ol>
*
* <p> If there is a security manager, and the socket is not currently
* connected to a remote address, a packet cannot be received if the
* security manager's {@code checkAccept} method does not allow it.
* Datagrams that are not permitted by the security manager are silently
* discarded.
*
* @param p the {@code DatagramPacket} into which to place
* the incoming data.
* @throws IOException if an I/O error occurs, or the socket is closed.
@ -737,19 +652,11 @@ public class DatagramSocket implements java.io.Closeable {
* When {@link #disconnect()} is called, the bound address reverts
* to the wildcard address.
*
* <p>If there is a security manager, its
* {@code checkConnect} method is first called
* with the host address and {@code -1}
* as its arguments to see if the operation is allowed.
*
* @see SecurityManager#checkConnect
* @return the local address to which the socket is bound,
* {@code null} if the socket is closed, or
* an {@code InetAddress} representing
* {@link InetAddress#isAnyLocalAddress wildcard}
* address if either the socket is not bound, or
* the security manager {@code checkConnect}
* method does not allow the operation
* address if the socket is not bound
* @since 1.1
*/
public InetAddress getLocalAddress() {
@ -1155,19 +1062,11 @@ public class DatagramSocket implements java.io.Closeable {
* Passing {@code null} to the method is a no-op unless the factory
* was already set.
*
* <p>If there is a security manager, this method first calls
* the security manager's {@code checkSetFactory} method
* to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param fac the desired factory.
* @throws IOException if an I/O error occurs when setting the
* datagram socket factory.
* @throws SocketException if the factory is already defined.
* @throws SecurityException if a security manager exists and its
* {@code checkSetFactory} method doesn't allow the operation.
* @see java.net.DatagramSocketImplFactory#createDatagramSocketImpl()
* @see SecurityManager#checkSetFactory
* @since 1.3
*
* @deprecated Use {@link DatagramChannel}, or subclass {@code DatagramSocket}
@ -1214,12 +1113,6 @@ public class DatagramSocket implements java.io.Closeable {
*
* @throws IOException if an I/O error occurs, or if the socket is closed.
*
* @throws SecurityException if a security manager is set and if the socket
* option requires a security permission and if the caller does
* not have the required permission.
* {@link java.net.StandardSocketOptions StandardSocketOptions}
* do not require any security permission.
*
* @throws NullPointerException if name is {@code null}
*
* @since 9
@ -1246,12 +1139,6 @@ public class DatagramSocket implements java.io.Closeable {
*
* @throws NullPointerException if name is {@code null}
*
* @throws SecurityException if a security manager is set and if the socket
* option requires a security permission and if the caller does
* not have the required permission.
* {@link java.net.StandardSocketOptions StandardSocketOptions}
* do not require any security permission.
*
* @since 9
*/
public <T> T getOption(SocketOption<T> name) throws IOException {
@ -1301,10 +1188,6 @@ public class DatagramSocket implements java.io.Closeable {
* in several different networks. However, if the socket is already a
* member of the group, an {@link IOException} will be thrown.
*
* <p>If there is a security manager, this method first
* calls its {@code checkMulticast} method with the {@code mcastaddr}
* argument as its argument.
*
* @apiNote The default interface for sending outgoing multicast datagrams
* can be configured with {@link #setOption(SocketOption, Object)}
* with {@link StandardSocketOptions#IP_MULTICAST_IF}.
@ -1315,11 +1198,8 @@ public class DatagramSocket implements java.io.Closeable {
* @throws IOException if there is an error joining, or when the address
* is not a multicast address, or the platform does not support
* multicasting, or the socket is closed
* @throws SecurityException if a security manager exists and its
* {@code checkMulticast} method doesn't allow the join.
* @throws IllegalArgumentException if mcastaddr is {@code null} or is a
* SocketAddress subclass not supported by this socket
* @see SecurityManager#checkMulticast(InetAddress)
* @see DatagramChannel#join(InetAddress, NetworkInterface)
* @see StandardSocketOptions#IP_MULTICAST_IF
* @since 17
@ -1332,10 +1212,6 @@ public class DatagramSocket implements java.io.Closeable {
/**
* Leave a multicast group on a specified local interface.
*
* <p>If there is a security manager, this method first
* calls its {@code checkMulticast} method with the
* {@code mcastaddr} argument as its argument.
*
* @apiNote
* The {@code mcastaddr} and {@code netIf} arguments should identify
* a multicast group that was previously {@linkplain
@ -1359,11 +1235,8 @@ public class DatagramSocket implements java.io.Closeable {
* may fail with a {@code SocketException}.
* @throws IOException if there is an error leaving or when the address
* is not a multicast address, or the socket is closed.
* @throws SecurityException if a security manager exists and its
* {@code checkMulticast} method doesn't allow the operation.
* @throws IllegalArgumentException if mcastaddr is {@code null} or is a
* SocketAddress subclass not supported by this socket.
* @see SecurityManager#checkMulticast(InetAddress)
* @see #joinGroup(SocketAddress, NetworkInterface)
* @see StandardSocketOptions#IP_MULTICAST_IF
* @since 17

24
src/java.base/share/classes/java/net/HttpURLConnection.java
View file

@ -50,18 +50,6 @@ import java.util.Date;
* <a href="doc-files/net-properties.html#Proxies">Proxy settings</a> as well as
* <a href="doc-files/net-properties.html#MiscHTTP"> various other settings</a>.
* </P>
* <p>
* <b>Security permissions</b>
* <p>
* If a security manager is installed, and if a method is called which results in an
* attempt to open a connection, the caller must possess either:
* <ul><li>a "connect" {@link SocketPermission} to the host/port combination of the
* destination URL or</li>
* <li>a {@link URLPermission} that permits this request.</li>
* </ul><p>
* If automatic redirection is enabled, and this request is redirected to another
* destination, then the caller must also have permission to connect to the
* redirected host/URL.
*
* @see java.net.HttpURLConnection#disconnect()
* @since 1.1
@ -374,18 +362,9 @@ public abstract class HttpURLConnection extends URLConnection {
/**
* Sets whether HTTP redirects (requests with response code 3xx) should
* be automatically followed by this class. True by default.
* <p>
* If there is a security manager, this method first calls
* the security manager's {@code checkSetFactory} method
* to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param set a {@code boolean} indicating whether or not
* to follow HTTP redirects.
* @throws SecurityException if a security manager exists and its
* {@code checkSetFactory} method doesn't
* allow the operation.
* @see SecurityManager#checkSetFactory
* @see #getFollowRedirects()
*/
public static void setFollowRedirects(boolean set) {
@ -460,9 +439,6 @@ public abstract class HttpURLConnection extends URLConnection {
* @param method the HTTP method
* @throws ProtocolException if the method cannot be reset or if
* the requested method isn't valid for HTTP.
* @throws SecurityException if a security manager is set and the
* method is "TRACE", but the "allowHttpTrace"
* NetPermission is not granted.
* @see #getRequestMethod()
*/
public void setRequestMethod(String method) throws ProtocolException {

76
src/java.base/share/classes/java/net/InetAddress.java
View file

@ -180,12 +180,8 @@ import static java.net.spi.InetAddressResolver.LookupPolicy.IPV6_FIRST;
* The InetAddress class has a cache to store successful as well as
* unsuccessful host name resolutions.
*
* <p> By default, when a security manager is installed, in order to
* protect against DNS spoofing attacks,
* the result of positive host name resolutions are
* cached forever. When a security manager is not installed, the default
* behavior is to cache entries for a finite (implementation dependent)
* period of time. The result of unsuccessful host
* <p> The default behavior is to cache entries for a finite (implementation
* dependent) period of time. The result of unsuccessful host
* name resolution is cached for a very short period of time (10
* seconds) to improve performance.
*
@ -736,19 +732,9 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* is required, call
* {@link #getCanonicalHostName() getCanonicalHostName}.
*
* <p>If there is a security manager, its
* {@code checkConnect} method is first called
* with the hostname and {@code -1}
* as its arguments to see if the operation is allowed.
* If the operation is not allowed, it will return
* the textual representation of the IP address.
*
* @return the host name for this IP address, or if the operation
* is not allowed by the security check, the textual
* representation of the IP address.
* @return the host name for this IP address
*
* @see InetAddress#getCanonicalHostName
* @see SecurityManager#checkConnect
*/
public String getHostName() {
return getHostName(true);
@ -761,21 +747,11 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* this is package private so SocketPermission can make calls into
* here without a security check.
*
* <p>If there is a security manager, this method first
* calls its {@code checkConnect} method
* with the hostname and {@code -1}
* as its arguments to see if the calling code is allowed to know
* the hostname for this IP address, i.e., to connect to the host.
* If the operation is not allowed, it will return
* the textual representation of the IP address.
*
* @return the host name for this IP address, or if the operation
* is not allowed by the security check, the textual
* representation of the IP address.
*
* @param check make security check if true
*
* @see SecurityManager#checkConnect
*/
String getHostName(boolean check) {
if (holder().getHostName() == null) {
@ -795,22 +771,11 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* domain name, this method returns the {@linkplain #getHostAddress() textual representation}
* of the IP address.
*
* <p>If there is a security manager, this method first
* calls its {@code checkConnect} method
* with the hostname and {@code -1}
* as its arguments to see if the calling code is allowed to know
* the hostname for this IP address, i.e., to connect to the host.
* If the operation is not allowed, it will return
* the textual representation of the IP address.
*
* @return the fully qualified domain name for this IP address.
* If either the operation is not allowed by the security check
* or the system-wide resolver wasn't able to determine the
* If the system-wide resolver wasn't able to determine the
* fully qualified domain name for the IP address, the textual
* representation of the IP address is returned instead.
*
* @see SecurityManager#checkConnect
*
* @since 1.4
*/
public String getCanonicalHostName() {
@ -824,14 +789,6 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
/**
* Returns the fully qualified domain name for the given address.
*
* <p>If there is a security manager, this method first
* calls its {@code checkConnect} method
* with the hostname and {@code -1}
* as its arguments to see if the calling code is allowed to know
* the hostname for the given IP address, i.e., to connect to the host.
* If the operation is not allowed, it will return
* the textual representation of the IP address.
*
* @param check make security check if true
*
* @return the fully qualified domain name for the given IP address.
@ -839,8 +796,6 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* or the system-wide resolver wasn't able to determine the
* fully qualified domain name for the IP address, the textual
* representation of the IP address is returned instead.
*
* @see SecurityManager#checkConnect
*/
private static String getHostFromNameService(InetAddress addr, boolean check) {
String host;
@ -1557,18 +1512,11 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* section&nbsp;2 and <a href="http://www.ietf.org/rfc/rfc2373.txt">RFC&nbsp;2373</a>
* section&nbsp;2.5.3.
*
* <p> If there is a security manager, and {@code host} is not {@code null}
* or {@code host.length() } is not equal to zero, the security manager's
* {@code checkConnect} method is called with the hostname and {@code -1}
* as its arguments to determine if the operation is allowed.
*
* @param host the specified host, or {@code null}.
* @return an IP address for the given host name.
* @throws UnknownHostException if no IP address for the
* {@code host} could be found, or if a scope_id was specified
* for a global IPv6 address.
* @throws SecurityException if a security manager exists
* and its checkConnect method doesn't allow the operation
*
* @spec https://www.rfc-editor.org/info/rfc2373 RFC 2373: IP Version 6 Addressing Architecture
* @spec https://www.rfc-editor.org/info/rfc3330 RFC 3330: Special-Use IPv4 Addresses
@ -1601,23 +1549,15 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* section&nbsp;2 and <a href="http://www.ietf.org/rfc/rfc2373.txt">RFC&nbsp;2373</a>
* section&nbsp;2.5.3. </p>
*
* <p> If there is a security manager, and {@code host} is not {@code null}
* or {@code host.length() } is not equal to zero, the security manager's
* {@code checkConnect} method is called with the hostname and {@code -1}
* as its arguments to determine if the operation is allowed.
*
* @param host the name of the host, or {@code null}.
* @return an array of all the IP addresses for a given host name.
*
* @throws UnknownHostException if no IP address for the
* {@code host} could be found, or if a scope_id was specified
* for a global IPv6 address.
* @throws SecurityException if a security manager exists and its
* {@code checkConnect} method doesn't allow the operation.
*
* @spec https://www.rfc-editor.org/info/rfc2373 RFC 2373: IP Version 6 Addressing Architecture
* @spec https://www.rfc-editor.org/info/rfc3330 RFC 3330: Special-Use IPv4 Addresses
* @see SecurityManager#checkConnect
*/
public static InetAddress[] getAllByName(String host)
throws UnknownHostException {
@ -1874,19 +1814,11 @@ public sealed class InetAddress implements Serializable permits Inet4Address, In
* <P>Note: The resolved address may be cached for a short period of time.
* </P>
*
* <p>If there is a security manager, its
* {@code checkConnect} method is called
* with the local host name and {@code -1}
* as its arguments to see if the operation is allowed.
* If the operation is not allowed, an InetAddress representing
* the loopback address is returned.
*
* @return the address of the local host.
*
* @throws UnknownHostException if the local host name could not
* be resolved into an address.
*
* @see SecurityManager#checkConnect
* @see java.net.InetAddress#getByName(java.lang.String)
*/
public static InetAddress getLocalHost() throws UnknownHostException {

9
src/java.base/share/classes/java/net/InetSocketAddress.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -204,10 +204,6 @@ public class InetSocketAddress
* <p>
* An attempt will be made to resolve the hostname into an InetAddress.
* If that attempt fails, the address will be flagged as <I>unresolved</I>.
* <p>
* If there is a security manager, its {@code checkConnect} method
* is called with the host name as its argument to check the permission
* to resolve it. This could result in a SecurityException.
* <P>
* A valid port value is between 0 and 65535.
* A port number of {@code zero} will let the system pick up an
@ -217,9 +213,6 @@ public class InetSocketAddress
* @param port The port number
* @throws IllegalArgumentException if the port parameter is outside the range
* of valid port values, or if the hostname parameter is {@code null}.
* @throws SecurityException if a security manager is present and
* permission to resolve the host name is
* denied.
* @see #isUnresolved()
*/
public InetSocketAddress(String hostname, int port) {

58
src/java.base/share/classes/java/net/MulticastSocket.java
View file

@ -131,19 +131,12 @@ public class MulticastSocket extends DatagramSocket {
* {@link InetAddress#isAnyLocalAddress wildcard} address.
*
* <p>
* If there is a security manager, its {@code checkListen} method is first
* called with 0 as its argument to ensure the operation is allowed. This
* could result in a SecurityException.
* <p>
* When the socket is created the
* {@link DatagramSocket#setReuseAddress(boolean)} method is called to
* enable the SO_REUSEADDR socket option.
*
* @throws IOException if an I/O exception occurs while creating the
* MulticastSocket
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the operation.
* @see SecurityManager#checkListen
* @see java.net.DatagramSocket#setReuseAddress(boolean)
* @see java.net.DatagramSocketImpl#setOption(SocketOption, Object)
*/
@ -156,11 +149,6 @@ public class MulticastSocket extends DatagramSocket {
* on the local host machine. The socket will be bound to the
* {@link InetAddress#isAnyLocalAddress wildcard} address.
*
* <p>If there is a security manager,
* its {@code checkListen} method is first called
* with the {@code port} argument
* as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
* <p>
* When the socket is created the
* {@link DatagramSocket#setReuseAddress(boolean)} method is
@ -169,12 +157,9 @@ public class MulticastSocket extends DatagramSocket {
* @param port port to use
* @throws IOException if an I/O exception occurs
* while creating the MulticastSocket
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the operation.
* @throws IllegalArgumentException if port is <a href="DatagramSocket.html#PortRange">
* out of range.</a>
*
* @see SecurityManager#checkListen
* @see java.net.DatagramSocket#setReuseAddress(boolean)
*/
public MulticastSocket(int port) throws IOException {
@ -186,11 +171,6 @@ public class MulticastSocket extends DatagramSocket {
* socket address.
* <p>
* If the address is {@code null} an unbound socket will be created.
*
* <p>If there is a security manager,
* its {@code checkListen} method is first called
* with the SocketAddress port as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
* <p>
* When the socket is created the
* {@link DatagramSocket#setReuseAddress(boolean)} method is
@ -200,9 +180,6 @@ public class MulticastSocket extends DatagramSocket {
* an unbound socket.
* @throws IOException if an I/O exception occurs
* while creating the MulticastSocket
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the operation.
* @see SecurityManager#checkListen
* @see java.net.DatagramSocket#setReuseAddress(boolean)
*
* @since 1.4
@ -299,10 +276,6 @@ public class MulticastSocket extends DatagramSocket {
* Joins a multicast group. Its behavior may be affected by
* {@code setInterface} or {@code setNetworkInterface}.
*
* <p>If there is a security manager, this method first
* calls its {@code checkMulticast} method with the
* {@code mcastaddr} argument as its argument.
*
* @apiNote
* Calling this method is equivalent to calling
* {@link #joinGroup(SocketAddress, NetworkInterface)
@ -312,12 +285,9 @@ public class MulticastSocket extends DatagramSocket {
* @throws IOException if there is an error joining,
* or when the address is not a multicast address,
* or the platform does not support multicasting, or the socket is closed.
* @throws SecurityException if a security manager exists and its
* {@code checkMulticast} method doesn't allow the join.
* @deprecated This method does not accept the network interface on
* which to join the multicast group. Use
* {@link #joinGroup(SocketAddress, NetworkInterface)} instead.
* @see SecurityManager#checkMulticast(InetAddress)
*/
@Deprecated(since="14")
public void joinGroup(InetAddress mcastaddr) throws IOException {
@ -328,10 +298,6 @@ public class MulticastSocket extends DatagramSocket {
* Leave a multicast group. Its behavior may be affected by
* {@code setInterface} or {@code setNetworkInterface}.
*
* <p>If there is a security manager, this method first
* calls its {@code checkMulticast} method with the
* {@code mcastaddr} argument as its argument.
*
* @apiNote
* Calling this method is equivalent to calling
* {@link #leaveGroup(SocketAddress, NetworkInterface)
@ -340,12 +306,9 @@ public class MulticastSocket extends DatagramSocket {
* @param mcastaddr is the multicast address to leave
* @throws IOException if there is an error leaving
* or when the address is not a multicast address, or the socket is closed.
* @throws SecurityException if a security manager exists and its
* {@code checkMulticast} method doesn't allow the operation.
* @deprecated This method does not accept the network interface on which
* to leave the multicast group. Use
* {@link #leaveGroup(SocketAddress, NetworkInterface)} instead.
* @see SecurityManager#checkMulticast(InetAddress)
*/
@Deprecated(since="14")
public void leaveGroup(InetAddress mcastaddr) throws IOException {
@ -355,9 +318,7 @@ public class MulticastSocket extends DatagramSocket {
/**
* {@inheritDoc}
* @throws IOException {@inheritDoc}
* @throws SecurityException {@inheritDoc}
* @throws IllegalArgumentException {@inheritDoc}
* @see SecurityManager#checkMulticast(InetAddress)
* @see DatagramChannel#join(InetAddress, NetworkInterface)
* @see StandardSocketOptions#IP_MULTICAST_IF
* @see #setNetworkInterface(NetworkInterface)
@ -374,9 +335,7 @@ public class MulticastSocket extends DatagramSocket {
* {@inheritDoc}
* @apiNote {@inheritDoc}
* @throws IOException {@inheritDoc}
* @throws SecurityException {@inheritDoc}
* @throws IllegalArgumentException {@inheritDoc}
* @see SecurityManager#checkMulticast(InetAddress)
* @see #joinGroup(SocketAddress, NetworkInterface)
* @since 1.4
*/
@ -517,18 +476,6 @@ public class MulticastSocket extends DatagramSocket {
* </B> alter the default TTL for the socket. Its behavior may be
* affected by {@code setInterface}.
*
* <p>If there is a security manager, this method first performs some
* security checks. First, if {@code p.getAddress().isMulticastAddress()}
* is true, this method calls the
* security manager's {@code checkMulticast} method
* with {@code p.getAddress()} and {@code ttl} as its arguments.
* If the evaluation of that expression is false,
* this method instead calls the security manager's
* {@code checkConnect} method with arguments
* {@code p.getAddress().getHostAddress()} and
* {@code p.getPort()}. Each call to a security manager method
* could result in a SecurityException if the operation is not allowed.
*
* @param p is the packet to be sent. The packet should contain
* the destination multicast ip address and the data to be sent.
* One does not need to be the member of the group to send
@ -537,9 +484,6 @@ public class MulticastSocket extends DatagramSocket {
* default ttl is 1.
*
* @throws IOException if an I/O error occurs, or the socket is closed.
* @throws SecurityException if a security manager exists and its
* {@code checkMulticast} or {@code checkConnect}
* method doesn't allow the send.
* @throws PortUnreachableException may be thrown if the socket is connected
* to a currently unreachable destination. Note, there is no
* guarantee that the exception will be thrown.
@ -559,8 +503,6 @@ public class MulticastSocket extends DatagramSocket {
*
* @see DatagramSocket#send
* @see DatagramSocket#receive
* @see SecurityManager#checkMulticast(java.net.InetAddress, byte)
* @see SecurityManager#checkConnect
*/
@Deprecated(forRemoval = true, since = "1.4")
public void send(DatagramPacket p, byte ttl)

155
src/java.base/share/classes/java/net/NetPermission.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,9 +26,6 @@
package java.net;
import java.security.*;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
/**
* This class is for various network permissions.
@ -36,150 +33,16 @@ import java.util.StringTokenizer;
* no actions list; you either have the named permission
* or you don't.
* <P>
* The target name is the name of the network permission (see below). The naming
* convention follows the hierarchical property naming convention.
* Also, an asterisk
* may appear at the end of the name, following a ".", or by itself, to
* signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
* The target name is the name of the network permission. The naming convention
* follows the hierarchical property naming convention, typically the reverse
* domain name notation, to avoid name clashes.
* An asterisk may appear at the end of the name, following a ".", or by itself,
* to signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
* match, while "*foo" and "a*b" do not.
* <P>
* The following table lists the standard NetPermission target names,
* and for each provides a description of what the permission allows
* and a discussion of the risks of granting code the permission.
*
* <table class="striped">
* <caption style="display:none">Permission target name, what the permission allows, and associated risks</caption>
* <thead>
* <tr>
* <th scope="col">Permission Target Name</th>
* <th scope="col">What the Permission Allows</th>
* <th scope="col">Risks of Allowing this Permission</th>
* </tr>
* </thead>
* <tbody>
* <tr>
* <th scope="row">allowHttpTrace</th>
* <td>The ability to use the HTTP TRACE method in HttpURLConnection.</td>
* <td>Malicious code using HTTP TRACE could get access to security sensitive
* information in the HTTP headers (such as cookies) that it might not
* otherwise have access to.</td>
* </tr>
*
* <tr>
* <th scope="row">accessUnixDomainSocket</th>
* <td>The ability to accept, bind, connect or get the local address
* of a <i>Unix Domain</i> socket.
* </td>
* <td>Malicious code could connect to local processes using Unix domain sockets
* or impersonate local processes, by binding to the same pathnames (assuming they
* have the required Operating System permissions.</td>
* </tr>
*
* <tr>
* <th scope="row">getCookieHandler</th>
* <td>The ability to get the cookie handler that processes highly
* security sensitive cookie information for an Http session.</td>
* <td>Malicious code can get a cookie handler to obtain access to
* highly security sensitive cookie information. Some web servers
* use cookies to save user private information such as access
* control information, or to track user browsing habit.</td>
* </tr>
*
* <tr>
* <th scope="row">getNetworkInformation</th>
* <td>The ability to retrieve all information about local network interfaces.</td>
* <td>Malicious code can read information about network hardware such as
* MAC addresses, which could be used to construct local IPv6 addresses.</td>
* </tr>
*
* <tr>
* <th scope="row">getProxySelector</th>
* <td>The ability to get the proxy selector used to make decisions
* on which proxies to use when making network connections.</td>
* <td>Malicious code can get a ProxySelector to discover proxy
* hosts and ports on internal networks, which could then become
* targets for attack.</td>
* </tr>
*
* <tr>
* <th scope="row">getResponseCache</th>
* <td>The ability to get the response cache that provides
* access to a local response cache.</td>
* <td>Malicious code getting access to the local response cache
* could access security sensitive information.</td>
* </tr>
*
* <tr>
* <th scope="row">requestPasswordAuthentication</th>
* <td>The ability
* to ask the authenticator registered with the system for
* a password</td>
* <td>Malicious code may steal this password.</td>
* </tr>
*
* <tr>
* <th scope="row">setCookieHandler</th>
* <td>The ability to set the cookie handler that processes highly
* security sensitive cookie information for an Http session.</td>
* <td>Malicious code can set a cookie handler to obtain access to
* highly security sensitive cookie information. Some web servers
* use cookies to save user private information such as access
* control information, or to track user browsing habit.</td>
* </tr>
*
* <tr>
* <th scope="row">setDefaultAuthenticator</th>
* <td>The ability to set the
* way authentication information is retrieved when
* a proxy or HTTP server asks for authentication</td>
* <td>Malicious
* code can set an authenticator that monitors and steals user
* authentication input as it retrieves the input from the user.</td>
* </tr>
*
* <tr>
* <th scope="row">setProxySelector</th>
* <td>The ability to set the proxy selector used to make decisions
* on which proxies to use when making network connections.</td>
* <td>Malicious code can set a ProxySelector that directs network
* traffic to an arbitrary network host.</td>
* </tr>
*
* <tr>
* <th scope="row">setResponseCache</th>
* <td>The ability to set the response cache that provides access to
* a local response cache.</td>
* <td>Malicious code getting access to the local response cache
* could access security sensitive information, or create false
* entries in the response cache.</td>
* </tr>
*
* <tr>
* <th scope="row">setSocketImpl</th>
* <td>The ability to create a sub-class of Socket or ServerSocket with a
* user specified SocketImpl.</td>
* <td>Malicious user-defined SocketImpls can change the behavior of
* Socket and ServerSocket in surprising ways, by virtue of their
* ability to access the protected fields of SocketImpl.</td>
* </tr>
*
* <tr>
* <th scope="row">specifyStreamHandler</th>
* <td>The ability
* to specify a stream handler when constructing a URL</td>
* <td>Malicious code may create a URL with resources that it would
* normally not have access to (like file:/foo/fum/), specifying a
* stream handler that gets the actual bytes from someplace it does
* have access to. Thus it might be able to trick the system into
* creating a ProtectionDomain/CodeSource for a class even though
* that class really didn't come from that location.</td>
* </tr>
* </tbody>
* </table>
*
* @implNote
* Implementations may define additional target names, but should use naming
* conventions such as reverse domain name notation to avoid name clashes.
* @apiNote
* This permission cannot be used for controlling access to resources
* as the Security Manager is no longer supported.
*
* @see java.security.BasicPermission
* @see java.security.Permission

25
src/java.base/share/classes/java/net/NetworkInterface.java
View file

@ -120,13 +120,6 @@ public final class NetworkInterface {
/**
* Get an Enumeration with all, or a subset, of the InetAddresses bound to
* this network interface.
* <p>
* If there is a security manager, its {@code checkConnect}
* method is called for each InetAddress. Only InetAddresses where
* the {@code checkConnect} doesn't throw a SecurityException
* will be returned in the Enumeration. However, if the caller has the
* {@link NetPermission}("getNetworkInformation") permission, then all
* InetAddresses are returned.
*
* @implNote
* The returned enumeration contains all, or a subset, of the InetAddresses that were
@ -144,13 +137,6 @@ public final class NetworkInterface {
/**
* Get a Stream of all, or a subset, of the InetAddresses bound to this
* network interface.
* <p>
* If there is a security manager, its {@code checkConnect}
* method is called for each InetAddress. Only InetAddresses where
* the {@code checkConnect} doesn't throw a SecurityException will be
* returned in the Stream. However, if the caller has the
* {@link NetPermission}("getNetworkInformation") permission, then all
* InetAddresses are returned.
*
* @implNote
* The stream contains all, or a subset, of the InetAddresses that were
@ -193,11 +179,6 @@ public final class NetworkInterface {
/**
* Get a List of all, or a subset, of the {@code InterfaceAddresses}
* of this network interface.
* <p>
* If there is a security manager, its {@code checkConnect}
* method is called with the InetAddress for each InterfaceAddress.
* Only InterfaceAddresses where the {@code checkConnect} doesn't throw
* a SecurityException will be returned in the List.
*
* @return a {@code List} object with all, or a subset, of the
* InterfaceAddress of this network interface
@ -567,13 +548,9 @@ public final class NetworkInterface {
/**
* Returns the hardware address (usually MAC) of the interface if it
* has one and if it can be accessed given the current privileges.
* If a security manager is set, then the caller must have
* the permission {@link NetPermission}("getNetworkInformation").
*
* @return a byte array containing the address, or {@code null} if
* the address doesn't exist, is not accessible or a security
* manager is set and the caller does not have the permission
* NetPermission("getNetworkInformation")
* the address doesn't exist or is not accessible
*
* @throws SocketException if an I/O error occurs.
* @since 1.6

9
src/java.base/share/classes/java/net/ProxySelector.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -89,9 +89,6 @@ public abstract class ProxySelector {
/**
* Gets the system-wide proxy selector.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link NetPermission}{@code ("getProxySelector")}
* @see #setDefault(ProxySelector)
* @return the system-wide {@code ProxySelector}
* @since 1.5
@ -113,10 +110,6 @@ public abstract class ProxySelector {
* @param ps The HTTP proxy selector, or
* {@code null} to unset the proxy selector.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link NetPermission}{@code ("setProxySelector")}
*
* @see #getDefault()
* @since 1.5
*/

10
src/java.base/share/classes/java/net/ResponseCache.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -79,10 +79,6 @@ public abstract class ResponseCache {
/**
* Gets the system-wide response cache.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link NetPermission}{@code ("getResponseCache")}
*
* @see #setDefault(ResponseCache)
* @return the system-wide {@code ResponseCache}
* @since 1.5
@ -104,10 +100,6 @@ public abstract class ResponseCache {
* @param responseCache The response cache, or
* {@code null} to unset the cache.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link NetPermission}{@code ("setResponseCache")}
*
* @see #getDefault()
* @since 1.5
*/

104
src/java.base/share/classes/java/net/ServerSocket.java
View file

@ -103,9 +103,6 @@ public class ServerSocket implements java.io.Closeable {
*
* @throws NullPointerException if impl is {@code null}.
*
* @throws SecurityException if a security manager is set and
* its {@code checkPermission} method doesn't allow
* {@code NetPermission("setSocketImpl")}.
* @since 12
*/
protected ServerSocket(SocketImpl impl) {
@ -145,26 +142,14 @@ public class ServerSocket implements java.io.Closeable {
* {@linkplain SocketImplFactory#createSocketImpl() createSocketImpl} method
* is called to create the actual socket implementation. Otherwise a system-default
* socket implementation is created.
* <p>
* If there is a security manager,
* its {@code checkListen} method is called
* with the {@code port} argument
* as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
*
*
* @param port the port number, or {@code 0} to use a port
* number that is automatically allocated.
*
* @throws IOException if an I/O error occurs when opening the socket.
* @throws SecurityException
* if a security manager exists and its {@code checkListen}
* method doesn't allow the operation.
* @throws IllegalArgumentException if the port parameter is outside
* the specified range of valid port values, which is between
* 0 and 65535, inclusive.
*
* @see SecurityManager#checkListen
*/
public ServerSocket(int port) throws IOException {
this(port, 50, null);
@ -188,12 +173,6 @@ public class ServerSocket implements java.io.Closeable {
* {@linkplain SocketImplFactory#createSocketImpl() createSocketImpl} method
* is called to create the actual socket implementation. Otherwise a system-default
* socket implementation is created.
* <p>
* If there is a security manager,
* its {@code checkListen} method is called
* with the {@code port} argument
* as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
*
* The {@code backlog} argument is the requested maximum number of
* pending connections on the socket. Its exact semantics are implementation
@ -208,14 +187,9 @@ public class ServerSocket implements java.io.Closeable {
* connections.
*
* @throws IOException if an I/O error occurs when opening the socket.
* @throws SecurityException
* if a security manager exists and its {@code checkListen}
* method doesn't allow the operation.
* @throws IllegalArgumentException if the port parameter is outside
* the specified range of valid port values, which is between
* 0 and 65535, inclusive.
*
* @see SecurityManager#checkListen
*/
public ServerSocket(int port, int backlog) throws IOException {
this(port, backlog, null);
@ -234,12 +208,6 @@ public class ServerSocket implements java.io.Closeable {
* This port number can then be retrieved by calling
* {@link #getLocalPort getLocalPort}.
*
* <P>If there is a security manager, this method
* calls its {@code checkListen} method
* with the {@code port} argument
* as its argument to ensure the operation is allowed.
* This could result in a SecurityException.
*
* The {@code backlog} argument is the requested maximum number of
* pending connections on the socket. Its exact semantics are implementation
* specific. In particular, an implementation may impose a maximum length
@ -253,15 +221,10 @@ public class ServerSocket implements java.io.Closeable {
* connections.
* @param bindAddr the local InetAddress the server will bind to
*
* @throws SecurityException if a security manager exists and
* its {@code checkListen} method doesn't allow the operation.
*
* @throws IOException if an I/O error occurs when opening the socket.
* @throws IllegalArgumentException if the port parameter is outside
* the specified range of valid port values, which is between
* 0 and 65535, inclusive.
*
* @see SecurityManager#checkListen
* @since 1.1
*/
@SuppressWarnings("this-escape")
@ -330,8 +293,6 @@ public class ServerSocket implements java.io.Closeable {
* @param endpoint The IP address and port number to bind to.
* @throws IOException if the bind operation fails, the socket
* is already bound or the socket is closed.
* @throws SecurityException if a {@code SecurityManager} is present and
* its {@code checkListen} method doesn't allow the operation.
* @throws IllegalArgumentException if endpoint is a
* SocketAddress subclass not supported by this socket
* @since 1.4
@ -359,8 +320,6 @@ public class ServerSocket implements java.io.Closeable {
* incoming connections.
* @throws IOException if the bind operation fails, the socket
* is already bound or the socket is closed.
* @throws SecurityException if a {@code SecurityManager} is present and
* its {@code checkListen} method doesn't allow the operation.
* @throws IllegalArgumentException if endpoint is a
* SocketAddress subclass not supported by this socket
* @since 1.4
@ -397,17 +356,9 @@ public class ServerSocket implements java.io.Closeable {
* If the socket was bound prior to being {@link #close closed},
* then this method will continue to return the local address
* after the socket is closed.
* <p>
* If there is a security manager set, its {@code checkConnect} method is
* called with the local address and {@code -1} as its arguments to see
* if the operation is allowed. If the operation is not allowed,
* the {@link InetAddress#getLoopbackAddress loopback} address is returned.
*
* @return the address to which this socket is bound,
* or the loopback address if denied by the security manager,
* or {@code null} if the socket is unbound.
*
* @see SecurityManager#checkConnect
*/
public InetAddress getInetAddress() {
if (!isBound())
@ -458,23 +409,13 @@ public class ServerSocket implements java.io.Closeable {
* If the socket was bound prior to being {@link #close closed},
* then this method will continue to return the address of the endpoint
* after the socket is closed.
* <p>
* If there is a security manager set, its {@code checkConnect} method is
* called with the local address and {@code -1} as its arguments to see
* if the operation is allowed. If the operation is not allowed,
* a {@code SocketAddress} representing the
* {@link InetAddress#getLoopbackAddress loopback} address and the local
* port to which the socket is bound is returned.
*
* @return a {@code SocketAddress} representing the local endpoint of
* this socket, or a {@code SocketAddress} representing the
* loopback address if denied by the security manager,
* or {@code null} if the socket is not bound yet.
* this socket, or {@code null} if the socket is not bound yet.
*
* @see #getInetAddress()
* @see #getLocalPort()
* @see #bind(SocketAddress)
* @see SecurityManager#checkConnect
* @since 1.4
*/
public SocketAddress getLocalSocketAddress() {
@ -503,14 +444,6 @@ public class ServerSocket implements java.io.Closeable {
* {@code SocketException} with the interrupt status set.
* </ol>
*
* <p> A new Socket {@code s} is created and, if there
* is a security manager,
* the security manager's {@code checkAccept} method is called
* with {@code s.getInetAddress().getHostAddress()} and
* {@code s.getPort()}
* as its arguments to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @implNote
* An instance of this class using a system-default {@code SocketImpl}
* accepts sockets with a {@code SocketImpl} of the same type, regardless
@ -519,8 +452,6 @@ public class ServerSocket implements java.io.Closeable {
*
* @throws IOException if an I/O error occurs when waiting for a
* connection, the socket is not bound or the socket is closed.
* @throws SecurityException if a security manager exists and its
* {@code checkAccept} method doesn't allow the operation.
* @throws SocketTimeoutException if a timeout was previously set with setSoTimeout and
* the timeout has been reached.
* @throws java.nio.channels.IllegalBlockingModeException
@ -529,7 +460,6 @@ public class ServerSocket implements java.io.Closeable {
* accepted
*
* @return the new Socket
* @see SecurityManager#checkAccept
*/
public Socket accept() throws IOException {
if (isClosed())
@ -681,10 +611,8 @@ public class ServerSocket implements java.io.Closeable {
/**
* Accepts a new connection so that the given SocketImpl is connected to
* the peer. The SocketImpl and connection are closed if the connection is
* denied by the security manager.
* the peer.
* @throws IOException if an I/O error occurs
* @throws SecurityException if the security manager's checkAccept method fails
*/
private void implAccept(SocketImpl si) throws IOException {
assert !(si instanceof DelegatingSocketImpl);
@ -904,14 +832,6 @@ public class ServerSocket implements java.io.Closeable {
/**
* Returns the implementation address and implementation port of
* this socket as a {@code String}.
* <p>
* If there is a security manager set, and this socket is
* {@linkplain #isBound bound}, its {@code checkConnect} method is
* called with the local address and {@code -1} as its arguments to see
* if the operation is allowed. If the operation is not allowed,
* an {@code InetAddress} representing the
* {@link InetAddress#getLoopbackAddress loopback} address is returned as
* the implementation address.
*
* @return a string representation of this socket.
*/
@ -943,20 +863,12 @@ public class ServerSocket implements java.io.Closeable {
* <p>
* Passing {@code null} to the method is a no-op unless the factory
* was already set.
* <p>
* If there is a security manager, this method first calls
* the security manager's {@code checkSetFactory} method
* to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param fac the desired factory.
* @throws IOException if an I/O error occurs when setting the
* socket factory.
* @throws SocketException if the factory has already been defined.
* @throws SecurityException if a security manager exists and its
* {@code checkSetFactory} method doesn't allow the operation.
* @see java.net.SocketImplFactory#createSocketImpl()
* @see SecurityManager#checkSetFactory
* @deprecated Use a {@link javax.net.ServerSocketFactory} and subclass {@code ServerSocket}
* directly.
* <br> This method provided a way in early JDK releases to replace the
@ -1112,12 +1024,6 @@ public class ServerSocket implements java.io.Closeable {
*
* @throws NullPointerException if name is {@code null}
*
* @throws SecurityException if a security manager is set and if the socket
* option requires a security permission and if the caller does
* not have the required permission.
* {@link java.net.StandardSocketOptions StandardSocketOptions}
* do not require any security permission.
*
* @since 9
*/
public <T> ServerSocket setOption(SocketOption<T> name, T value)
@ -1145,12 +1051,6 @@ public class ServerSocket implements java.io.Closeable {
*
* @throws NullPointerException if name is {@code null}
*
* @throws SecurityException if a security manager is set and if the socket
* option requires a security permission and if the caller does
* not have the required permission.
* {@link java.net.StandardSocketOptions StandardSocketOptions}
* do not require any security permission.
*
* @since 9
*/
public <T> T getOption(SocketOption<T> name) throws IOException {

106
src/java.base/share/classes/java/net/Socket.java
View file

@ -185,10 +185,6 @@ public class Socket implements java.io.Closeable {
* Creates an unconnected socket, specifying the type of proxy, if any,
* that should be used regardless of any other settings.
* <P>
* If there is a security manager, its {@code checkConnect} method
* is called with the proxy host address and port number
* as its arguments. This could result in a SecurityException.
* <P>
* Examples:
* <UL> <LI>{@code Socket s = new Socket(Proxy.NO_PROXY);} will create
* a plain socket ignoring any other proxy configuration.</LI>
@ -201,9 +197,6 @@ public class Socket implements java.io.Closeable {
* of proxying should be used.
* @throws IllegalArgumentException if the proxy is of an invalid type
* or {@code null}.
* @throws SecurityException if a security manager is present and
* permission to connect to the proxy is
* denied.
* @see java.net.ProxySelector
* @see java.net.Proxy
*
@ -263,9 +256,6 @@ public class Socket implements java.io.Closeable {
* @throws SocketException if there is an error in the underlying protocol,
* such as a TCP error.
*
* @throws SecurityException if {@code impl} is non-null and a security manager is set
* and its {@code checkPermission} method doesn't allow {@code NetPermission("setSocketImpl")}.
*
* @since 1.1
*/
protected Socket(SocketImpl impl) throws SocketException {
@ -298,11 +288,6 @@ public class Socket implements java.io.Closeable {
* {@linkplain SocketImplFactory#createSocketImpl() createSocketImpl}
* method is called to create the actual socket implementation. Otherwise
* a system-default socket implementation is created.
* <p>
* If there is a security manager, its
* {@code checkConnect} method is called
* with the host address and {@code port}
* as its arguments. This could result in a SecurityException.
*
* @param host the host name, or {@code null} for the loopback address.
* @param port the port number.
@ -311,12 +296,9 @@ public class Socket implements java.io.Closeable {
* the host could not be determined.
*
* @throws IOException if an I/O error occurs when creating the socket.
* @throws SecurityException if a security manager exists and its
* {@code checkConnect} method doesn't allow the operation.
* @throws IllegalArgumentException if the port parameter is outside
* the specified range of valid port values, which is between
* 0 and 65535, inclusive.
* @see SecurityManager#checkConnect
*/
@SuppressWarnings("this-escape")
public Socket(String host, int port)
@ -336,22 +318,14 @@ public class Socket implements java.io.Closeable {
* {@linkplain SocketImplFactory#createSocketImpl() createSocketImpl}
* method is called to create the actual socket implementation. Otherwise
* a system-default socket implementation is created.
* <p>
* If there is a security manager, its
* {@code checkConnect} method is called
* with the host address and {@code port}
* as its arguments. This could result in a SecurityException.
*
* @param address the IP address.
* @param port the port number.
* @throws IOException if an I/O error occurs when creating the socket.
* @throws SecurityException if a security manager exists and its
* {@code checkConnect} method doesn't allow the operation.
* @throws IllegalArgumentException if the port parameter is outside
* the specified range of valid port values, which is between
* 0 and 65535, inclusive.
* @throws NullPointerException if {@code address} is null.
* @see SecurityManager#checkConnect
*/
@SuppressWarnings("this-escape")
public Socket(InetAddress address, int port) throws IOException {
@ -372,11 +346,6 @@ public class Socket implements java.io.Closeable {
* <p>
* A local port number of {@code zero} will let the system pick up a
* free port in the {@code bind} operation.</p>
* <p>
* If there is a security manager, its
* {@code checkConnect} method is called
* with the host address and {@code port}
* as its arguments. This could result in a SecurityException.
*
* @param host the name of the remote host, or {@code null} for the loopback address.
* @param port the remote port
@ -385,14 +354,9 @@ public class Socket implements java.io.Closeable {
* @param localPort the local port the socket is bound to, or
* {@code zero} for a system selected free port.
* @throws IOException if an I/O error occurs when creating the socket.
* @throws SecurityException if a security manager exists and its
* {@code checkConnect} method doesn't allow the connection
* to the destination, or if its {@code checkListen} method
* doesn't allow the bind to the local port.
* @throws IllegalArgumentException if the port parameter or localPort
* parameter is outside the specified range of valid port values,
* which is between 0 and 65535, inclusive.
* @see SecurityManager#checkConnect
* @since 1.1
*/
@SuppressWarnings("this-escape")
@ -414,11 +378,6 @@ public class Socket implements java.io.Closeable {
* <p>
* A local port number of {@code zero} will let the system pick up a
* free port in the {@code bind} operation.</p>
* <p>
* If there is a security manager, its
* {@code checkConnect} method is called
* with the host address and {@code port}
* as its arguments. This could result in a SecurityException.
*
* @param address the remote address
* @param port the remote port
@ -427,15 +386,10 @@ public class Socket implements java.io.Closeable {
* @param localPort the local port the socket is bound to or
* {@code zero} for a system selected free port.
* @throws IOException if an I/O error occurs when creating the socket.
* @throws SecurityException if a security manager exists and its
* {@code checkConnect} method doesn't allow the connection
* to the destination, or if its {@code checkListen} method
* doesn't allow the bind to the local port.
* @throws IllegalArgumentException if the port parameter or localPort
* parameter is outside the specified range of valid port values,
* which is between 0 and 65535, inclusive.
* @throws NullPointerException if {@code address} is null.
* @see SecurityManager#checkConnect
* @since 1.1
*/
@SuppressWarnings("this-escape")
@ -465,11 +419,6 @@ public class Socket implements java.io.Closeable {
* method is called to create the actual socket implementation. Otherwise
* a system-default socket implementation is created.
* <p>
* If there is a security manager, its
* {@code checkConnect} method is called
* with the host address and {@code port}
* as its arguments. This could result in a SecurityException.
* <p>
* If a UDP socket is used, TCP/IP related socket options will not apply.
*
* @param host the host name, or {@code null} for the loopback address.
@ -477,12 +426,9 @@ public class Socket implements java.io.Closeable {
* @param stream a {@code boolean} indicating whether this is
* a stream socket or a datagram socket.
* @throws IOException if an I/O error occurs when creating the socket.
* @throws SecurityException if a security manager exists and its
* {@code checkConnect} method doesn't allow the operation.
* @throws IllegalArgumentException if the port parameter is outside
* the specified range of valid port values, which is between
* 0 and 65535, inclusive.
* @see SecurityManager#checkConnect
* @deprecated Use {@link DatagramSocket} instead for UDP transport.
*/
@Deprecated(forRemoval = true, since = "1.1")
@ -506,11 +452,6 @@ public class Socket implements java.io.Closeable {
* {@linkplain SocketImplFactory#createSocketImpl() createSocketImpl}
* method is called to create the actual socket implementation. Otherwise
* a system-default socket implementation is created.
*
* <p>If there is a security manager, its
* {@code checkConnect} method is called
* with {@code host.getHostAddress()} and {@code port}
* as its arguments. This could result in a SecurityException.
* <p>
* If UDP socket is used, TCP/IP related socket options will not apply.
*
@ -519,13 +460,10 @@ public class Socket implements java.io.Closeable {
* @param stream if {@code true}, create a stream socket;
* otherwise, create a datagram socket.
* @throws IOException if an I/O error occurs when creating the socket.
* @throws SecurityException if a security manager exists and its
* {@code checkConnect} method doesn't allow the operation.
* @throws IllegalArgumentException if the port parameter is outside
* the specified range of valid port values, which is between
* 0 and 65535, inclusive.
* @throws NullPointerException if {@code host} is null.
* @see SecurityManager#checkConnect
* @deprecated Use {@link DatagramSocket} instead for UDP transport.
*/
@Deprecated(forRemoval = true, since = "1.1")
@ -783,9 +721,6 @@ public class Socket implements java.io.Closeable {
* is already bound or the socket is closed.
* @throws IllegalArgumentException if bindpoint is a
* SocketAddress subclass not supported by this socket
* @throws SecurityException if a security manager exists and its
* {@code checkListen} method doesn't allow the bind
* to the local port.
*
* @since 1.4
* @see #isBound
@ -848,18 +783,10 @@ public class Socket implements java.io.Closeable {
/**
* Gets the local address to which the socket is bound.
* <p>
* If there is a security manager set, its {@code checkConnect} method is
* called with the local address and {@code -1} as its arguments to see
* if the operation is allowed. If the operation is not allowed,
* the {@link InetAddress#getLoopbackAddress loopback} address is returned.
*
* @return the local address to which the socket is bound,
* the loopback address if denied by the security manager, or
* @return the local address to which the socket is bound, or
* the wildcard address if the socket is closed or not bound yet.
* @since 1.1
*
* @see SecurityManager#checkConnect
*/
public InetAddress getLocalAddress() {
// This is for backward compatibility
@ -957,23 +884,13 @@ public class Socket implements java.io.Closeable {
* {@code InetSocketAddress}'s address is the
* {@link InetAddress#isAnyLocalAddress wildcard} address
* and its port is the local port that it was bound to.
* <p>
* If there is a security manager set, its {@code checkConnect} method is
* called with the local address and {@code -1} as its arguments to see
* if the operation is allowed. If the operation is not allowed,
* a {@code SocketAddress} representing the
* {@link InetAddress#getLoopbackAddress loopback} address and the local
* port to which this socket is bound is returned.
*
* @return a {@code SocketAddress} representing the local endpoint of
* this socket, or a {@code SocketAddress} representing the
* loopback address if denied by the security manager, or
* {@code null} if the socket is not bound yet.
* this socket, or {@code null} if the socket is not bound yet.
*
* @see #getLocalAddress()
* @see #getLocalPort()
* @see #bind(SocketAddress)
* @see SecurityManager#checkConnect
* @since 1.4
*/
public SocketAddress getLocalSocketAddress() {
@ -1915,19 +1832,12 @@ public class Socket implements java.io.Closeable {
* <p>
* Passing {@code null} to the method is a no-op unless the factory
* was already set.
* <p>If there is a security manager, this method first calls
* the security manager's {@code checkSetFactory} method
* to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param fac the desired factory.
* @throws IOException if an I/O error occurs when setting the
* socket factory.
* @throws SocketException if the factory is already defined.
* @throws SecurityException if a security manager exists and its
* {@code checkSetFactory} method doesn't allow the operation.
* @see java.net.SocketImplFactory#createSocketImpl()
* @see SecurityManager#checkSetFactory
* @deprecated Use a {@link javax.net.SocketFactory} and subclass {@code Socket}
* directly.
* <br> This method provided a way in early JDK releases to replace the
@ -2018,12 +1928,6 @@ public class Socket implements java.io.Closeable {
*
* @throws NullPointerException if name is {@code null}
*
* @throws SecurityException if a security manager is set and if the socket
* option requires a security permission and if the caller does
* not have the required permission.
* {@link java.net.StandardSocketOptions StandardSocketOptions}
* do not require any security permission.
*
* @since 9
*/
public <T> Socket setOption(SocketOption<T> name, T value) throws IOException {
@ -2049,12 +1953,6 @@ public class Socket implements java.io.Closeable {
*
* @throws NullPointerException if name is {@code null}
*
* @throws SecurityException if a security manager is set and if the socket
* option requires a security permission and if the caller does
* not have the required permission.
* {@link java.net.StandardSocketOptions StandardSocketOptions}
* do not require any security permission.
*
* @since 9
*/
public <T> T getOption(SocketOption<T> name) throws IOException {

26
src/java.base/share/classes/java/net/SocketPermission.java
View file

@ -111,30 +111,10 @@ import sun.security.util.Debug;
* The action "resolve" refers to host/ip name service lookups.
* <P>
* The actions string is converted to lowercase before processing.
* <p>As an example of the creation and meaning of SocketPermissions,
* note that if the following permission:
*
* <pre>
* p1 = new SocketPermission("foo.example.com:7777", "connect,accept");
* </pre>
*
* is granted to some code, it allows that code to connect to port 7777 on
* {@code foo.example.com}, and to accept connections on that port.
*
* <p>Similarly, if the following permission:
*
* <pre>
* p2 = new SocketPermission("localhost:1024-", "accept,connect,listen");
* </pre>
*
* is granted to some code, it allows that code to
* accept connections on, connect to, or listen on any port between
* 1024 and 65535 on the local host.
*
* <p>Note: Granting code permission to accept or make connections to remote
* hosts may be dangerous because malevolent code can then more easily
* transfer and share confidential data among parties who may not
* otherwise have access to the data.
* @apiNote
* This permission cannot be used for controlling access to resources
* as the Security Manager is no longer supported.
*
* @spec https://www.rfc-editor.org/info/rfc2732
* RFC 2732: Format for Literal IPv6 Addresses in URL's

35
src/java.base/share/classes/java/net/URL.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -459,12 +459,6 @@ public final class URL implements java.io.Serializable {
* {@link java.net.URL#URL(java.lang.String, java.lang.String, int,
* java.lang.String)}
*
* <p>If the handler is not null and there is a security manager,
* the security manager's {@code checkPermission}
* method is called with a
* {@code NetPermission("specifyStreamHandler")} permission.
* This may result in a SecurityException.
*
* No validation of the inputs is performed by this constructor.
*
* @param protocol the name of the protocol to use.
@ -476,18 +470,12 @@ public final class URL implements java.io.Serializable {
* is a negative number other than -1,
* or if the underlying stream handler implementation
* rejects, or is known to reject, the {@code URL}
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* specifying a stream handler explicitly.
* @see java.lang.System#getProperty(java.lang.String)
* @see java.net.URL#setURLStreamHandlerFactory(
* java.net.URLStreamHandlerFactory)
* @see java.net.URLStreamHandler
* @see java.net.URLStreamHandlerFactory#createURLStreamHandler(
* java.lang.String)
* @see SecurityManager#checkPermission
* @see java.net.NetPermission
* @deprecated
* Use {@link #of(URI, URLStreamHandler)} to construct an instance of URL
* associated with a custom protocol handler.
@ -673,10 +661,6 @@ public final class URL implements java.io.Serializable {
* underlying stream handler's {@linkplain
* URLStreamHandler#parseURL(URL, String, int, int)
* parseURL method} throws {@code IllegalArgumentException}
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* specifying a stream handler.
* @see java.net.URL#URL(java.lang.String, java.lang.String,
* int, java.lang.String)
* @see java.net.URLStreamHandler
@ -847,11 +831,6 @@ public final class URL implements java.io.Serializable {
* URLStreamHandler#parseURL(URL, String, int, int)
* parseURL method} throws {@code IllegalArgumentException}
*
* @throws SecurityException
* if a security manager exists and its
* {@code checkPermission} method doesn't allow
* specifying a stream handler
*
* @see java.net.URI#toURL()
*
* @since 20
@ -1272,9 +1251,6 @@ public final class URL implements java.io.Serializable {
* Proxy.NO_PROXY should be specified.
* @return a {@code URLConnection} to the URL.
* @throws IOException if an I/O exception occurs.
* @throws SecurityException if a security manager is present
* and the caller doesn't have permission to connect
* to the proxy.
* @throws IllegalArgumentException will be thrown if proxy is null,
* or proxy has the wrong type
* @throws UnsupportedOperationException if the subclass that
@ -1371,20 +1347,11 @@ public final class URL implements java.io.Serializable {
*<p> The {@code URLStreamHandlerFactory} instance is used to
*construct a stream protocol handler from a protocol name.
*
* <p> If there is a security manager, this method first calls
* the security manager's {@code checkSetFactory} method
* to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param fac the desired factory.
* @throws Error if the application has already set a factory.
* @throws SecurityException if a security manager exists and its
* {@code checkSetFactory} method doesn't allow
* the operation.
* @see java.net.URL#URL(java.lang.String, java.lang.String,
* int, java.lang.String)
* @see java.net.URLStreamHandlerFactory
* @see SecurityManager#checkSetFactory
*/
public static void setURLStreamHandlerFactory(URLStreamHandlerFactory fac) {
synchronized (streamHandlerLock) {

68
src/java.base/share/classes/java/net/URLClassLoader.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -68,13 +68,6 @@ import sun.security.util.SecurityConstants;
* This class loader supports the loading of classes and resources from the
* contents of a <a href="../util/jar/JarFile.html#multirelease">multi-release</a>
* JAR file that is referred to by a given URL.
* <p>
* The AccessControlContext of the thread that created the instance of
* URLClassLoader will be used when subsequently loading classes and
* resources.
* <p>
* The classes that are loaded are by default granted permission only to
* access the URLs specified when the URLClassLoader was created.
*
* @author David Connelly
* @since 1.2
@ -96,18 +89,10 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* the URL is assumed to refer to a JAR file which will be downloaded and
* opened as needed.
*
* <p>If there is a security manager, this method first
* calls the security manager's {@code checkCreateClassLoader} method
* to ensure creation of a class loader is allowed.
*
* @param urls the URLs from which to load classes and resources
* @param parent the parent class loader for delegation
* @throws SecurityException if a security manager exists and its
* {@code checkCreateClassLoader} method doesn't allow
* creation of a class loader.
* @throws NullPointerException if {@code urls} or any of its
* elements is {@code null}.
* @see SecurityManager#checkCreateClassLoader
*/
@SuppressWarnings("removal")
public URLClassLoader(URL[] urls, ClassLoader parent) {
@ -132,18 +117,10 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* assumed to refer to a JAR file which will be downloaded and opened
* as needed.
*
* <p>If there is a security manager, this method first
* calls the security manager's {@code checkCreateClassLoader} method
* to ensure creation of a class loader is allowed.
*
* @param urls the URLs from which to load classes and resources
*
* @throws SecurityException if a security manager exists and its
* {@code checkCreateClassLoader} method doesn't allow
* creation of a class loader.
* @throws NullPointerException if {@code urls} or any of its
* elements is {@code null}.
* @see SecurityManager#checkCreateClassLoader
*/
@SuppressWarnings("removal")
public URLClassLoader(URL[] urls) {
@ -165,20 +142,12 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* factory argument will be used as the stream handler factory to
* obtain protocol handlers when creating new jar URLs.
*
* <p>If there is a security manager, this method first
* calls the security manager's {@code checkCreateClassLoader} method
* to ensure creation of a class loader is allowed.
*
* @param urls the URLs from which to load classes and resources
* @param parent the parent class loader for delegation
* @param factory the URLStreamHandlerFactory to use when creating URLs
*
* @throws SecurityException if a security manager exists and its
* {@code checkCreateClassLoader} method doesn't allow
* creation of a class loader.
* @throws NullPointerException if {@code urls} or any of its
* elements is {@code null}.
* @see SecurityManager#checkCreateClassLoader
*/
@SuppressWarnings("removal")
public URLClassLoader(URL[] urls, ClassLoader parent,
@ -205,10 +174,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @throws NullPointerException if {@code urls} or any of its
* elements is {@code null}.
*
* @throws SecurityException if a security manager exists and its
* {@link SecurityManager#checkCreateClassLoader()} method doesn't
* allow creation of a class loader.
*
* @since 9
*/
@SuppressWarnings("removal")
@ -236,10 +201,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* @throws NullPointerException if {@code urls} or any of its
* elements is {@code null}.
*
* @throws SecurityException if a security manager exists and its
* {@code checkCreateClassLoader} method doesn't allow
* creation of a class loader.
*
* @since 9
*/
@SuppressWarnings("removal")
@ -335,9 +296,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* is caught, then the second and following exceptions are added
* as suppressed exceptions of the first one caught, which is then re-thrown.
*
* @throws SecurityException if a security manager is set, and it denies
* {@link RuntimePermission}{@code ("closeClassLoader")}
*
* @since 1.7
*/
public void close() throws IOException {
@ -689,24 +647,24 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
* The implementation of this method first calls super.getPermissions
* and then adds permissions based on the URL of the codesource.
* <p>
* If the protocol of this URL is "jar", then the permission granted
* If the protocol of this URL is "jar", then the permission returned
* is based on the permission that is required by the URL of the Jar
* file.
* <p>
* If the protocol is "file" and there is an authority component, then
* permission to connect to and accept connections from that authority
* may be granted. If the protocol is "file"
* may be returned. If the protocol is "file"
* and the path specifies a file, then permission to read that
* file is granted. If protocol is "file" and the path is
* a directory, permission is granted to read all files
* file is returned. If protocol is "file" and the path is
* a directory, then permission is returned to read all files
* and (recursively) all files and subdirectories contained in
* that directory.
* <p>
* If the protocol is not "file", then permission
* to connect to and accept connections from the URL's host is granted.
* to connect to and accept connections from the URL's host is returned.
* @param codesource the codesource
* @throws NullPointerException if {@code codesource} is {@code null}.
* @return the permissions granted to the codesource
* @return the permissions for the codesource
*/
@SuppressWarnings("removal")
protected PermissionCollection getPermissions(CodeSource codesource)
@ -778,11 +736,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
/**
* Creates a new instance of URLClassLoader for the specified
* URLs and parent class loader. If a security manager is
* installed, the {@code loadClass} method of the URLClassLoader
* returned by this method will invoke the
* {@code SecurityManager.checkPackageAccess} method before
* loading the class.
* URLs and parent class loader.
*
* @param urls the URLs to search for classes and resources
* @param parent the parent class loader for delegation
@ -808,11 +762,7 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
/**
* Creates a new instance of URLClassLoader for the specified
* URLs and default parent class loader. If a security manager is
* installed, the {@code loadClass} method of the URLClassLoader
* returned by this method will invoke the
* {@code SecurityManager.checkPackageAccess} before
* loading the class.
* URLs and default parent class loader.
*
* @param urls the URLs to search for classes and resources
* @throws NullPointerException if {@code urls} or any of its

18
src/java.base/share/classes/java/net/URLConnection.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -322,16 +322,8 @@ public abstract class URLConnection {
/**
* Sets the FileNameMap.
* <p>
* If there is a security manager, this method first calls
* the security manager's {@code checkSetFactory} method
* to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param map the FileNameMap to be set
* @throws SecurityException if a security manager exists and its
* {@code checkSetFactory} method doesn't allow the operation.
* @see SecurityManager#checkSetFactory
* @see #getFileNameMap()
* @since 1.2
*/
@ -1283,19 +1275,11 @@ public abstract class URLConnection {
* <p>
* The {@code ContentHandlerFactory} instance is used to
* construct a content handler from a content type.
* <p>
* If there is a security manager, this method first calls
* the security manager's {@code checkSetFactory} method
* to ensure the operation is allowed.
* This could result in a SecurityException.
*
* @param fac the desired factory.
* @throws Error if the factory has already been defined.
* @throws SecurityException if a security manager exists and its
* {@code checkSetFactory} method doesn't allow the operation.
* @see java.net.ContentHandlerFactory
* @see java.net.URLConnection#getContent()
* @see SecurityManager#checkSetFactory
*/
public static synchronized void setContentHandlerFactory(ContentHandlerFactory fac) {
if (factory != null) {

13
src/java.base/share/classes/java/net/URLPermission.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -142,12 +142,11 @@ import java.util.Objects;
* method names to upper-case and header names to the form defines in RFC2616 (lower case
* with initial letter of each word capitalized). Either list can contain a wild-card '*'
* character which signifies all request methods or headers respectively.
* <p>
* Note. Depending on the context of use, some request methods and headers may be permitted
* at all times, and others may not be permitted at any time. For example, the
* HTTP protocol handler might disallow certain headers such as Content-Length
* from being set by application code, regardless of whether the security policy
* in force, permits it.
*
* @apiNote
* This permission cannot be used for controlling access to resources
* as the Security Manager is no longer supported.
*
*
* @spec https://www.rfc-editor.org/info/rfc2296
* RFC 2296: HTTP Remote Variant Selection Algorithm -- RVSA/1.0

5
src/java.base/share/classes/java/net/spi/InetAddressResolverProvider.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2021, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2021, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -110,9 +110,6 @@ public abstract class InetAddressResolverProvider {
/**
* Creates a new instance of {@code InetAddressResolverProvider}.
*
* @throws SecurityException if a security manager is present and its
* {@code checkPermission} method doesn't allow the
* {@code RuntimePermission("inetAddressResolverProvider")}.
* @implNote It is recommended that an {@code InetAddressResolverProvider} service
* implementation initialization should be as simple as possible, in order to avoid
* possible risks of deadlock or class loading cycles during the instantiation of the

6
src/java.base/share/classes/java/net/spi/URLStreamHandlerProvider.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -60,10 +60,6 @@ public abstract class URLStreamHandlerProvider
/**
* Initializes a new URL stream handler provider.
*
* @throws SecurityException
* If a security manager has been installed and it denies
* {@link RuntimePermission}{@code ("setFactory")}.
*/
protected URLStreamHandlerProvider() {
this(checkPermission());