8338411: Implement JEP 486: Permanently Disable the Security Manager

Co-authored-by: Sean Mullan <mullan@openjdk.org> Co-authored-by: Alan Bateman <alanb@openjdk.org> Co-authored-by: Weijun Wang <weijun@openjdk.org> Co-authored-by: Aleksei Efimov <aefimov@openjdk.org> Co-authored-by: Brian Burkhalter <bpb@openjdk.org> Co-authored-by: Daniel Fuchs <dfuchs@openjdk.org> Co-authored-by: Harshitha Onkar <honkar@openjdk.org> Co-authored-by: Joe Wang <joehw@openjdk.org> Co-authored-by: Jorn Vernee <jvernee@openjdk.org> Co-authored-by: Justin Lu <jlu@openjdk.org> Co-authored-by: Kevin Walls <kevinw@openjdk.org> Co-authored-by: Lance Andersen <lancea@openjdk.org> Co-authored-by: Naoto Sato <naoto@openjdk.org> Co-authored-by: Roger Riggs <rriggs@openjdk.org> Co-authored-by: Brent Christian <bchristi@openjdk.org> Co-authored-by: Stuart Marks <smarks@openjdk.org> Co-authored-by: Ian Graves <igraves@openjdk.org> Co-authored-by: Phil Race <prr@openjdk.org> Co-authored-by: Erik Gahlin <egahlin@openjdk.org> Co-authored-by: Jaikiran Pai <jpai@openjdk.org> Reviewed-by: kevinw, aivanov, rriggs, lancea, coffeys, dfuchs, ihse, erikj, cjplummer, coleenp, naoto, mchung, prr, weijun, joehw, azvegint, psadhukhan, bchristi, sundar, attila
2025-08-27 06:45:07 +02:00 · 2024-11-12 17:16:15 +00:00 · 2024-11-12 17:16:15 +00:00 · db85090553
commit db85090553
parent c12b386d19
1885 changed files with 5528 additions and 65650 deletions
--- a/src/java.base/share/classes/java/security/DomainCombiner.java
+++ b/src/java.base/share/classes/java/security/DomainCombiner.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -26,62 +26,14 @@
 package java.security;

 /**
- * A {@code DomainCombiner} provides a means to dynamically
- * update the ProtectionDomains associated with the current
- * {@code AccessControlContext}.
+ * {@code DomainCombiner} was used to dynamically update
+ * {@code ProtectionDomain}s for access control operations and decisions. This
+ * feature no longer exists.
 *
- * <p> A {@code DomainCombiner} is passed as a parameter to the
- * appropriate constructor for {@code AccessControlContext}.
- * The newly constructed context is then passed to the
- * {@code AccessController.doPrivileged(..., context)} method
- * to bind the provided context (and associated {@code DomainCombiner})
- * with the current execution thread.  Subsequent calls to
- * {@code AccessController.getContext} or
- * {@code AccessController.checkPermission}
- * cause the {@code DomainCombiner.combine} to get invoked.
- *
- * <p> The combine method takes two arguments.  The first argument represents
- * an array of ProtectionDomains from the current execution thread,
- * since the most recent call to {@code AccessController.doPrivileged}.
- * If no call to doPrivileged was made, then the first argument will contain
- * all the ProtectionDomains from the current execution thread.
- * The second argument represents an array of inherited ProtectionDomains,
- * which may be {@code null}.  ProtectionDomains may be inherited
- * from a parent thread, or from a privileged context.  If no call to
- * doPrivileged was made, then the second argument will contain the
- * ProtectionDomains inherited from the parent thread.  If one or more calls
- * to doPrivileged were made, and the most recent call was to
- * doPrivileged(action, context), then the second argument will contain the
- * ProtectionDomains from the privileged context.  If the most recent call
- * was to doPrivileged(action), then there is no privileged context,
- * and the second argument will be {@code null}.
- *
- * <p> The {@code combine} method investigates the two input arrays
- * of ProtectionDomains and returns a single array containing the updated
- * ProtectionDomains.  In the simplest case, the {@code combine}
- * method merges the two stacks into one.  In more complex cases,
- * the {@code combine} method returns a modified
- * stack of ProtectionDomains.  The modification may have added new
- * ProtectionDomains, removed certain ProtectionDomains, or simply
- * updated existing ProtectionDomains.  Re-ordering and other optimizations
- * to the ProtectionDomains are also permitted.  Typically the
- * {@code combine} method bases its updates on the information
- * encapsulated in the {@code DomainCombiner}.
- *
- * <p> After the {@code AccessController.getContext} method
- * receives the combined stack of ProtectionDomains back from
- * the {@code DomainCombiner}, it returns a new
- * AccessControlContext that has both the combined ProtectionDomains
- * as well as the {@code DomainCombiner}.
- *
- * @see AccessController
- * @see AccessControlContext
 * @since 1.3
- * @deprecated This class is only useful in conjunction with
- *       {@linkplain SecurityManager the Security Manager}, which is deprecated
- *       and subject to removal in a future release. Consequently, this class
- *       is also deprecated and subject to removal. There is no replacement for
- *       the Security Manager or this class.
+ * @deprecated This class was only useful in conjunction with {@linkplain
+ *       SecurityManager the Security Manager}, which is no longer supported.
+ *       There is no replacement for the Security Manager or this class.
 */
@Deprecated(since="17", forRemoval=true)
 public interface DomainCombiner {