8230946: Clarify security manager behaviour of a connected DatagramSocket and DatagramChannel

Update to API, to clarify that packets are dropped in the receive method of non-connected sockets if they fail the security manager checks Reviewed-by: alanb, chegar, dfuchs
2025-08-27 14:54:52 +02:00 · 2019-10-08 14:56:46 +01:00 · 2019-10-08 14:56:46 +01:00 · ee87f2a7a4
commit ee87f2a7a4
parent 3e8d409cee
2 changed files with 22 additions and 20 deletions
--- a/src/java.base/share/classes/java/nio/channels/DatagramChannel.java
+++ b/src/java.base/share/classes/java/nio/channels/DatagramChannel.java
@ -265,7 +265,10 @@ public abstract class DatagramChannel
     * java.lang.SecurityManager#checkAccept checkAccept} and {@link
     * java.lang.SecurityManager#checkConnect checkConnect} methods permit
     * datagrams to be received from and sent to, respectively, the given
-     * remote address.
+     * remote address. Once connected, no further security checks are performed
+     * for datagrams received from, or sent to, the given remote address. Care
+     * should be taken to ensure that a connected datagram channel is not shared
+     * with untrusted code.
     *
     * <p> This method may be invoked at any time.  It will not have any effect
     * on read or write operations that are already in progress at the moment
@ -369,9 +372,10 @@ public abstract class DatagramChannel
     * to a specific remote address and a security manager has been installed
     * then for each datagram received this method verifies that the source's
     * address and port number are permitted by the security manager's {@link
-     * java.lang.SecurityManager#checkAccept checkAccept} method.  The overhead
-     * of this security check can be avoided by first connecting the socket via
-     * the {@link #connect connect} method.
+     * java.lang.SecurityManager#checkAccept checkAccept} method. Datagrams
+     * that are not permitted by the security manager are silently discarded.
+     * The overhead of this security check can be avoided by first connecting
+     * the socket via the {@link #connect connect} method.
     *
     * <p> This method may be invoked at any time.  If another thread has
     * already initiated a read operation upon this channel, however, then an
@ -401,11 +405,6 @@ public abstract class DatagramChannel
     *          closing the channel and setting the current thread's
     *          interrupt status
     *
-     * @throws  SecurityException
-     *          If a security manager has been installed
-     *          and it does not permit datagrams to be accepted
-     *          from the datagram's sender
-     *
     * @throws  IOException
     *          If some other I/O error occurs
     */