6899533: SecureClassLoader and URLClassLoader have unnecessary check for createClassLoader permission
Summary: Remove code that is no longer necessary now that pre-JDK 1.2 SecurityManager methods are not supported.
Reviewed-by: mchung
--- a/src/java.base/share/classes/java/net/URLClassLoader.java Thu Sep 06 16:27:07 2018 +0200
+++ b/src/java.base/share/classes/java/net/URLClassLoader.java Fri Sep 07 08:02:51 2018 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -111,11 +111,6 @@
*/
public URLClassLoader(URL[] urls, ClassLoader parent) {
super(parent);
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, acc);
}
@@ -123,11 +118,6 @@
URLClassLoader(String name, URL[] urls, ClassLoader parent,
AccessControlContext acc) {
super(name, parent);
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
this.acc = acc;
this.ucp = new URLClassPath(urls, acc);
}
@@ -156,22 +146,12 @@
*/
public URLClassLoader(URL[] urls) {
super();
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, acc);
}
URLClassLoader(URL[] urls, AccessControlContext acc) {
super();
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
this.acc = acc;
this.ucp = new URLClassPath(urls, acc);
}
@@ -201,11 +181,6 @@
public URLClassLoader(URL[] urls, ClassLoader parent,
URLStreamHandlerFactory factory) {
super(parent);
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, factory, acc);
}
@@ -238,11 +213,6 @@
URL[] urls,
ClassLoader parent) {
super(name, parent);
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, acc);
}
@@ -273,11 +243,6 @@
public URLClassLoader(String name, URL[] urls, ClassLoader parent,
URLStreamHandlerFactory factory) {
super(name, parent);
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
this.acc = AccessController.getContext();
this.ucp = new URLClassPath(urls, factory, acc);
}
--- a/src/java.base/share/classes/java/security/SecureClassLoader.java Thu Sep 06 16:27:07 2018 +0200
+++ b/src/java.base/share/classes/java/security/SecureClassLoader.java Fri Sep 07 08:02:51 2018 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,12 +42,6 @@
* @since 1.2
*/
public class SecureClassLoader extends ClassLoader {
- /*
- * If initialization succeed this is set to true and security checks will
- * succeed. Otherwise the object is not initialized and the object is
- * useless.
- */
- private final boolean initialized;
/*
* Map that maps the CodeSource to a ProtectionDomain. The key is a
@@ -81,12 +75,6 @@
*/
protected SecureClassLoader(ClassLoader parent) {
super(parent);
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
- initialized = true;
}
/**
@@ -104,12 +92,6 @@
*/
protected SecureClassLoader() {
super();
- // this is to make the stack depth consistent with 1.1
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
- initialized = true;
}
/**
@@ -130,11 +112,6 @@
*/
protected SecureClassLoader(String name, ClassLoader parent) {
super(name, parent);
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkCreateClassLoader();
- }
- initialized = true;
}
/**
@@ -220,7 +197,6 @@
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
- check();
return new Permissions(); // ProtectionDomain defers the binding
}
@@ -260,15 +236,6 @@
});
}
- /*
- * Check to make sure the class loader has been initialized.
- */
- private void check() {
- if (!initialized) {
- throw new SecurityException("ClassLoader object not initialized");
- }
- }
-
private static class CodeSourceKey {
private final CodeSource cs;