8193032: Remove terminally deprecated SecurityManager APIs
Summary: Remove the checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess, and checkMemberAccess methods.
Reviewed-by: alanb, mchung, kcr
--- a/src/java.base/share/classes/java/lang/SecurityManager.java Wed Apr 04 16:57:01 2018 +0800
+++ b/src/java.base/share/classes/java/lang/SecurityManager.java Wed Apr 04 11:26:10 2018 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -235,19 +235,6 @@
*/
private boolean initialized = false;
-
- /**
- * returns true if the current context has been granted AllPermission
- */
- private boolean hasAllPermission() {
- try {
- checkPermission(SecurityConstants.ALL_PERMISSION);
- return true;
- } catch (SecurityException se) {
- return false;
- }
- }
-
/**
* Constructs a new <code>SecurityManager</code>.
*
@@ -1081,28 +1068,6 @@
}
/**
- * Returns {@code true} if the calling thread has {@code AllPermission}.
- *
- * @param window not used except to check if it is {@code null}.
- * @return {@code true} if the calling thread has {@code AllPermission}.
- * @exception NullPointerException if the {@code window} argument is
- * {@code null}.
- * @deprecated This method was originally used to check if the calling thread
- * was trusted to bring up a top-level window. The method has been
- * obsoleted and code should instead use {@link #checkPermission}
- * to check {@code AWTPermission("showWindowWithoutWarningBanner")}.
- * This method is subject to removal in a future version of Java SE.
- * @see #checkPermission(java.security.Permission) checkPermission
- */
- @Deprecated(since="1.8", forRemoval=true)
- public boolean checkTopLevelWindow(Object window) {
- if (window == null) {
- throw new NullPointerException("window can't be null");
- }
- return hasAllPermission();
- }
-
- /**
* Throws a <code>SecurityException</code> if the
* calling thread is not allowed to initiate a print job request.
* <p>
@@ -1124,44 +1089,6 @@
checkPermission(new RuntimePermission("queuePrintJob"));
}
- /**
- * Throws {@code SecurityException} if the calling thread does
- * not have {@code AllPermission}.
- *
- * @since 1.1
- * @exception SecurityException if the calling thread does not have
- * {@code AllPermission}
- * @deprecated This method was originally used to check if the calling
- * thread could access the system clipboard. The method has been
- * obsoleted and code should instead use {@link #checkPermission}
- * to check {@code AWTPermission("accessClipboard")}.
- * This method is subject to removal in a future version of Java SE.
- * @see #checkPermission(java.security.Permission) checkPermission
- */
- @Deprecated(since="1.8", forRemoval=true)
- public void checkSystemClipboardAccess() {
- checkPermission(SecurityConstants.ALL_PERMISSION);
- }
-
- /**
- * Throws {@code SecurityException} if the calling thread does
- * not have {@code AllPermission}.
- *
- * @since 1.1
- * @exception SecurityException if the calling thread does not have
- * {@code AllPermission}
- * @deprecated This method was originally used to check if the calling
- * thread could access the AWT event queue. The method has been
- * obsoleted and code should instead use {@link #checkPermission}
- * to check {@code AWTPermission("accessEventQueue")}.
- * This method is subject to removal in a future version of Java SE.
- * @see #checkPermission(java.security.Permission) checkPermission
- */
- @Deprecated(since="1.8", forRemoval=true)
- public void checkAwtEventQueueAccess() {
- checkPermission(SecurityConstants.ALL_PERMISSION);
- }
-
/*
* We have an initial invalid bit (initially false) for the class
* variables which tell if the cache is valid. If the underlying
@@ -1475,35 +1402,6 @@
}
/**
- * Throws a {@code SecurityException} if the calling thread does
- * not have {@code AllPermission}.
- *
- * @param clazz the class that reflection is to be performed on.
- * @param which type of access, PUBLIC or DECLARED.
- * @throws SecurityException if the caller does not have
- * {@code AllPermission}
- * @throws NullPointerException if the {@code clazz} argument is
- * {@code null}
- * @deprecated This method was originally used to check if the calling
- * thread was allowed to access members. It relied on the
- * caller being at a stack depth of 4 which is error-prone and
- * cannot be enforced by the runtime. The method has been
- * obsoleted and code should instead use
- * {@link #checkPermission} to check
- * {@code RuntimePermission("accessDeclaredMembers")}. This
- * method is subject to removal in a future version of Java SE.
- * @since 1.1
- * @see #checkPermission(java.security.Permission) checkPermission
- */
- @Deprecated(since="1.8", forRemoval=true)
- public void checkMemberAccess(Class<?> clazz, int which) {
- if (clazz == null) {
- throw new NullPointerException("class can't be null");
- }
- checkPermission(SecurityConstants.ALL_PERMISSION);
- }
-
- /**
* Determines whether the permission with the specified permission target
* name should be granted or denied.
*
--- a/src/java.desktop/share/classes/sun/applet/AppletSecurity.java Wed Apr 04 16:57:01 2018 +0800
+++ b/src/java.desktop/share/classes/sun/applet/AppletSecurity.java Wed Apr 04 11:26:10 2018 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -371,30 +371,6 @@
}
/**
- * Tests if a client can get access to the AWT event queue.
- * <p>
- * This method calls {@code checkPermission} with the
- * {@code AWTPermission("accessEventQueue")} permission.
- *
- * @since 1.1
- * @exception SecurityException if the caller does not have
- * permission to access the AWT event queue.
- */
- @SuppressWarnings({"deprecation",
- "removal"}) // SecurityManager.checkAwtEventQueueAccess
- public void checkAwtEventQueueAccess() {
- AppContext appContext = AppContext.getAppContext();
- AppletClassLoader appletClassLoader = currentAppletClassLoader();
-
- if (AppContext.isMainContext(appContext) && (appletClassLoader != null)) {
- // If we're about to allow access to the main EventQueue,
- // and anything untrusted is on the class context stack,
- // disallow access.
- super.checkPermission(AWTPermissions.CHECK_AWT_EVENTQUEUE_PERMISSION);
- }
- } // checkAwtEventQueueAccess()
-
- /**
* Returns the thread group of the applet. We consult the classloader
* if there is one.
*/
--- a/src/java.desktop/share/classes/sun/applet/resources/MsgAppletViewer.java Wed Apr 04 16:57:01 2018 +0800
+++ b/src/java.desktop/share/classes/sun/applet/resources/MsgAppletViewer.java Wed Apr 04 11:26:10 2018 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -188,10 +188,7 @@
{"appletsecurityexception.checkpackageaccess", "Security Exception: cannot access package: {0}"},
{"appletsecurityexception.checkpackagedefinition", "Security Exception: cannot define package: {0}"},
{"appletsecurityexception.cannotsetfactory", "Security Exception: cannot set factory"},
- {"appletsecurityexception.checkmemberaccess", "Security Exception: check member access"},
{"appletsecurityexception.checkgetprintjob", "Security Exception: getPrintJob"},
- {"appletsecurityexception.checksystemclipboardaccess", "Security Exception: getSystemClipboard"},
- {"appletsecurityexception.checkawteventqueueaccess", "Security Exception: getEventQueue"},
{"appletsecurityexception.checksecurityaccess", "Security Exception: security operation: {0}"},
{"appletsecurityexception.getsecuritycontext.unknown", "unknown class loader type. unable to check for getContext"},
{"appletsecurityexception.checkread.unknown", "unknown class loader type. unable to check for checking read {0}"},
--- a/test/hotspot/jtreg/runtime/RedefineObject/WalkThroughInvoke.java Wed Apr 04 16:57:01 2018 +0800
+++ b/test/hotspot/jtreg/runtime/RedefineObject/WalkThroughInvoke.java Wed Apr 04 11:26:10 2018 -0400
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@
SecurityManager sm = new SecurityManager();
// Walks the stack with Method.invoke in the stack (which is the
// purpose of the test) before it gets an AccessControlException.
- sm.checkMemberAccess(b, Member.DECLARED);
+ sm.checkPermission(new RuntimePermission("accessDeclaredMembers"));
} catch (java.security.AccessControlException e) {
// Ignoring an 'AccessControlException' exception since
// it is expected as part of this test.
--- a/test/jdk/java/lang/SecurityManager/DepMethodsRequireAllPerm.java Wed Apr 04 16:57:01 2018 +0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,82 +0,0 @@
-/*
- * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/* @test
- * @bug 8004502 8008793 8029886 8186535
- * @summary Sanity check that the SecurityManager checkMemberAccess method and
- * methods that used to check AWTPermission now check for AllPermission
- */
-
-import java.security.AllPermission;
-import java.security.Permission;
-
-public class DepMethodsRequireAllPerm {
-
- static class MySecurityManager extends SecurityManager {
- final Class<?> expectedClass;
-
- MySecurityManager(Class<?> c) {
- expectedClass = c;
- }
-
- @Override
- public void checkPermission(Permission perm) {
- if (perm.getClass() != expectedClass)
- throw new RuntimeException("Got: " + perm.getClass() + ", expected: " + expectedClass);
- super.checkPermission(perm);
- }
- }
-
- public static void main(String[] args) {
- MySecurityManager sm = new MySecurityManager(AllPermission.class);
-
- try {
- sm.checkAwtEventQueueAccess();
- throw new RuntimeException("SecurityException expected");
- } catch (SecurityException expected) { }
-
- try {
- sm.checkSystemClipboardAccess();
- throw new RuntimeException("SecurityException expected");
- } catch (SecurityException expected) { }
-
- try {
- sm.checkTopLevelWindow(null);
- throw new RuntimeException("NullPointException expected");
- } catch (NullPointerException expected) { }
-
- if (sm.checkTopLevelWindow(new Object())) {
- throw new RuntimeException("checkTopLevelWindow expected to return false");
- }
-
- try {
- sm.checkMemberAccess(Object.class, java.lang.reflect.Member.DECLARED);
- throw new RuntimeException("SecurityException expected");
- } catch (SecurityException expected) { }
-
- try {
- sm.checkMemberAccess(null, java.lang.reflect.Member.DECLARED);
- throw new RuntimeException("NullPointerException expected");
- } catch (NullPointerException expected) { }
- }
-}