8008981: Deprecate SecurityManager checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess
Reviewed-by: anthony, art, mchung
--- a/jdk/src/macosx/classes/sun/lwawt/LWToolkit.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/macosx/classes/sun/lwawt/LWToolkit.java Wed Sep 04 11:40:23 2013 +0100
@@ -38,6 +38,7 @@
import sun.awt.*;
import sun.lwawt.macosx.*;
import sun.print.*;
+import sun.security.util.SecurityConstants;
public abstract class LWToolkit extends SunToolkit implements Runnable {
@@ -502,7 +503,7 @@
public Clipboard getSystemClipboard() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
- security.checkSystemClipboardAccess();
+ security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
synchronized (this) {
--- a/jdk/src/share/classes/java/awt/TextComponent.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/share/classes/java/awt/TextComponent.java Wed Sep 04 11:40:23 2013 +0100
@@ -35,6 +35,7 @@
import javax.swing.text.AttributeSet;
import javax.accessibility.*;
import java.awt.im.InputMethodRequests;
+import sun.security.util.SecurityConstants;
/**
* The <code>TextComponent</code> class is the superclass of
@@ -728,7 +729,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm == null) return true;
try {
- sm.checkSystemClipboardAccess();
+ sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
return true;
} catch (SecurityException e) {}
return false;
--- a/jdk/src/share/classes/java/awt/Toolkit.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/share/classes/java/awt/Toolkit.java Wed Sep 04 11:40:23 2013 +0100
@@ -1270,12 +1270,8 @@
* <p>
* Each actual implementation of this method should first check if there
* is a security manager installed. If there is, the method should call
- * the security manager's <code>checkSystemClipboardAccess</code> method
- * to ensure it's ok to to access the system clipboard. If the default
- * implementation of <code>checkSystemClipboardAccess</code> is used (that
- * is, that method is not overriden), then this results in a call to the
- * security manager's <code>checkPermission</code> method with an <code>
- * AWTPermission("accessClipboard")</code> permission.
+ * the security manager's {@link SecurityManager#checkPermission
+ * checkPermission} method to check {@code AWTPermission("accessClipboard")}.
*
* @return the system Clipboard
* @exception HeadlessException if GraphicsEnvironment.isHeadless()
@@ -1318,14 +1314,9 @@
* system selection <code>Clipboard</code> as described above.
* <p>
* Each actual implementation of this method should first check if there
- * is a <code>SecurityManager</code> installed. If there is, the method
- * should call the <code>SecurityManager</code>'s
- * <code>checkSystemClipboardAccess</code> method to ensure that client
- * code has access the system selection. If the default implementation of
- * <code>checkSystemClipboardAccess</code> is used (that is, if the method
- * is not overridden), then this results in a call to the
- * <code>SecurityManager</code>'s <code>checkPermission</code> method with
- * an <code>AWTPermission("accessClipboard")</code> permission.
+ * is a security manager installed. If there is, the method should call
+ * the security manager's {@link SecurityManager#checkPermission
+ * checkPermission} method to check {@code AWTPermission("accessClipboard")}.
*
* @return the system selection as a <code>Clipboard</code>, or
* <code>null</code> if the native platform does not support a
@@ -1699,25 +1690,20 @@
* therefore not assume that the EventQueue instance returned
* by this method will be shared by other applets or the system.
*
- * <p>First, if there is a security manager, its
- * <code>checkAwtEventQueueAccess</code>
- * method is called.
- * If the default implementation of <code>checkAwtEventQueueAccess</code>
- * is used (that is, that method is not overriden), then this results in
- * a call to the security manager's <code>checkPermission</code> method
- * with an <code>AWTPermission("accessEventQueue")</code> permission.
+ * <p> If there is a security manager then its
+ * {@link SecurityManager#checkPermission checkPermission} method
+ * is called to check {@code AWTPermission("accessEventQueue")}.
*
* @return the <code>EventQueue</code> object
* @throws SecurityException
- * if a security manager exists and its <code>{@link
- * java.lang.SecurityManager#checkAwtEventQueueAccess}</code>
- * method denies access to the <code>EventQueue</code>
+ * if a security manager is set and it denies access to
+ * the {@code EventQueue}
* @see java.awt.AWTPermission
*/
public final EventQueue getSystemEventQueue() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
- security.checkAwtEventQueueAccess();
+ security.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
}
return getSystemEventQueueImpl();
}
--- a/jdk/src/share/classes/java/awt/Window.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/share/classes/java/awt/Window.java Wed Sep 04 11:40:23 2013 +0100
@@ -195,10 +195,9 @@
/**
* This represents the warning message that is
* to be displayed in a non secure window. ie :
- * a window that has a security manager installed for
- * which calling SecurityManager.checkTopLevelWindow()
- * is false. This message can be displayed anywhere in
- * the window.
+ * a window that has a security manager installed that denies
+ * {@code AWTPermission("showWindowWithoutWarningBanner")}.
+ * This message can be displayed anywhere in the window.
*
* @serial
* @see #getWarningString
@@ -417,11 +416,10 @@
* Constructs a new, initially invisible window in default size with the
* specified {@code GraphicsConfiguration}.
* <p>
- * If there is a security manager, this method first calls
- * the security manager's {@code checkTopLevelWindow}
- * method with {@code this}
- * as its argument to determine whether or not the window
- * must be displayed with a warning banner.
+ * If there is a security manager, then it is invoked to check
+ * {@code AWTPermission("showWindowWithoutWarningBanner")}
+ * to determine whether or not the window must be displayed with
+ * a warning banner.
*
* @param gc the {@code GraphicsConfiguration} of the target screen
* device. If {@code gc} is {@code null}, the system default
@@ -432,7 +430,6 @@
* {@code GraphicsEnvironment.isHeadless()} returns {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
- * @see java.lang.SecurityManager#checkTopLevelWindow
*/
Window(GraphicsConfiguration gc) {
init(gc);
@@ -511,25 +508,16 @@
/**
* Constructs a new, initially invisible window in the default size.
- *
- * <p>First, if there is a security manager, its
- * {@code checkTopLevelWindow}
- * method is called with {@code this}
- * as its argument
- * to see if it's ok to display the window without a warning banner.
- * If the default implementation of {@code checkTopLevelWindow}
- * is used (that is, that method is not overriden), then this results in
- * a call to the security manager's {@code checkPermission} method
- * with an {@code AWTPermission("showWindowWithoutWarningBanner")}
- * permission. It that method raises a SecurityException,
- * {@code checkTopLevelWindow} returns false, otherwise it
- * returns true. If it returns false, a warning banner is created.
+ * <p>
+ * If there is a security manager set, it is invoked to check
+ * {@code AWTPermission("showWindowWithoutWarningBanner")}.
+ * If that check fails with a {@code SecurityException} then a warning
+ * banner is created.
*
* @exception HeadlessException when
* {@code GraphicsEnvironment.isHeadless()} returns {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
- * @see java.lang.SecurityManager#checkTopLevelWindow
*/
Window() throws HeadlessException {
GraphicsEnvironment.checkHeadless();
@@ -541,11 +529,10 @@
* {@code Frame} as its owner. The window will not be focusable
* unless its owner is showing on the screen.
* <p>
- * If there is a security manager, this method first calls
- * the security manager's {@code checkTopLevelWindow}
- * method with {@code this}
- * as its argument to determine whether or not the window
- * must be displayed with a warning banner.
+ * If there is a security manager set, it is invoked to check
+ * {@code AWTPermission("showWindowWithoutWarningBanner")}.
+ * If that check fails with a {@code SecurityException} then a warning
+ * banner is created.
*
* @param owner the {@code Frame} to act as owner or {@code null}
* if this window has no owner
@@ -555,7 +542,6 @@
* {@code GraphicsEnvironment.isHeadless} returns {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
- * @see java.lang.SecurityManager#checkTopLevelWindow
* @see #isShowing
*/
public Window(Frame owner) {
@@ -570,11 +556,10 @@
* unless its nearest owning {@code Frame} or {@code Dialog}
* is showing on the screen.
* <p>
- * If there is a security manager, this method first calls
- * the security manager's {@code checkTopLevelWindow}
- * method with {@code this}
- * as its argument to determine whether or not the window
- * must be displayed with a warning banner.
+ * If there is a security manager set, it is invoked to check
+ * {@code AWTPermission("showWindowWithoutWarningBanner")}.
+ * If that check fails with a {@code SecurityException} then a
+ * warning banner is created.
*
* @param owner the {@code Window} to act as owner or
* {@code null} if this window has no owner
@@ -585,7 +570,6 @@
* {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
- * @see java.lang.SecurityManager#checkTopLevelWindow
* @see #isShowing
*
* @since 1.2
@@ -603,11 +587,10 @@
* its nearest owning {@code Frame} or {@code Dialog}
* is showing on the screen.
* <p>
- * If there is a security manager, this method first calls
- * the security manager's {@code checkTopLevelWindow}
- * method with {@code this}
- * as its argument to determine whether or not the window
- * must be displayed with a warning banner.
+ * If there is a security manager set, it is invoked to check
+ * {@code AWTPermission("showWindowWithoutWarningBanner")}. If that
+ * check fails with a {@code SecurityException} then a warning banner
+ * is created.
*
* @param owner the window to act as owner or {@code null}
* if this window has no owner
@@ -621,7 +604,6 @@
* {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
- * @see java.lang.SecurityManager#checkTopLevelWindow
* @see GraphicsConfiguration#getBounds
* @see #isShowing
* @since 1.3
@@ -1362,10 +1344,9 @@
* Gets the warning string that is displayed with this window.
* If this window is insecure, the warning string is displayed
* somewhere in the visible area of the window. A window is
- * insecure if there is a security manager, and the security
- * manager's {@code checkTopLevelWindow} method returns
- * {@code false} when this window is passed to it as an
- * argument.
+ * insecure if there is a security manager and the security
+ * manager denies
+ * {@code AWTPermission("showWindowWithoutWarningBanner")}.
* <p>
* If the window is secure, then {@code getWarningString}
* returns {@code null}. If the window is insecure, this
@@ -1373,7 +1354,6 @@
* {@code awt.appletWarning}
* and returns the string value of that property.
* @return the warning string for this window.
- * @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
*/
public final String getWarningString() {
return warningString;
@@ -1383,10 +1363,12 @@
warningString = null;
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- if (!sm.checkTopLevelWindow(this)) {
+ try {
+ sm.checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION);
+ } catch (SecurityException se) {
// make sure the privileged action is only
// for getting the property! We don't want the
- // above checkTopLevelWindow call to always succeed!
+ // above checkPermission call to always succeed!
warningString = AccessController.doPrivileged(
new GetPropertyAction("awt.appletWarning",
"Java Applet Window"));
--- a/jdk/src/share/classes/java/awt/event/InputEvent.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/share/classes/java/awt/event/InputEvent.java Wed Sep 04 11:40:23 2013 +0100
@@ -33,6 +33,7 @@
import sun.awt.AWTAccessor;
import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
/**
* The root event class for all component-level input events.
@@ -350,7 +351,7 @@
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
- sm.checkSystemClipboardAccess();
+ sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
b = true;
} catch (SecurityException se) {
if (logger.isLoggable(PlatformLogger.Level.FINE)) {
--- a/jdk/src/share/classes/java/lang/SecurityManager.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/share/classes/java/lang/SecurityManager.java Wed Sep 04 11:40:23 2013 +0100
@@ -1336,9 +1336,16 @@
* top-level windows; <code>false</code> otherwise.
* @exception NullPointerException if the <code>window</code> argument is
* <code>null</code>.
+ * @deprecated The dependency on {@code AWTPermission} creates an
+ * impediment to future modularization of the Java platform.
+ * Users of this method should instead invoke
+ * {@link #checkPermission} directly.
+ * This method will be changed in a future release to check
+ * the permission {@code java.security.AllPermission}.
* @see java.awt.Window
* @see #checkPermission(java.security.Permission) checkPermission
*/
+ @Deprecated
public boolean checkTopLevelWindow(Object window) {
if (window == null) {
throw new NullPointerException("window can't be null");
@@ -1398,8 +1405,15 @@
* @since JDK1.1
* @exception SecurityException if the calling thread does not have
* permission to access the system clipboard.
+ * @deprecated The dependency on {@code AWTPermission} creates an
+ * impediment to future modularization of the Java platform.
+ * Users of this method should instead invoke
+ * {@link #checkPermission} directly.
+ * This method will be changed in a future release to check
+ * the permission {@code java.security.AllPermission}.
* @see #checkPermission(java.security.Permission) checkPermission
*/
+ @Deprecated
public void checkSystemClipboardAccess() {
Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION;
if (perm == null) {
@@ -1427,8 +1441,15 @@
* @since JDK1.1
* @exception SecurityException if the calling thread does not have
* permission to access the AWT event queue.
+ * @deprecated The dependency on {@code AWTPermission} creates an
+ * impediment to future modularization of the Java platform.
+ * Users of this method should instead invoke
+ * {@link #checkPermission} directly.
+ * This method will be changed in a future release to check
+ * the permission {@code java.security.AllPermission}.
* @see #checkPermission(java.security.Permission) checkPermission
*/
+ @Deprecated
public void checkAwtEventQueueAccess() {
Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION;
if (perm == null) {
--- a/jdk/src/share/classes/sun/applet/AppletSecurity.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/share/classes/sun/applet/AppletSecurity.java Wed Sep 04 11:40:23 2013 +0100
@@ -314,7 +314,7 @@
// If we're about to allow access to the main EventQueue,
// and anything untrusted is on the class context stack,
// disallow access.
- super.checkAwtEventQueueAccess();
+ super.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
}
} // checkAwtEventQueueAccess()
--- a/jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java Wed Sep 04 11:40:23 2013 +0100
@@ -57,6 +57,7 @@
import sun.awt.SunToolkit;
import sun.awt.datatransfer.DataTransferer;
import sun.awt.datatransfer.ToolkitThreadBlockedHandler;
+import sun.security.util.SecurityConstants;
/**
* <p>
@@ -225,7 +226,7 @@
SecurityManager sm = System.getSecurityManager();
try {
if (!dropInProcess && sm != null) {
- sm.checkSystemClipboardAccess();
+ sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
} catch (Exception e) {
Thread currentThread = Thread.currentThread();
--- a/jdk/src/share/classes/sun/swing/SwingUtilities2.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/share/classes/sun/swing/SwingUtilities2.java Wed Sep 04 11:40:23 2013 +0100
@@ -1184,7 +1184,7 @@
canAccess = true;
} else {
try {
- sm.checkSystemClipboardAccess();
+ sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
canAccess = true;
} catch (SecurityException e) {
}
--- a/jdk/src/solaris/classes/sun/awt/X11/XToolkit.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/solaris/classes/sun/awt/X11/XToolkit.java Wed Sep 04 11:40:23 2013 +0100
@@ -54,6 +54,7 @@
import sun.security.action.GetPropertyAction;
import sun.security.action.GetBooleanAction;
import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
public final class XToolkit extends UNIXToolkit implements Runnable {
private static final PlatformLogger log = PlatformLogger.getLogger("sun.awt.X11.XToolkit");
@@ -1152,7 +1153,7 @@
public Clipboard getSystemClipboard() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
- security.checkSystemClipboardAccess();
+ security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
synchronized (this) {
if (clipboard == null) {
@@ -1165,7 +1166,7 @@
public Clipboard getSystemSelection() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
- security.checkSystemClipboardAccess();
+ security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
synchronized (this) {
if (selection == null) {
--- a/jdk/src/windows/classes/sun/awt/windows/WToolkit.java Wed Sep 04 09:34:25 2013 +0200
+++ b/jdk/src/windows/classes/sun/awt/windows/WToolkit.java Wed Sep 04 11:40:23 2013 +0100
@@ -64,6 +64,7 @@
import sun.font.SunFontManager;
import sun.misc.PerformanceLogger;
import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
public class WToolkit extends SunToolkit implements Runnable {
@@ -681,7 +682,7 @@
public Clipboard getSystemClipboard() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
- security.checkSystemClipboardAccess();
+ security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
synchronized (this) {
if (clipboard == null) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/awt/security/Permissions.java Wed Sep 04 11:40:23 2013 +0100
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @bug 8008981
+ * @summary Test that selected Toolkit and Window methods/constructors do
+ * the appropriate permission check
+ * @run main/othervm Permissions
+ */
+
+import java.awt.AWTPermission;
+import java.awt.Frame;
+import java.awt.GraphicsConfiguration;
+import java.awt.Toolkit;
+import java.awt.Window;
+import java.util.ArrayList;
+import java.util.List;
+import java.security.Permission;
+
+public class Permissions {
+
+ static class MySecurityManager extends SecurityManager {
+ private List<Permission> permissionsChecked = new ArrayList<>();
+
+ static MySecurityManager install() {
+ MySecurityManager sm = new MySecurityManager();
+ System.setSecurityManager(sm);
+ return sm;
+ }
+
+ @Override
+ public void checkPermission(Permission perm) {
+ permissionsChecked.add(perm);
+ }
+
+ void prepare(String msg) {
+ System.out.println(msg);
+ permissionsChecked.clear();
+ }
+
+ /**
+ * Checks the security manager's checkPermission method was invoked
+ * to check the given permission and target name.
+ */
+ void assertChecked(Class<? extends Permission> type, String name) {
+ for (Permission perm: permissionsChecked) {
+ if (type.isInstance(perm) && perm.getName().equals(name))
+ return;
+ }
+ throw new RuntimeException(type.getName() + "(\"" + name + "\") not checked");
+ }
+ }
+
+ public static void main(String[] args) {
+ MySecurityManager sm = MySecurityManager.install();
+
+ Toolkit toolkit = Toolkit.getDefaultToolkit();
+
+ sm.prepare("Toolkit.getSystemClipboard()");
+ toolkit.getSystemClipboard();
+ sm.assertChecked(AWTPermission.class, "accessClipboard");
+
+ sm.prepare("Toolkit.getSystemEventQueue()");
+ toolkit.getSystemEventQueue();
+ sm.assertChecked(AWTPermission.class, "accessEventQueue");
+
+ sm.prepare("Toolkit.getSystemSelection()");
+ toolkit.getSystemSelection();
+ //sm.assertChecked(AWTPermission.class, "accessClipboard");
+
+ sm.prepare("Window(Frame)");
+ new Window((Frame)null);
+ sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+
+ sm.prepare("Window(Window)");
+ new Window((Window)null);
+ sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+
+ sm.prepare("Window(Window,GraphicsConfiguration)");
+ new Window((Window)null, (GraphicsConfiguration)null);
+ sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+ }
+}