RFR: JDK-8318854: [macos14] Running any AWT app prints Secure coding warning

Kevin Rushforth kcr at openjdk.org
Thu Nov 9 20:18:58 UTC 2023 

On Wed, 8 Nov 2023 19:49:48 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:

> With Xcode upgraded to 14.3.1 for macOS builds secure coding warning message was seen in the logs as below:
> 
> "WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES."
> 
> which requires AppDelegate to explicitly implement applicationSupportsSecureRestorableState() to return true as mentioned here in [Apple Release notes](https://developer.apple.com/documentation/macos-release-notes/appkit-release-notes-for-macos-14#Restorable-State).
> 
> While investigating JFX embedded scenario (Swing components in FX window) another issue observed was that the AWT was overriding the FX delegate causing the app to crash in certain scenarios. This issue is also being fixed in this PR and also as part of [JDK-8319669](https://bugs.openjdk.org/browse/JDK-8319669) , https://github.com/openjdk/jfx/pull/1280.
> 
> The fix for JDK-8318854 involves:
> 
> - implementing applicationSupportsSecureRestorableState() in ApplicationDelegate.m & QueuingApplicationDelegate.m to return YES  by default, unless the env var - **AWT_DISABLE_NSDELEGATE_SECURE_SAVE**  is defined.
> 
> - Fix added to stop AWT toolkit from overriding a delegate set by another NSApplication by default. There is an option to restore the old behavior by defining the env var - **AWT_OVERRIDE_NSDELEGATE**.
> 
> - Null checks are added for shared delegate in the unforeseen case where it could be null and cause issues in AWTWindow.m, CMenuBar.m, ApplicationDelegate.m
> 
> 
> **PLEASE NOTE !!**  The environment variables being added as part of this fix are for debugging only and should NOT be used for application purpose. As such they will NOT be documented.

The code changes look good. So does my testing.

I tested all four combinations of:

(JDK 22 with & without the fix in this PR) X (JavaFX 22 with & without the fix in PR [jfx#1280](https://github.com/openjdk/jfx/pull/1280))

I ran the following tests with each of the above four combinations on macOS 13 and macOS 14:

* Pure Swing app -- AWT toolkit creates NSApplication (FX toolkit not started)
* JFXPanel app -- AWT toolkit creates NSApplication
* Pure JavaFX app --FX toolkit creates NSApplication (AWT toolkit not started)
* SwingNode app -- FX toolkit creates NSApplication

Everything works as expected.

For the macOS 14 specific problems:

* The secure warning is gone for Swing apps (the first two test apps) when running a JDK 22 with this patch, regardless of whether or not FX has the fix
* The secure warning is gone for JavaFX apps (the last two test apps) when running a JavaFX 22 with the patch for[jfx#1280](https://github.com/openjdk/jfx/pull/1280), regardless of whether or not the JDK has the fix
* The NSMenu assertion error reported in [JDK-8318129](https://bugs.openjdk.org/browse/JDK-8318129) is gone when running either the patched JDK or the patched FX (or both)

-------------

Marked as reviewed by kcr (Author).

PR Review: https://git.openjdk.org/jdk/pull/16569#pullrequestreview-1723423580

More information about the client-libs-dev mailing list