RFR: 8186535: Remove deprecated pre-1.2 SecurityManager methods and fields
Sean Mullan
sean.mullan at oracle.com
Wed Nov 29 15:03:58 UTC 2017
On 11/28/17 2:41 PM, mandy chung wrote:
>
>
> On 11/22/17 6:37 AM, Sean Mullan wrote:
>> Please review this change to remove the pre-JDK 1.2 SecurityManager
>> methods that have been deprecated since JDK 1.2 and marked for removal
>> in JDK 9. These methods are fragile, error-prone and have been
>> obsolete since the SecurityManager was revamped in JDK 1.2. The
>> methods to be removed are: getInCheck, classDepth, classLoaderDepth,
>> currentClassLoader, currentLoadedClass, inClass, and inClassLoader.
>>
>> In addition, the deprecated and error-prone checkMemberAccess method
>> (which was deprecated in JDK 8 and marked for removal in JDK 9) has
>> been changed to throw SecurityException if the caller has not been
>> granted AllPermission. This makes the method less likely it will be
>> used incorrectly while still allowing some more time before it is
>> removed.
>>
>> http://cr.openjdk.java.net/~mullan/webrevs/8186535/webrev.00/
>>
>
> src/java.desktop/share/classes/sun/applet/AppletSecurity.java
> 111 private static final StackWalker walker =
> 112 StackWalker.getInstance(RETAIN_CLASS_REFERENCE);
>
> This call will do a stack-based permission check. So it needs to be
> wrapped with doPrivileged.
Yes, Alan had the same comment. I have wrapped it in doPrivileged.
> Otherwise, looks fine.
>
> Just to mention this: AppletSecurity does not really need the
> currentClassLoader method. AppletSecurity::currentAppletClassLoader
> could be reimplemented to use StackWalker to walk the stack once
> (replacing the call to currentClassLoader and getClassContext) to find
> AppletClassLoader. OTOH it does not worth making more change since
> applets are going away.
Ok. Good point though.
--Sean
More information about the hotspot-dev
mailing list