RFR: 8344366: Remove Security Manager dependencies from javax.net.ssl and sun.security.ssl packages
Alexey Bakhtin
abakhtin at openjdk.org
Thu Nov 21 22:01:28 UTC 2024
On Thu, 21 Nov 2024 18:29:24 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> Now that JEP 486 has been integrated, the `javax.net.ssl` and `sun.security.ssl` package implementation dependencies on `System.getSecurityManager`, `AccessController.doPrivileged` and `AccessControlContext` can be removed.
>
> Most of the changes are straightforward: removal of code calling `System.getSecurityManager()` and unwrapping of code inside `AccessController.doPrivileged`. However, two changes involved slightly more complicated work:
>
> 1. `sun.security.ssl.SSLConfiguration` no longer needs to capture the access control context of `javax.net.ssl.HandshakeCompletedListener` objects, which means it can store the listeners in a `HashSet` instead of a `HashMap`.
> 2. `sun.security.ssl.SSLSessionImpl` (which implements `javax.net.ssl.SSLSession`) does not need to store attributes based on access control contexts anymore, which means it can store the keys as Strings instead of one that combines the key and the access control context.
> 3. `sun.security.ssl.TransportContext` does not need to capture the access control context anymore.
src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java line 72:
> 70: * security property to the desired algorithm name.
> 71: *
> 72: * @see java.security.Security security properties
it looks like unnecessary API changes here
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22301#discussion_r1852961637
More information about the net-dev
mailing list