RFR: 8344855: Remove calls to SecurityManager and doPrivileged in HTTP related implementation classes in the sun.net and sun.net.www.http packages after JEP 486 integration

[Daniel Fuchs]

On Fri, 22 Nov 2024 14:09:34 GMT, Volkan Yazıcı <duke at openjdk.org> wrote:

>> Some further cleaning in the legacy HTTP implementation. 
>> Usual removal of doPrivileged, GetPropertyAction, checkPermission, etc...
>> 
>> I also took the opportunity to also remove some constructors that were never called in the legacy HttpClient, and to fix some throws signatures.
>
> src/java.base/share/classes/sun/net/www/http/KeepAliveStreamCleaner.java line 65:
> 
>> 63:     static {
>> 64:         final String maxDataKey = "http.KeepAlive.remainingData";
>> 65:         MAX_DATA_REMAINING = NetProperties.getInteger(maxDataKey, 512) * 1024;
> 
> I don't know the context, but `Math.multiplyExact()` can be a safer alternative.

What happens if we overflow is that we will not try to discard any data from the keep alive stream, exactly as if a negative or zero value had been provided. That said, the KeepAliveStream compares that with `expected`, which is a long, so `MAX_DATA_REMAINING` should really be a long, not an int, and given that the property value is an int, that would prevent any overflow. I might just do that.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/22321#discussion_r1854044210