8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission

Sean Mullan sean.mullan at oracle.com
Wed Dec 11 16:16:04 UTC 2013


On 12/10/2013 08:51 AM, Alan Bateman wrote:
>
> In JDK 8 we deprecated the JDK 1.1-era SecurityManager methods
> checkTopLevelWindow, checkSystemClipboard and
> checkAccessAwtEventQueueAccess with a warning that they would be changed
> in a future release to check AllPermission. At the same time we changed
> the java.awt.Window and Toolkit methods to use checkPermission directly
> so that the legacy methods aren't used. The motive for all this is
> modules of course and the strong desire to remove the dependency on
> java.awt.AWTPermission.
>
> I'd like to get the second phase of this work into JDK 9 early to give
> every opportunity to find any potential issues. The second phase of this
> work changes the SecurityManager methods to check AllPermission and
> updates the implementation to remove the reflection hackery that was
> used to allow this code work without AWT being present (something that
> was needed for the profiles build).
>
> The webrev with the changes is here:
>    http://cr.openjdk.java.net/~alanb/8029886/webrev/
>
> The main thing that I'd like to get agreement on is the wording for the
> updated methods and also agreement from the AWT group to move the
> permission constants to a new class sun.awt.AWTPermissions.

The code changes and suggested wording for the updated methods look fine 
to me. Please add a release-note=yes label to the issue. The permissions 
security guide will also need to be updated with the new behavior of 
these methods: 
http://download.java.net/jdk8/docs/technotes/guides/security/permissions.html#PermsAndMethods 
-- I suggest adding a comment indicating that so we remember to update 
the docs as part of writing the release notes task.

--Sean





More information about the security-dev mailing list