8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission
Sean Mullan
sean.mullan at oracle.com
Wed Dec 11 16:16:04 UTC 2013
On 12/10/2013 08:51 AM, Alan Bateman wrote:
>
> In JDK 8 we deprecated the JDK 1.1-era SecurityManager methods
> checkTopLevelWindow, checkSystemClipboard and
> checkAccessAwtEventQueueAccess with a warning that they would be changed
> in a future release to check AllPermission. At the same time we changed
> the java.awt.Window and Toolkit methods to use checkPermission directly
> so that the legacy methods aren't used. The motive for all this is
> modules of course and the strong desire to remove the dependency on
> java.awt.AWTPermission.
>
> I'd like to get the second phase of this work into JDK 9 early to give
> every opportunity to find any potential issues. The second phase of this
> work changes the SecurityManager methods to check AllPermission and
> updates the implementation to remove the reflection hackery that was
> used to allow this code work without AWT being present (something that
> was needed for the profiles build).
>
> The webrev with the changes is here:
> http://cr.openjdk.java.net/~alanb/8029886/webrev/
>
> The main thing that I'd like to get agreement on is the wording for the
> updated methods and also agreement from the AWT group to move the
> permission constants to a new class sun.awt.AWTPermissions.
The code changes and suggested wording for the updated methods look fine
to me. Please add a release-note=yes label to the issue. The permissions
security guide will also need to be updated with the new behavior of
these methods:
http://download.java.net/jdk8/docs/technotes/guides/security/permissions.html#PermsAndMethods
-- I suggest adding a comment indicating that so we remember to update
the docs as part of writing the release notes task.
--Sean
More information about the security-dev
mailing list