RFR: 8186535: Remove deprecated pre-1.2 SecurityManager methods and fields
Alan Bateman
Alan.Bateman at oracle.com
Wed Nov 22 14:59:28 UTC 2017
On 22/11/2017 14:37, Sean Mullan wrote:
> Please review this change to remove the pre-JDK 1.2 SecurityManager
> methods that have been deprecated since JDK 1.2 and marked for removal
> in JDK 9. These methods are fragile, error-prone and have been
> obsolete since the SecurityManager was revamped in JDK 1.2. The
> methods to be removed are: getInCheck, classDepth, classLoaderDepth,
> currentClassLoader, currentLoadedClass, inClass, and inClassLoader.
>
> In addition, the deprecated and error-prone checkMemberAccess method
> (which was deprecated in JDK 8 and marked for removal in JDK 9) has
> been changed to throw SecurityException if the caller has not been
> granted AllPermission. This makes the method less likely it will be
> used incorrectly while still allowing some more time before it is
> removed.
>
> http://cr.openjdk.java.net/~mullan/webrevs/8186535/webrev.00/
This mostly looks good.
Does the stack walker created in AppletSecurity need to be done in a
privileged block? If this is just the mouldy appletviewer tool then
ignore my comment.
A minor comment is that the <code> is legacy and we've been using {@code
...} for recent changes. We changed some of these methods to use {@code
...} when we degraded them in JDK 9. Also NoAWT probably isn't the right
place to test checkMemberAccess. If the test is renamed and the
description changed then it would be okay.
-Alan
More information about the security-dev
mailing list