RFR: 8186535: Remove deprecated pre-1.2 SecurityManager methods and fields

Sean Mullan sean.mullan at oracle.com
Wed Nov 29 15:03:58 UTC 2017

On 11/28/17 2:41 PM, mandy chung wrote:
> On 11/22/17 6:37 AM, Sean Mullan wrote:
>> Please review this change to remove the pre-JDK 1.2 SecurityManager 
>> methods that have been deprecated since JDK 1.2 and marked for removal 
>> in JDK 9. These methods are fragile, error-prone and have been 
>> obsolete since the SecurityManager was revamped in JDK 1.2. The 
>> methods to be removed are: getInCheck, classDepth, classLoaderDepth, 
>> currentClassLoader, currentLoadedClass, inClass, and inClassLoader.
>> In addition, the deprecated and error-prone checkMemberAccess method 
>> (which was deprecated in JDK 8 and marked for removal in JDK 9) has 
>> been changed to throw SecurityException if the caller has not been 
>> granted AllPermission. This makes the method less likely it will be 
>> used incorrectly while still allowing some more time before it is 
>> removed.
>> http://cr.openjdk.java.net/~mullan/webrevs/8186535/webrev.00/
> src/java.desktop/share/classes/sun/applet/AppletSecurity.java
>   111     private static final StackWalker walker =
>   112         StackWalker.getInstance(RETAIN_CLASS_REFERENCE);
> This call will do a stack-based permission check.  So it needs to be 
> wrapped with doPrivileged.

Yes, Alan had the same comment. I have wrapped it in doPrivileged.

> Otherwise, looks fine.
> Just to mention this:  AppletSecurity does not really need the 
> currentClassLoader method. AppletSecurity::currentAppletClassLoader 
> could be reimplemented to use StackWalker to walk the stack once 
> (replacing the call to currentClassLoader and getClassContext) to find 
> AppletClassLoader. OTOH it does not worth making more change since 
> applets are going away.

Ok. Good point though.


More information about the security-dev mailing list