RFR: 8267485: Remove the dependency on SecurityManager in JceSecurityManager.java [v7]

Mandy Chung mchung at openjdk.java.net
Tue Jul 27 03:55:31 UTC 2021


On Tue, 27 Jul 2021 02:50:54 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:

>> The JceSecurityManager is currently a subclass of java.security.SecurityManager.  Now that JEP 411 has been integrated, this class should be updated to no longer subclass SecurityManager.
>> 
>> The only reason for using SecurityManager to easily get the Class Context (call stack), but we can achieve the same effect by using the JDK 9 API java.lang.StackWalkeer.  None of the other SecurityManager API are used.
>> 
>> I have run mach5 tier1/tier2 plus --test jck:api/java_security,jck:api/javax_crypto,jck:api/javax_net,jck:api/javax_security,jck:api/org_ietf,jck:api/javax_xml/crypto with all green.
>
> Bradford Wetmore has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Additional codereview comments

Looks good with some minor comments.

src/java.base/share/classes/javax/crypto/JceSecurityManager.java line 76:

> 74:         StackWalker dummyWalker = AccessController.doPrivileged(
> 75:                 (PrivilegedAction<StackWalker>) (() -> StackWalker.getInstance(
> 76:                         Option.RETAIN_CLASS_REFERENCE)));

An alternative is to declare a local variable of `PrivilegedAction<StackWalker>` to avoid the cast:


   PrivilegedAction<StackWalker> pa =
               () -> StackWalker.getInstance(Option.RETAIN_CLASS_REFERENCE);
   StackWalker dummyWalker = AccessController.doPrivileged(pa);

src/java.base/share/classes/javax/crypto/JceSecurityManager.java line 114:

> 112:                     return (callerCodeBase != null) ?
> 113:                             getCryptoPermissionFromURL(callerCodeBase,
> 114:                                     alg, defaultPerm) : defaultPerm;})

nit: the line break at ":" would make it easier to read than breaking at `arg`.

-------------

Marked as reviewed by mchung (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/4150



More information about the security-dev mailing list