RFR: 8267485: Remove the dependency on SecurityManager in JceSecurityManager.java [v7]
Mandy Chung
mchung at openjdk.java.net
Tue Jul 27 03:55:31 UTC 2021
On Tue, 27 Jul 2021 02:50:54 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> The JceSecurityManager is currently a subclass of java.security.SecurityManager. Now that JEP 411 has been integrated, this class should be updated to no longer subclass SecurityManager.
>>
>> The only reason for using SecurityManager to easily get the Class Context (call stack), but we can achieve the same effect by using the JDK 9 API java.lang.StackWalkeer. None of the other SecurityManager API are used.
>>
>> I have run mach5 tier1/tier2 plus --test jck:api/java_security,jck:api/javax_crypto,jck:api/javax_net,jck:api/javax_security,jck:api/org_ietf,jck:api/javax_xml/crypto with all green.
>
> Bradford Wetmore has updated the pull request incrementally with one additional commit since the last revision:
>
> Additional codereview comments
Looks good with some minor comments.
src/java.base/share/classes/javax/crypto/JceSecurityManager.java line 76:
> 74: StackWalker dummyWalker = AccessController.doPrivileged(
> 75: (PrivilegedAction<StackWalker>) (() -> StackWalker.getInstance(
> 76: Option.RETAIN_CLASS_REFERENCE)));
An alternative is to declare a local variable of `PrivilegedAction<StackWalker>` to avoid the cast:
PrivilegedAction<StackWalker> pa =
() -> StackWalker.getInstance(Option.RETAIN_CLASS_REFERENCE);
StackWalker dummyWalker = AccessController.doPrivileged(pa);
src/java.base/share/classes/javax/crypto/JceSecurityManager.java line 114:
> 112: return (callerCodeBase != null) ?
> 113: getCryptoPermissionFromURL(callerCodeBase,
> 114: alg, defaultPerm) : defaultPerm;})
nit: the line break at ":" would make it easier to read than breaking at `arg`.
-------------
Marked as reviewed by mchung (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/4150
More information about the security-dev
mailing list