<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 11/22/17 6:37 AM, Sean Mullan wrote:<br>
</div>
<blockquote type="cite"
cite="mid:b6060907-d23d-cd5b-2970-6c77258119d4@oracle.com">Please
review this change to remove the pre-JDK 1.2 SecurityManager
methods that have been deprecated since JDK 1.2 and marked for
removal in JDK 9. These methods are fragile, error-prone and have
been obsolete since the SecurityManager was revamped in JDK 1.2.
The methods to be removed are: getInCheck, classDepth,
classLoaderDepth, currentClassLoader, currentLoadedClass, inClass,
and inClassLoader.
<br>
<br>
In addition, the deprecated and error-prone checkMemberAccess
method (which was deprecated in JDK 8 and marked for removal in
JDK 9) has been changed to throw SecurityException if the caller
has not been granted AllPermission. This makes the method less
likely it will be used incorrectly while still allowing some more
time before it is removed.
<br>
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~mullan/webrevs/8186535/webrev.00/">http://cr.openjdk.java.net/~mullan/webrevs/8186535/webrev.00/</a>
<br>
<br>
</blockquote>
<br>
src/java.desktop/share/classes/sun/applet/AppletSecurity.java<br>
111 private static final StackWalker walker =<br>
112 StackWalker.getInstance(RETAIN_CLASS_REFERENCE);<br>
<br>
This call will do a stack-based permission check. So it needs to be
wrapped with doPrivileged.<br>
<br>
Otherwise, looks fine.<br>
<br>
Just to mention this: AppletSecurity does not really need the
currentClassLoader method.
AppletSecurity::currentAppletClassLoader could be reimplemented to
use StackWalker to walk the stack once (replacing the call to
currentClassLoader and getClassContext) to find AppletClassLoader.
OTOH it does not worth making more change since applets are going
away.<br>
<br>
Mandy<br>
</body>
</html>