<AWT Dev> 8029886: Change SecurityManager check{TopLevelWindow, SystemClipboardAccessAwtEventQueueAccess} to check AllPermission

Phil Race philip.race at oracle.com
Tue Dec 10 19:20:51 UTC 2013

 > was trusted to bring up a top-level winodw. It no longer has a use

What's a winodw ? :-)

"It no longer has a use" suggests it does nothing so might be better 
phrased as
"no longer the recommended or sole way to perform this check and is 
superseded by .. "

Is there a CCC for this ? It seems that there's a compatibility impact
on permissions required if you don't/can't change your code, and on your
code if you want to keep the same permissions.


On 12/10/2013 5:51 AM, Alan Bateman wrote:
> In JDK 8 we deprecated the JDK 1.1-era SecurityManager methods 
> checkTopLevelWindow, checkSystemClipboard and 
> checkAccessAwtEventQueueAccess with a warning that they would be 
> changed in a future release to check AllPermission. At the same time 
> we changed the java.awt.Window and Toolkit methods to use 
> checkPermission directly so that the legacy methods aren't used. The 
> motive for all this is modules of course and the strong desire to 
> remove the dependency on java.awt.AWTPermission.
> I'd like to get the second phase of this work into JDK 9 early to give 
> every opportunity to find any potential issues. The second phase of 
> this work changes the SecurityManager methods to check AllPermission 
> and updates the implementation to remove the reflection hackery that 
> was used to allow this code work without AWT being present (something 
> that was needed for the profiles build).
> The webrev with the changes is here:
>   http://cr.openjdk.java.net/~alanb/8029886/webrev/
> The main thing that I'd like to get agreement on is the wording for 
> the updated methods and also agreement from the AWT group to move the 
> permission constants to a new class sun.awt.AWTPermissions.
> -Alan.

More information about the core-libs-dev mailing list