stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8191139: Remove deprecated javax.security.auth.Policy API

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Weijun Wang 2018-03-08 12:20:26 +08:00
parent 68b1b6c580
commit 50484af54b
6 changed files with 6 additions and 1795 deletions
src/java.base/share/classes
javax/security/auth
AuthPermission.javaPolicy.javaSubjectDomainCombiner.java
sun/security
provider
AuthPolicyFile.javaPolicyFile.java
util
Resources.java

19
src/java.base/share/classes/javax/security/auth/AuthPermission.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,7 +32,7 @@ package javax.security.auth;
*
* <p> The target name is the name of a security configuration parameter
* (see below). Currently the {@code AuthPermission} object is used to
* guard access to the {@link Policy}, {@link Subject},
* guard access to the {@link Subject},
* {@link javax.security.auth.login.LoginContext}, and
* {@link javax.security.auth.login.Configuration} objects.
*
@ -121,21 +121,6 @@ package javax.security.auth;
* {@code LoginContext}.
* </pre>
*
* <p> {@code javax.security.auth.Policy} has been
* deprecated in favor of {@code java.security.Policy}.
* Therefore, the following target names have also been deprecated:
*
* <pre>
* getPolicy - allow the caller to retrieve the system-wide
* Subject-based access control policy.
*
* setPolicy - allow the caller to set the system-wide
* Subject-based access control policy.
*
* refreshPolicy - allow the caller to refresh the system-wide
* Subject-based access control policy.
* </pre>
*
* @implNote
* Implementations may define additional target names, but should use naming
* conventions such as reverse domain name notation to avoid name clashes.

356
src/java.base/share/classes/javax/security/auth/Policy.java

@ -1,356 +0,0 @@
/*
* Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.security.auth;
import java.security.Security;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Objects;
import sun.security.util.Debug;
/**
* <p> This is an abstract class for representing the system policy for
* Subject-based authorization. A subclass implementation
* of this class provides a means to specify a Subject-based
* access control {@code Policy}.
*
* <p> A {@code Policy} object can be queried for the set of
* Permissions granted to code running as a
* {@code Principal} in the following manner:
*
* <pre>
* policy = Policy.getPolicy();
* PermissionCollection perms = policy.getPermissions(subject,
* codeSource);
* </pre>
*
* The {@code Policy} object consults the local policy and returns
* and appropriate {@code Permissions} object with the
* Permissions granted to the Principals associated with the
* provided {@code subject}, and granted to the code specified
* by the provided {@code codeSource}.
*
* <p> A {@code Policy} contains the following information.
* Note that this example only represents the syntax for the default
* {@code Policy} implementation. Subclass implementations of this class
* may implement alternative syntaxes and may retrieve the
* {@code Policy} from any source such as files, databases,
* or servers.
*
* <p> Each entry in the {@code Policy} is represented as
* a <b><i>grant</i></b> entry. Each <b><i>grant</i></b> entry
* specifies a codebase, code signers, and Principals triplet,
* as well as the Permissions granted to that triplet.
*
* <pre>
* grant CodeBase ["URL"], Signedby ["signers"],
* Principal [Principal_Class] "Principal_Name" {
* Permission Permission_Class ["Target_Name"]
* [, "Permission_Actions"]
* [, signedBy "SignerName"];
* };
* </pre>
*
* The CodeBase and Signedby components of the triplet name/value pairs
* are optional. If they are not present, then any codebase will match,
* and any signer (including unsigned code) will match.
* For Example,
*
* <pre>
* grant CodeBase "foo.com", Signedby "foo",
* Principal com.sun.security.auth.UnixPrincipal "duke" {
* permission java.io.FilePermission "/home/duke", "read, write";
* };
* </pre>
*
* This <b><i>grant</i></b> entry specifies that code from "foo.com",
* signed by "foo', and running as a {@code UnixPrincipal} with the
* name, duke, has one {@code Permission}. This {@code Permission}
* permits the executing code to read and write files in the directory,
* "/home/duke".
*
* <p> To "run" as a particular {@code Principal},
* code invokes the {@code Subject.doAs(subject, ...)} method.
* After invoking that method, the code runs as all the Principals
* associated with the specified {@code Subject}.
* Note that this {@code Policy} (and the Permissions
* granted in this {@code Policy}) only become effective
* after the call to {@code Subject.doAs} has occurred.
*
* <p> Multiple Principals may be listed within one <b><i>grant</i></b> entry.
* All the Principals in the grant entry must be associated with
* the {@code Subject} provided to {@code Subject.doAs}
* for that {@code Subject} to be granted the specified Permissions.
*
* <pre>
* grant Principal com.sun.security.auth.UnixPrincipal "duke",
* Principal com.sun.security.auth.UnixNumericUserPrincipal "0" {
* permission java.io.FilePermission "/home/duke", "read, write";
* permission java.net.SocketPermission "duke.com", "connect";
* };
* </pre>
*
* This entry grants any code running as both "duke" and "0"
* permission to read and write files in duke's home directory,
* as well as permission to make socket connections to "duke.com".
*
* <p> Note that non Principal-based grant entries are not permitted
* in this {@code Policy}. Therefore, grant entries such as:
*
* <pre>
* grant CodeBase "foo.com", Signedby "foo" {
* permission java.io.FilePermission "/tmp/scratch", "read, write";
* };
* </pre>
*
* are rejected. Such permission must be listed in the
* {@code java.security.Policy}.
*
* <p> The default {@code Policy} implementation can be changed by
* setting the value of the {@code auth.policy.provider} security property to
* the fully qualified name of the desired {@code Policy} implementation class.
*
* @deprecated Replaced by java.security.Policy.
* java.security.Policy has a method:
* <pre>
* public PermissionCollection getPermissions
* (java.security.ProtectionDomain pd)
*
* </pre>
* and ProtectionDomain has a constructor:
* <pre>
* public ProtectionDomain
* (CodeSource cs,
* PermissionCollection permissions,
* ClassLoader loader,
* Principal[] principals)
* </pre>
*
* These two APIs provide callers the means to query the
* Policy for Principal-based Permission entries.
* This class is subject to removal in a future version of Java SE.
*
* @since 1.4
* @see java.security.Security security properties
*/
@Deprecated(since="1.4", forRemoval=true)
public abstract class Policy {
private static Policy policy;
private static final String AUTH_POLICY =
"sun.security.provider.AuthPolicyFile";
private final java.security.AccessControlContext acc =
java.security.AccessController.getContext();
// true if a custom (not AUTH_POLICY) system-wide policy object is set
private static boolean isCustomPolicy;
/**
* Sole constructor. (For invocation by subclass constructors, typically
* implicit.)
*/
protected Policy() { }
/**
* Returns the installed Policy object.
* This method first calls
* {@code SecurityManager.checkPermission} with the
* {@code AuthPermission("getPolicy")} permission
* to ensure the caller has permission to get the Policy object.
*
* @return the installed Policy. The return value cannot be
* {@code null}.
*
* @exception java.lang.SecurityException if the current thread does not
* have permission to get the Policy object.
*
* @see #setPolicy
*/
public static Policy getPolicy() {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(new AuthPermission("getPolicy"));
return getPolicyNoCheck();
}
/**
* Returns the installed Policy object, skipping the security check.
*
* @return the installed Policy.
*
*/
static Policy getPolicyNoCheck() {
if (policy == null) {
synchronized(Policy.class) {
if (policy == null) {
String policy_class = null;
policy_class = AccessController.doPrivileged
(new PrivilegedAction<String>() {
public String run() {
return java.security.Security.getProperty
("auth.policy.provider");
}
});
if (policy_class == null) {
policy_class = AUTH_POLICY;
}
try {
final String finalClass = policy_class;
Policy untrustedImpl = AccessController.doPrivileged(
new PrivilegedExceptionAction<Policy>() {
public Policy run() throws ClassNotFoundException,
InstantiationException,
IllegalAccessException {
Class<? extends Policy> implClass = Class.forName(
finalClass, false,
Thread.currentThread().getContextClassLoader()
).asSubclass(Policy.class);
return implClass.newInstance();
}
});
AccessController.doPrivileged(
new PrivilegedExceptionAction<Void>() {
public Void run() {
setPolicy(untrustedImpl);
isCustomPolicy = !finalClass.equals(AUTH_POLICY);
return null;
}
}, Objects.requireNonNull(untrustedImpl.acc)
);
} catch (Exception e) {
throw new SecurityException
(sun.security.util.ResourcesMgr.getString
("unable.to.instantiate.Subject.based.policy"));
}
}
}
}
return policy;
}
/**
* Sets the system-wide Policy object. This method first calls
* {@code SecurityManager.checkPermission} with the
* {@code AuthPermission("setPolicy")}
* permission to ensure the caller has permission to set the Policy.
*
* @param policy the new system Policy object.
*
* @exception java.lang.SecurityException if the current thread does not
* have permission to set the Policy.
*
* @see #getPolicy
*/
public static void setPolicy(Policy policy) {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
Policy.policy = policy;
// all non-null policy objects are assumed to be custom
isCustomPolicy = policy != null ? true : false;
}
/**
* Returns true if a custom (not AUTH_POLICY) system-wide policy object
* has been set or installed. This method is called by
* SubjectDomainCombiner to provide backwards compatibility for
* developers that provide their own javax.security.auth.Policy
* implementations.
*
* @return true if a custom (not AUTH_POLICY) system-wide policy object
* has been set; false otherwise
*/
static boolean isCustomPolicySet(Debug debug) {
if (policy != null) {
if (debug != null && isCustomPolicy) {
debug.println("Providing backwards compatibility for " +
"javax.security.auth.policy implementation: " +
policy.toString());
}
return isCustomPolicy;
}
// check if custom policy has been set using auth.policy.provider prop
String policyClass = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<String>() {
public String run() {
return Security.getProperty("auth.policy.provider");
}
});
if (policyClass != null && !policyClass.equals(AUTH_POLICY)) {
if (debug != null) {
debug.println("Providing backwards compatibility for " +
"javax.security.auth.policy implementation: " +
policyClass);
}
return true;
}
return false;
}
/**
* Retrieve the Permissions granted to the Principals associated with
* the specified {@code CodeSource}.
*
* @param subject the {@code Subject}
* whose associated Principals,
* in conjunction with the provided
* {@code CodeSource}, determines the Permissions
* returned by this method. This parameter
* may be {@code null}.
*
* @param cs the code specified by its {@code CodeSource}
* that determines, in conjunction with the provided
* {@code Subject}, the Permissions
* returned by this method. This parameter may be
* {@code null}.
*
* @return the Collection of Permissions granted to all the
* {@code Subject} and code specified in
* the provided <i>subject</i> and <i>cs</i>
* parameters.
*/
public abstract java.security.PermissionCollection getPermissions
(Subject subject,
java.security.CodeSource cs);
/**
* Refresh and reload the Policy.
*
* <p>This method causes this object to refresh/reload its current
* Policy. This is implementation-dependent.
* For example, if the Policy object is stored in
* a file, calling {@code refresh} will cause the file to be re-read.
*
* @exception SecurityException if the caller does not have permission
* to refresh the Policy.
*/
public abstract void refresh();
}

181
src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,13 +26,9 @@
package javax.security.auth;
import java.security.AccessController;
import java.security.Permission;
import java.security.Permissions;
import java.security.PermissionCollection;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
import java.util.Set;
import java.util.WeakHashMap;
import java.lang.ref.WeakReference;
@ -56,15 +52,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
sun.security.util.Debug.getInstance("combiner",
"\t[SubjectDomainCombiner]");
@SuppressWarnings({"deprecation", "removal"})
// Note: check only at classloading time, not dynamically during combine()
private static final boolean useJavaxPolicy =
javax.security.auth.Policy.isCustomPolicySet(debug);
// Relevant only when useJavaxPolicy is true
private static final boolean allowCaching =
(useJavaxPolicy && cachePolicy());
/**
* Associate the provided {@code Subject} with this
* {@code SubjectDomainCombiner}.
@ -196,12 +183,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
return null;
}
// maintain backwards compatibility for developers who provide
// their own custom javax.security.auth.Policy implementations
if (useJavaxPolicy) {
return combineJavaxPolicy(currentDomains, assignedDomains);
}
int cLen = (currentDomains == null ? 0 : currentDomains.length);
int aLen = (assignedDomains == null ? 0 : assignedDomains.length);
@ -292,151 +273,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
}
}
/**
* Use the javax.security.auth.Policy implementation
*/
private ProtectionDomain[] combineJavaxPolicy(
ProtectionDomain[] currentDomains,
ProtectionDomain[] assignedDomains) {
if (!allowCaching) {
java.security.AccessController.doPrivileged
(new PrivilegedAction<Void>() {
@SuppressWarnings({"deprecation", "removal"})
public Void run() {
// Call refresh only caching is disallowed
javax.security.auth.Policy.getPolicy().refresh();
return null;
}
});
}
int cLen = (currentDomains == null ? 0 : currentDomains.length);
int aLen = (assignedDomains == null ? 0 : assignedDomains.length);
// the ProtectionDomains for the new AccessControlContext
// that we will return
ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];
synchronized(cachedPDs) {
if (!subject.isReadOnly() &&
!subject.getPrincipals().equals(principalSet)) {
// if the Subject was mutated, clear the PD cache
Set<Principal> newSet = subject.getPrincipals();
synchronized(newSet) {
principalSet = new java.util.HashSet<Principal>(newSet);
}
principals = principalSet.toArray
(new Principal[principalSet.size()]);
cachedPDs.clear();
if (debug != null) {
debug.println("Subject mutated - clearing cache");
}
}
for (int i = 0; i < cLen; i++) {
ProtectionDomain pd = currentDomains[i];
ProtectionDomain subjectPd = cachedPDs.getValue(pd);
if (subjectPd == null) {
if (pd.staticPermissionsOnly()) {
// keep static ProtectionDomain objects static
subjectPd = pd;
} else {
// XXX
// we must first add the original permissions.
// that way when we later add the new JAAS permissions,
// any unresolved JAAS-related permissions will
// automatically get resolved.
// get the original perms
Permissions perms = new Permissions();
PermissionCollection coll = pd.getPermissions();
java.util.Enumeration<Permission> e;
if (coll != null) {
synchronized (coll) {
e = coll.elements();
while (e.hasMoreElements()) {
Permission newPerm =
e.nextElement();
perms.add(newPerm);
}
}
}
// get perms from the policy
final java.security.CodeSource finalCs = pd.getCodeSource();
final Subject finalS = subject;
PermissionCollection newPerms =
java.security.AccessController.doPrivileged
(new PrivilegedAction<PermissionCollection>() {
@SuppressWarnings({"deprecation", "removal"})
public PermissionCollection run() {
return
javax.security.auth.Policy.getPolicy().getPermissions
(finalS, finalCs);
}
});
// add the newly granted perms,
// avoiding duplicates
synchronized (newPerms) {
e = newPerms.elements();
while (e.hasMoreElements()) {
Permission newPerm = e.nextElement();
if (!perms.implies(newPerm)) {
perms.add(newPerm);
if (debug != null)
debug.println (
"Adding perm " + newPerm + "\n");
}
}
}
subjectPd = new ProtectionDomain
(finalCs, perms, pd.getClassLoader(), principals);
}
if (allowCaching)
cachedPDs.putValue(pd, subjectPd);
}
newDomains[i] = subjectPd;
}
}
if (debug != null) {
debug.println("updated current: ");
for (int i = 0; i < cLen; i++) {
debug.println("\tupdated[" + i + "] = " + newDomains[i]);
}
}
// now add on the assigned domains
if (aLen > 0) {
System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);
}
if (debug != null) {
if (newDomains == null || newDomains.length == 0) {
debug.println("returning null");
} else {
debug.println("combinedDomains: ");
for (int i = 0; i < newDomains.length; i++) {
debug.println("newDomain " + i + ": " +
newDomains[i].toString());
}
}
}
// return the new ProtectionDomains
if (newDomains == null || newDomains.length == 0) {
return null;
} else {
return newDomains;
}
}
private static ProtectionDomain[] optimize(ProtectionDomain[] domains) {
if (domains == null || domains.length == 0)
return null;
@ -476,21 +312,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
return ((num == 0 || optimized.length == 0) ? null : optimized);
}
private static boolean cachePolicy() {
String s = AccessController.doPrivileged
(new PrivilegedAction<String>() {
public String run() {
return Security.getProperty("cache.auth.policy");
}
});
if (s != null) {
return Boolean.parseBoolean(s);
}
// cache by default
return true;
}
private static void printInputDomains(ProtectionDomain[] currentDomains,
ProtectionDomain[] assignedDomains) {
if (currentDomains == null || currentDomains.length == 0) {

1197
src/java.base/share/classes/sun/security/provider/AuthPolicyFile.java

File diff suppressed because it is too large Load Diff

43
src/java.base/share/classes/sun/security/provider/PolicyFile.java

@ -51,13 +51,6 @@ import sun.net.www.ParseUtil;
* This class represents a default Policy implementation for the
* "JavaPolicy" type.
*
* Note:
* For backward compatibility with JAAS 1.0 it loads
* both java.auth.policy and java.policy. However, it
* is recommended that java.auth.policy not be used
* and that java.policy contain all grant entries including
* those that contain principal-based entries.
*
* <p> This object stores the policy for the entire Java runtime,
* and is the amalgamation of multiple static policy
* configurations that resides in files.
@ -75,17 +68,13 @@ import sun.net.www.ParseUtil;
* are needed in order for the runtime to operate correctly.
* <li>
* Loop through the <code>java.security.Security</code> properties,
* <i>policy.url.1</i>, <i>policy.url.2</i>, ...,
* <i>policy.url.X</i>" and
* <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
* <i>auth.policy.url.X</i>". These properties are set
* and <i>policy.url.1</i>, <i>policy.url.2</i>, ...,
* <i>policy.url.X</i>". These properties are set
* in the Java security properties file, which is located in the file named
* &lt;JAVA_HOME&gt;/conf/security/java.security.
* Each property value specifies a <code>URL</code> pointing to a
* policy file to be loaded. Read in and load each policy.
*
* <i>auth.policy.url</i> is supported only for backward compatibility.
*
* If none of these could be loaded, use a builtin static policy
* equivalent to the conf/security/java.policy file.
*
@ -98,21 +87,7 @@ import sun.net.www.ParseUtil;
* <i>policy.allowSystemProperty</i> is set to <i>true</i>),
* also load that policy.
*
* <li>
* The <code>java.lang.System</code> property
* <i>java.security.auth.policy</i> may also be set to a
* <code>URL</code> pointing to another policy file
* (which is the case when a user uses the -D switch at runtime).
* If this property is defined, and its use is allowed by the
* security property file (the Security property,
* <i>policy.allowSystemProperty</i> is set to <i>true</i>),
* also load that policy.
*
* <i>java.security.auth.policy</i> is supported only for backward
* compatibility.
*
* If the <i>java.security.policy</i> or
* <i>java.security.auth.policy</i> property is defined using
* If the <i>java.security.policy</i> property is defined using
* "==" (rather than "="), then load the specified policy file and ignore
* all other configured policies. Note, that the default.policy file is
* also loaded, as specified in the first step of the algorithm above.
@ -269,8 +244,6 @@ public class PolicyFile extends java.security.Policy {
"javax.security.auth.x500.X500Principal";
private static final String POLICY = "java.security.policy";
private static final String POLICY_URL = "policy.url.";
private static final String AUTH_POLICY = "java.security.auth.policy";
private static final String AUTH_POLICY_URL = "auth.policy.url.";
private static final int DEFAULT_CACHE_SIZE = 1;
@ -411,14 +384,6 @@ public class PolicyFile extends java.security.Policy {
/**
* Caller did not specify URL via Policy.getInstance.
* Read from URLs listed in the java.security properties file.
*
* We call initPolicyFile with POLICY, POLICY_URL and then
* call it with AUTH_POLICY and AUTH_POLICY_URL.
* So first we will process the JAVA standard policy
* and then process the JAVA AUTH Policy.
* This is for backward compatibility as well as to handle
* cases where the user has a single unified policyfile
* with both java policy entries and auth entries
*/
boolean loaded_one = initPolicyFile(POLICY, POLICY_URL, newInfo);
@ -428,8 +393,6 @@ public class PolicyFile extends java.security.Policy {
// use static policy if all else fails
initStaticPolicy(newInfo);
}
initPolicyFile(AUTH_POLICY, AUTH_POLICY_URL, newInfo);
}
}

5
src/java.base/share/classes/sun/security/util/Resources.java

@ -150,11 +150,6 @@ public class Resources extends java.util.ListResourceBundle {
// sun.security.pkcs11.SunPKCS11
{"PKCS11.Token.providerName.Password.",
"PKCS11 Token [{0}] Password: "},
/* --- DEPRECATED --- */
// javax.security.auth.Policy
{"unable.to.instantiate.Subject.based.policy",
"unable to instantiate Subject-based policy"}
};