From 65c98e577f72bfe544d7e6b5e9d1568667d208fa Mon Sep 17 00:00:00 2001 From: Sean Mullan <mullan@openjdk.org> Date: Tue, 26 Nov 2024 17:24:22 +0000 Subject: [PATCH] 8344420: Remove Security Manager dependencies from javax.security package Reviewed-by: alanb, rriggs, wetmore --- .../classes/com/sun/security/ntlm/NTLM.java | 7 +- .../classes/javax/security/auth/Subject.java | 308 ++---------------- .../security/auth/SubjectDomainCombiner.java | 22 +- .../security/auth/login/Configuration.java | 89 +---- .../security/auth/login/LoginContext.java | 181 ++-------- .../javax/security/cert/X509Certificate.java | 16 +- .../Configuration/GetInstanceConfigSpi.java | 19 +- .../Configuration/GetInstanceProvider.java | 12 +- .../login/LoginContext/ConfigConstructor.java | 9 +- .../auth/login/LoginContext/LCTest.java | 22 +- 10 files changed, 86 insertions(+), 599 deletions(-) diff --git a/src/java.base/share/classes/com/sun/security/ntlm/NTLM.java b/src/java.base/share/classes/com/sun/security/ntlm/NTLM.java index 241756b69e2..7413abf5da4 100644 --- a/src/java.base/share/classes/com/sun/security/ntlm/NTLM.java +++ b/src/java.base/share/classes/com/sun/security/ntlm/NTLM.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,8 +25,6 @@ package com.sun.security.ntlm; -import sun.security.action.GetBooleanAction; - import static com.sun.security.ntlm.Version.*; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -57,8 +55,7 @@ class NTLM { private final MessageDigest md4; private final Mac hmac; private final MessageDigest md5; - private static final boolean DEBUG - = GetBooleanAction.privilegedGetProperty("ntlm.debug"); + private static final boolean DEBUG = Boolean.getBoolean("ntlm.debug"); final Version v; diff --git a/src/java.base/share/classes/javax/security/auth/Subject.java b/src/java.base/share/classes/javax/security/auth/Subject.java index 303abe49538..97ab672e1cc 100644 --- a/src/java.base/share/classes/javax/security/auth/Subject.java +++ b/src/java.base/share/classes/javax/security/auth/Subject.java @@ -237,12 +237,6 @@ public final class Subject implements java.io.Serializable { * it can not be reset to being writable again. */ public void setReadOnly() { - @SuppressWarnings("removal") - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION); - } - this.readOnly = true; } @@ -305,7 +299,6 @@ public final class Subject implements java.io.Serializable { * @see #callAs(Subject, Callable) * @since 18 */ - @SuppressWarnings("removal") public static Subject current() { return SCOPED_SUBJECT.orElse(null); } @@ -375,16 +368,10 @@ public final class Subject implements java.io.Serializable { * * @see #callAs(Subject, Callable) */ - @SuppressWarnings("removal") @Deprecated(since="18", forRemoval=true) public static <T> T doAs(final Subject subject, final java.security.PrivilegedAction<T> action) { - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION); - } - Objects.requireNonNull(action, ResourcesMgr.getString("invalid.null.action.provided")); @@ -441,17 +428,11 @@ public final class Subject implements java.io.Serializable { * * @see #callAs(Subject, Callable) */ - @SuppressWarnings("removal") @Deprecated(since="18", forRemoval=true) public static <T> T doAs(final Subject subject, final java.security.PrivilegedExceptionAction<T> action) throws java.security.PrivilegedActionException { - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION); - } - Objects.requireNonNull(action, ResourcesMgr.getString("invalid.null.action.provided")); @@ -514,11 +495,6 @@ public final class Subject implements java.io.Serializable { final java.security.PrivilegedAction<T> action, final java.security.AccessControlContext acc) { - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION); - } - Objects.requireNonNull(action, ResourcesMgr.getString("invalid.null.action.provided")); @@ -585,11 +561,6 @@ public final class Subject implements java.io.Serializable { final java.security.AccessControlContext acc) throws java.security.PrivilegedActionException { - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION); - } - Objects.requireNonNull(action, ResourcesMgr.getString("invalid.null.action.provided")); @@ -609,25 +580,6 @@ public final class Subject implements java.io.Serializable { } } - @SuppressWarnings("removal") - private static AccessControlContext createContext(final Subject subject, - final AccessControlContext acc) { - - - return java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<>() { - public AccessControlContext run() { - if (subject == null) { - return new AccessControlContext(acc, null); - } else { - return new AccessControlContext - (acc, - new SubjectDomainCombiner(subject)); - } - } - }); - } - /** * Return the {@code Set} of Principals associated with this * {@code Subject}. Each {@code Principal} represents @@ -713,14 +665,6 @@ public final class Subject implements java.io.Serializable { */ public Set<Object> getPrivateCredentials() { - // XXX - // we do not need a security check for - // AuthPermission(getPrivateCredentials) - // because we already restrict access to private credentials - // via the PrivateCredentialPermission. all the extra AuthPermission - // would do is protect the set operations themselves - // (like size()), which don't seem security-sensitive. - // always return an empty Set instead of null // so LoginModules can add to the Set if necessary return privCredentials; @@ -782,14 +726,6 @@ public final class Subject implements java.io.Serializable { */ public <T> Set<T> getPrivateCredentials(Class<T> c) { - // XXX - // we do not need a security check for - // AuthPermission(getPrivateCredentials) - // because we already restrict access to private credentials - // via the PrivateCredentialPermission. all the extra AuthPermission - // would do is protect the set operations themselves - // (like size()), which don't seem security-sensitive. - Objects.requireNonNull(c, ResourcesMgr.getString("invalid.null.Class.provided")); @@ -857,15 +793,6 @@ public final class Subject implements java.io.Serializable { */ @Override public String toString() { - return toString(true); - } - - /** - * package private convenience method to print out the Subject - * without firing off a security check when trying to access - * the Private Credentials - */ - String toString(boolean includePrivateCredentials) { String s = ResourcesMgr.getString("Subject."); String suffix = ""; @@ -885,21 +812,19 @@ public final class Subject implements java.io.Serializable { } } - if (includePrivateCredentials) { - synchronized(privCredentials) { - Iterator<Object> pI = privCredentials.iterator(); - while (pI.hasNext()) { - try { - Object o = pI.next(); - suffix += ResourcesMgr.getString - (".Private.Credential.") + - o.toString() + - ResourcesMgr.getString("NEWLINE"); - } catch (SecurityException se) { - suffix += ResourcesMgr.getString - (".Private.Credential.inaccessible."); - break; - } + synchronized(privCredentials) { + Iterator<Object> pI = privCredentials.iterator(); + while (pI.hasNext()) { + try { + Object o = pI.next(); + suffix += ResourcesMgr.getString + (".Private.Credential.") + + o.toString() + + ResourcesMgr.getString("NEWLINE"); + } catch (SecurityException se) { + suffix += ResourcesMgr.getString + (".Private.Credential.inaccessible."); + break; } } } @@ -1091,22 +1016,6 @@ public final class Subject implements java.io.Serializable { } public E next() { - if (which != Subject.PRIV_CREDENTIAL_SET) { - return i.next(); - } - - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - try { - sm.checkPermission(new PrivateCredentialPermission - (list.get(i.nextIndex()).getClass().getName(), - subject.getPrincipals())); - } catch (SecurityException se) { - i.next(); - throw (se); - } - } return i.next(); } @@ -1117,21 +1026,6 @@ public final class Subject implements java.io.Serializable { ("Subject.is.read.only")); } - @SuppressWarnings("removal") - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - switch (which) { - case Subject.PRINCIPAL_SET: - sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION); - break; - case Subject.PUB_CREDENTIAL_SET: - sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION); - break; - default: - sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION); - break; - } - } i.remove(); } }; @@ -1147,22 +1041,6 @@ public final class Subject implements java.io.Serializable { (ResourcesMgr.getString("Subject.is.read.only")); } - @SuppressWarnings("removal") - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - switch (which) { - case Subject.PRINCIPAL_SET: - sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION); - break; - case Subject.PUB_CREDENTIAL_SET: - sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION); - break; - default: - sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION); - break; - } - } - switch (which) { case Subject.PRINCIPAL_SET: if (!(o instanceof Principal)) { @@ -1180,10 +1058,9 @@ public final class Subject implements java.io.Serializable { return elements.add(o); else { return false; - } + } } - @SuppressWarnings("removal") public boolean remove(Object o) { Objects.requireNonNull(o, @@ -1191,17 +1068,7 @@ public final class Subject implements java.io.Serializable { final Iterator<E> e = iterator(); while (e.hasNext()) { - E next; - if (which != Subject.PRIV_CREDENTIAL_SET) { - next = e.next(); - } else { - next = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<E>() { - public E run() { - return e.next(); - } - }); - } + E next = e.next(); if (next.equals(o)) { e.remove(); @@ -1211,7 +1078,6 @@ public final class Subject implements java.io.Serializable { return false; } - @SuppressWarnings("removal") public boolean contains(Object o) { Objects.requireNonNull(o, @@ -1219,30 +1085,7 @@ public final class Subject implements java.io.Serializable { final Iterator<E> e = iterator(); while (e.hasNext()) { - E next; - if (which != Subject.PRIV_CREDENTIAL_SET) { - next = e.next(); - } else { - - // For private credentials: - // If the caller does not have read permission - // for o.getClass(), we throw a SecurityException. - // Otherwise, we check the private cred set to see whether - // it contains the Object - - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new PrivateCredentialPermission - (o.getClass().getName(), - subject.getPrincipals())); - } - next = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<E>() { - public E run() { - return e.next(); - } - }); - } + E next = e.next(); if (next.equals(o)) { return true; @@ -1263,24 +1106,13 @@ public final class Subject implements java.io.Serializable { return result; } - @SuppressWarnings("removal") public boolean removeAll(Collection<?> c) { c = collectionNullClean(c); boolean modified = false; final Iterator<E> e = iterator(); while (e.hasNext()) { - E next; - if (which != Subject.PRIV_CREDENTIAL_SET) { - next = e.next(); - } else { - next = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<E>() { - public E run() { - return e.next(); - } - }); - } + E next = e.next(); for (Object o : c) { if (next.equals(o)) { @@ -1305,24 +1137,13 @@ public final class Subject implements java.io.Serializable { return true; } - @SuppressWarnings("removal") public boolean retainAll(Collection<?> c) { c = collectionNullClean(c); boolean modified = false; final Iterator<E> e = iterator(); while (e.hasNext()) { - E next; - if (which != Subject.PRIV_CREDENTIAL_SET) { - next = e.next(); - } else { - next = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<E>() { - public E run() { - return e.next(); - } - }); - } + E next = e.next(); if (c.contains(next) == false) { e.remove(); @@ -1333,21 +1154,10 @@ public final class Subject implements java.io.Serializable { return modified; } - @SuppressWarnings("removal") public void clear() { final Iterator<E> e = iterator(); while (e.hasNext()) { - E next; - if (which != Subject.PRIV_CREDENTIAL_SET) { - next = e.next(); - } else { - next = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<E>() { - public E run() { - return e.next(); - } - }); - } + E next = e.next(); e.remove(); } } @@ -1357,30 +1167,10 @@ public final class Subject implements java.io.Serializable { } public Object[] toArray() { - final Iterator<E> e = iterator(); - while (e.hasNext()) { - // The next() method performs a security manager check - // on each element in the SecureSet. If we make it all - // the way through we should be able to simply return - // element's toArray results. Otherwise, we'll let - // the SecurityException pass up the call stack. - e.next(); - } - return elements.toArray(); } public <T> T[] toArray(T[] a) { - final Iterator<E> e = iterator(); - while (e.hasNext()) { - // The next() method performs a security manager check - // on each element in the SecureSet. If we make it all - // the way through we should be able to simply return - // element's toArray results. Otherwise, we'll let - // the SecurityException pass up the call stack. - e.next(); - } - return elements.toArray(a); } @@ -1425,13 +1215,6 @@ public final class Subject implements java.io.Serializable { private void writeObject(java.io.ObjectOutputStream oos) throws java.io.IOException { - if (which == Subject.PRIV_CREDENTIAL_SET) { - // check permissions before serializing - Iterator<E> i = iterator(); - while (i.hasNext()) { - i.next(); - } - } ObjectOutputStream.PutField fields = oos.putFields(); fields.put("this$0", subject); fields.put("elements", elements); @@ -1490,7 +1273,7 @@ public final class Subject implements java.io.Serializable { } } - @SuppressWarnings({"removal","unchecked"}) /*To suppress warning from line 1374*/ + @SuppressWarnings("unchecked") private void populateSet() { final Iterator<?> iterator; switch(which) { @@ -1505,34 +1288,10 @@ public final class Subject implements java.io.Serializable { break; } - // Check whether the caller has permission to get - // credentials of Class c - while (iterator.hasNext()) { - Object next; - if (which == Subject.PRIV_CREDENTIAL_SET) { - next = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<>() { - public Object run() { - return iterator.next(); - } - }); - } else { - next = iterator.next(); - } + Object next = iterator.next(); if (c.isAssignableFrom(next.getClass())) { - if (which != Subject.PRIV_CREDENTIAL_SET) { - set.add((T)next); - } else { - // Check permission for private creds - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new PrivateCredentialPermission - (next.getClass().getName(), - Subject.this.getPrincipals())); - } - set.add((T)next); - } + set.add((T)next); } } } @@ -1560,27 +1319,4 @@ public final class Subject implements java.io.Serializable { return set.add(o); } } - - static final class AuthPermissionHolder { - static final AuthPermission DO_AS_PERMISSION = - new AuthPermission("doAs"); - - static final AuthPermission DO_AS_PRIVILEGED_PERMISSION = - new AuthPermission("doAsPrivileged"); - - static final AuthPermission SET_READ_ONLY_PERMISSION = - new AuthPermission("setReadOnly"); - - static final AuthPermission GET_SUBJECT_PERMISSION = - new AuthPermission("getSubject"); - - static final AuthPermission MODIFY_PRINCIPALS_PERMISSION = - new AuthPermission("modifyPrincipals"); - - static final AuthPermission MODIFY_PUBLIC_CREDENTIALS_PERMISSION = - new AuthPermission("modifyPublicCredentials"); - - static final AuthPermission MODIFY_PRIVATE_CREDENTIALS_PERMISSION = - new AuthPermission("modifyPrivateCredentials"); - } } diff --git a/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java b/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java index 222976051c8..bab2c5b9da9 100644 --- a/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java +++ b/src/java.base/share/classes/javax/security/auth/SubjectDomainCombiner.java @@ -25,9 +25,7 @@ package javax.security.auth; -import java.security.AccessController; import java.security.Principal; -import java.security.PrivilegedAction; import java.security.ProtectionDomain; import java.util.Set; import java.util.WeakHashMap; @@ -84,11 +82,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner { * {@code SubjectDomainCombiner}. */ public Subject getSubject() { - java.lang.SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new AuthPermission - ("getSubjectFromDomainCombiner")); - } return subject; } @@ -144,14 +137,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner { if (subject == null) { debug.println("null subject"); } else { - final Subject s = subject; - AccessController.doPrivileged - (new java.security.PrivilegedAction<Void>() { - public Void run() { - debug.println(s.toString()); - return null; - } - }); + debug.println(subject.toString()); } printInputDomains(currentDomains, assignedDomains); } @@ -349,11 +335,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner { if (pd == null) { return "null"; } - return AccessController.doPrivileged(new PrivilegedAction<String>() { - public String run() { - return pd.toString(); - } - }); + return pd.toString(); } /** diff --git a/src/java.base/share/classes/javax/security/auth/login/Configuration.java b/src/java.base/share/classes/javax/security/auth/login/Configuration.java index b46a671e6d3..bebf5f6901a 100644 --- a/src/java.base/share/classes/javax/security/auth/login/Configuration.java +++ b/src/java.base/share/classes/javax/security/auth/login/Configuration.java @@ -25,12 +25,6 @@ package javax.security.auth.login; -import javax.security.auth.AuthPermission; - -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.security.PrivilegedExceptionAction; -import java.security.PrivilegedActionException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Provider; @@ -190,19 +184,6 @@ public abstract class Configuration { private static Configuration configuration; - @SuppressWarnings("removal") - private final java.security.AccessControlContext acc = - java.security.AccessController.getContext(); - - private static void checkPermission(String type) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new AuthPermission - ("createLoginConfiguration." + type)); - } - } - /** * Sole constructor. (For invocation by subclass constructors, typically * implicit.) @@ -219,64 +200,29 @@ public abstract class Configuration { * * @see #setConfiguration */ - @SuppressWarnings("removal") public static Configuration getConfiguration() { - SecurityManager sm = System.getSecurityManager(); - if (sm != null) - sm.checkPermission(new AuthPermission("getLoginConfiguration")); - synchronized (Configuration.class) { if (configuration == null) { - String config_class = null; - config_class = AccessController.doPrivileged - (new PrivilegedAction<>() { - public String run() { - return java.security.Security.getProperty - ("login.configuration.provider"); - } - }); + String config_class = Security.getProperty + ("login.configuration.provider"); if (config_class == null) { config_class = "sun.security.provider.ConfigFile"; } try { - final String finalClass = config_class; - Configuration untrustedImpl = AccessController.doPrivileged( - new PrivilegedExceptionAction<>() { - public Configuration run() throws ClassNotFoundException, - InstantiationException, - IllegalAccessException { - Class<? extends Configuration> implClass = Class.forName( - finalClass, false, - Thread.currentThread().getContextClassLoader() - ).asSubclass(Configuration.class); - @SuppressWarnings("deprecation") - Configuration result = implClass.newInstance(); - return result; - } - }); - AccessController.doPrivileged( - new PrivilegedExceptionAction<>() { - public Void run() { - setConfiguration(untrustedImpl); - return null; - } - }, Objects.requireNonNull(untrustedImpl.acc) - ); - } catch (PrivilegedActionException e) { - Exception ee = e.getException(); - if (ee instanceof InstantiationException) { - throw new SecurityException - ("Configuration error:" + - ee.getCause().getMessage() + - "\n", ee.getCause()); - } else { - throw new SecurityException - ("Configuration error: " + - ee.toString() + - "\n", ee); - } + Class<? extends Configuration> implClass = Class.forName( + config_class, false, + Thread.currentThread().getContextClassLoader() + ).asSubclass(Configuration.class); + @SuppressWarnings("deprecation") + Configuration result = implClass.newInstance(); + setConfiguration(result); + } catch (ReflectiveOperationException e) { + throw new SecurityException + ("Configuration error: " + + e.toString() + + "\n", e); } } return configuration; @@ -291,10 +237,6 @@ public abstract class Configuration { * @see #getConfiguration */ public static void setConfiguration(Configuration configuration) { - @SuppressWarnings("removal") - SecurityManager sm = System.getSecurityManager(); - if (sm != null) - sm.checkPermission(new AuthPermission("setLoginConfiguration")); Configuration.configuration = configuration; } @@ -346,7 +288,6 @@ public abstract class Configuration { throws NoSuchAlgorithmException { Objects.requireNonNull(type, "null type name"); - checkPermission(type); try { GetInstance.Instance instance = GetInstance.getInstance ("Configuration", @@ -412,7 +353,6 @@ public abstract class Configuration { throw new IllegalArgumentException("missing provider"); } - checkPermission(type); try { GetInstance.Instance instance = GetInstance.getInstance ("Configuration", @@ -473,7 +413,6 @@ public abstract class Configuration { throw new IllegalArgumentException("missing provider"); } - checkPermission(type); try { GetInstance.Instance instance = GetInstance.getInstance ("Configuration", diff --git a/src/java.base/share/classes/javax/security/auth/login/LoginContext.java b/src/java.base/share/classes/javax/security/auth/login/LoginContext.java index 5878da078f6..988379a3c40 100644 --- a/src/java.base/share/classes/javax/security/auth/login/LoginContext.java +++ b/src/java.base/share/classes/javax/security/auth/login/LoginContext.java @@ -25,16 +25,13 @@ package javax.security.auth.login; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Map; import java.util.HashMap; +import java.security.Security; import java.text.MessageFormat; import javax.security.auth.Subject; -import javax.security.auth.AuthPermission; import javax.security.auth.callback.*; import javax.security.auth.spi.LoginModule; -import java.security.AccessControlContext; import java.util.ServiceLoader; import sun.security.util.PendingException; @@ -182,8 +179,6 @@ public class LoginContext { private final Map<String,?> state = new HashMap<>(); private Configuration config; - @SuppressWarnings("removal") - private AccessControlContext creatorAcc = null; // customized config only private ModuleInfo[] moduleStack; private ClassLoader contextClassLoader = null; @@ -200,38 +195,21 @@ public class LoginContext { private static final WeakHashMap<ClassLoader, Set<Provider<LoginModule>>> providersCache = new WeakHashMap<>(); - @SuppressWarnings("removal") private void init(String name) throws LoginException { - SecurityManager sm = System.getSecurityManager(); - if (sm != null && creatorAcc == null) { - sm.checkPermission(new AuthPermission - ("createLoginContext." + name)); - } - if (name == null) throw new LoginException (ResourcesMgr.getString("Invalid.null.input.name")); // get the Configuration if (config == null) { - config = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<Configuration>() { - public Configuration run() { - return Configuration.getConfiguration(); - } - }); + config = Configuration.getConfiguration(); } // get the LoginModules configured for this application AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name); if (entries == null) { - if (sm != null && creatorAcc == null) { - sm.checkPermission(new AuthPermission - ("createLoginContext." + OTHER)); - } - entries = config.getAppConfigurationEntry(OTHER); if (entries == null) { MessageFormat form = new MessageFormat(ResourcesMgr.getString @@ -251,55 +229,30 @@ public class LoginContext { null); } - contextClassLoader = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction<ClassLoader>() { - public ClassLoader run() { - ClassLoader loader = - Thread.currentThread().getContextClassLoader(); - if (loader == null) { - // Don't use bootstrap class loader directly to ensure - // proper package access control! - loader = ClassLoader.getSystemClassLoader(); - } - - return loader; - } - }); + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + if (loader == null) { + loader = ClassLoader.getSystemClassLoader(); + } + contextClassLoader = loader; } - @SuppressWarnings("removal") + @SuppressWarnings("deprecation") private void loadDefaultCallbackHandler() throws LoginException { // get the default handler class try { - - final ClassLoader finalLoader = contextClassLoader; - - this.callbackHandler = java.security.AccessController.doPrivileged( - new java.security.PrivilegedExceptionAction<CallbackHandler>() { - public CallbackHandler run() throws Exception { - String defaultHandler = java.security.Security.getProperty - (DEFAULT_HANDLER); - if (defaultHandler == null || defaultHandler.isEmpty()) - return null; - Class<? extends CallbackHandler> c = Class.forName( - defaultHandler, true, - finalLoader).asSubclass(CallbackHandler.class); - @SuppressWarnings("deprecation") - CallbackHandler result = c.newInstance(); - return result; - } - }); - } catch (java.security.PrivilegedActionException pae) { - throw new LoginException(pae.getException().toString()); - } - - // secure it with the caller's ACC - if (this.callbackHandler != null && creatorAcc == null) { - this.callbackHandler = new SecureCallbackHandler - (java.security.AccessController.getContext(), - this.callbackHandler); + String defaultHandler = Security.getProperty(DEFAULT_HANDLER); + if (defaultHandler == null || defaultHandler.isEmpty()) { + this.callbackHandler = null; + } else { + Class<? extends CallbackHandler> c = Class.forName( + defaultHandler, true, + contextClassLoader).asSubclass(CallbackHandler.class); + this.callbackHandler = (CallbackHandler) c.newInstance(); + } + } catch (ReflectiveOperationException e) { + throw new LoginException(e.toString()); } } @@ -367,16 +320,13 @@ public class LoginContext { * for "{@code other}", or if the caller-specified * {@code callbackHandler} is {@code null}. */ - @SuppressWarnings("removal") public LoginContext(String name, CallbackHandler callbackHandler) throws LoginException { init(name); if (callbackHandler == null) throw new LoginException(ResourcesMgr.getString ("invalid.null.CallbackHandler.provided")); - this.callbackHandler = new SecureCallbackHandler - (java.security.AccessController.getContext(), - callbackHandler); + this.callbackHandler = callbackHandler; } /** @@ -400,16 +350,13 @@ public class LoginContext { * or if the caller-specified * {@code callbackHandler} is {@code null}. */ - @SuppressWarnings("removal") public LoginContext(String name, Subject subject, CallbackHandler callbackHandler) throws LoginException { this(name, subject); if (callbackHandler == null) throw new LoginException(ResourcesMgr.getString ("invalid.null.CallbackHandler.provided")); - this.callbackHandler = new SecureCallbackHandler - (java.security.AccessController.getContext(), - callbackHandler); + this.callbackHandler = callbackHandler; } /** @@ -437,14 +384,10 @@ public class LoginContext { * * @since 1.5 */ - @SuppressWarnings("removal") public LoginContext(String name, Subject subject, CallbackHandler callbackHandler, Configuration config) throws LoginException { this.config = config; - if (config != null) { - creatorAcc = java.security.AccessController.getContext(); - } init(name); if (subject != null) { @@ -453,10 +396,6 @@ public class LoginContext { } if (callbackHandler == null) { loadDefaultCallbackHandler(); - } else if (creatorAcc == null) { - this.callbackHandler = new SecureCallbackHandler - (java.security.AccessController.getContext(), - callbackHandler); } else { this.callbackHandler = callbackHandler; } @@ -518,13 +457,12 @@ public class LoginContext { } try { - // module invoked in doPrivileged - invokePriv(LOGIN_METHOD); - invokePriv(COMMIT_METHOD); + invoke(LOGIN_METHOD); + invoke(COMMIT_METHOD); loginSucceeded = true; } catch (LoginException le) { try { - invokePriv(ABORT_METHOD); + invoke(ABORT_METHOD); } catch (LoginException le2) { throw le; } @@ -557,8 +495,7 @@ public class LoginContext { ("null.subject.logout.called.before.login")); } - // module invoked in doPrivileged - invokePriv(LOGOUT_METHOD); + invoke(LOGOUT_METHOD); } /** @@ -597,28 +534,8 @@ public class LoginContext { } /** - * Invokes the login, commit, and logout methods - * from a LoginModule inside a doPrivileged block restricted - * by creatorAcc (may be null). - * - * This version is called if the caller did not instantiate - * the LoginContext with a Configuration object. + * Invokes the login, commit, and logout methods from a LoginModule. */ - @SuppressWarnings("removal") - private void invokePriv(final String methodName) throws LoginException { - try { - java.security.AccessController.doPrivileged - (new java.security.PrivilegedExceptionAction<Void>() { - public Void run() throws LoginException { - invoke(methodName); - return null; - } - }, creatorAcc); - } catch (java.security.PrivilegedActionException pae) { - throw (LoginException)pae.getException(); - } - } - private void invoke(String methodName) throws LoginException { // start at moduleIndex @@ -639,11 +556,8 @@ public class LoginContext { if (debug != null){ debug.println("Build ServiceProviders cache for ClassLoader: " + contextClassLoader.getName()); } - @SuppressWarnings("removal") - ServiceLoader<LoginModule> sc = AccessController.doPrivileged( - (PrivilegedAction<ServiceLoader<LoginModule>>) - () -> java.util.ServiceLoader.load( - LoginModule.class, contextClassLoader)); + ServiceLoader<LoginModule> sc = ServiceLoader.load( + LoginModule.class, contextClassLoader); lmProviders = sc.stream().collect(Collectors.toSet()); if (debug != null){ debug.println("Discovered ServiceProviders for ClassLoader: " + contextClassLoader.getName()); @@ -841,45 +755,6 @@ public class LoginContext { } } - /** - * Wrap the caller-specified CallbackHandler in our own - * and invoke it within a privileged block, constrained by - * the caller's AccessControlContext. - */ - private static class SecureCallbackHandler implements CallbackHandler { - - @SuppressWarnings("removal") - private final java.security.AccessControlContext acc; - private final CallbackHandler ch; - - SecureCallbackHandler(@SuppressWarnings("removal") java.security.AccessControlContext acc, - CallbackHandler ch) { - this.acc = acc; - this.ch = ch; - } - - @SuppressWarnings("removal") - public void handle(final Callback[] callbacks) - throws java.io.IOException, UnsupportedCallbackException { - try { - java.security.AccessController.doPrivileged - (new java.security.PrivilegedExceptionAction<Void>() { - public Void run() throws java.io.IOException, - UnsupportedCallbackException { - ch.handle(callbacks); - return null; - } - }, acc); - } catch (java.security.PrivilegedActionException pae) { - if (pae.getException() instanceof java.io.IOException) { - throw (java.io.IOException)pae.getException(); - } else { - throw (UnsupportedCallbackException)pae.getException(); - } - } - } - } - /** * LoginModule information - * encapsulates Configuration info and actual module instances diff --git a/src/java.base/share/classes/javax/security/cert/X509Certificate.java b/src/java.base/share/classes/javax/security/cert/X509Certificate.java index f93c811cf29..38ab1976987 100644 --- a/src/java.base/share/classes/javax/security/cert/X509Certificate.java +++ b/src/java.base/share/classes/javax/security/cert/X509Certificate.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,9 +30,7 @@ import java.io.InputStream; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.math.BigInteger; -import java.security.AccessController; import java.security.Principal; -import java.security.PrivilegedAction; import java.security.Security; import java.util.Date; @@ -140,17 +138,7 @@ public abstract class X509Certificate extends Certificate { * </pre> */ private static final String X509_PROVIDER = "cert.provider.x509v1"; - private static String X509Provider; - - static { - X509Provider = AccessController.doPrivileged( - new PrivilegedAction<>() { - public String run() { - return Security.getProperty(X509_PROVIDER); - } - } - ); - } + private static String X509Provider = Security.getProperty(X509_PROVIDER); /** * Instantiates an X509Certificate object, and initializes it with diff --git a/test/jdk/javax/security/auth/login/Configuration/GetInstanceConfigSpi.java b/test/jdk/javax/security/auth/login/Configuration/GetInstanceConfigSpi.java index f8b73c6ce36..8127292ee3b 100644 --- a/test/jdk/javax/security/auth/login/Configuration/GetInstanceConfigSpi.java +++ b/test/jdk/javax/security/auth/login/Configuration/GetInstanceConfigSpi.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,7 +21,7 @@ * questions. */ -import java.security.*; +import java.security.URIParameter; import javax.security.auth.login.*; import com.sun.security.auth.login.*; @@ -31,16 +31,11 @@ public class GetInstanceConfigSpi extends ConfigurationSpi { public GetInstanceConfigSpi(final Configuration.Parameters params) { - c = AccessController.doPrivileged - (new PrivilegedAction<Configuration>() { - public Configuration run() { - if (params instanceof URIParameter) { - URIParameter uriParam = (URIParameter)params; - return new ConfigFile(uriParam.getURI()); - } - return new ConfigFile(); - } - }); + if (params instanceof URIParameter uriParam) { + c = new ConfigFile(uriParam.getURI()); + } else { + c = new ConfigFile(); + } } public AppConfigurationEntry[] engineGetAppConfigurationEntry(String name) { diff --git a/test/jdk/javax/security/auth/login/Configuration/GetInstanceProvider.java b/test/jdk/javax/security/auth/login/Configuration/GetInstanceProvider.java index 01f0a1fd572..ac6e4693fc2 100644 --- a/test/jdk/javax/security/auth/login/Configuration/GetInstanceProvider.java +++ b/test/jdk/javax/security/auth/login/Configuration/GetInstanceProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,7 +21,7 @@ * questions. */ -import java.security.*; +import java.security.Provider; public class GetInstanceProvider extends Provider { @@ -30,12 +30,6 @@ public class GetInstanceProvider extends Provider { "1", "GetInstanceProvider: Configuration.GetInstanceConfigSpi"); - AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - put("Configuration.GetInstanceConfigSpi", - "GetInstanceConfigSpi"); - return null; - } - }); + put("Configuration.GetInstanceConfigSpi", "GetInstanceConfigSpi"); } } diff --git a/test/jdk/javax/security/auth/login/LoginContext/ConfigConstructor.java b/test/jdk/javax/security/auth/login/LoginContext/ConfigConstructor.java index 7907ad12bbe..d6ab1d5d857 100644 --- a/test/jdk/javax/security/auth/login/LoginContext/ConfigConstructor.java +++ b/test/jdk/javax/security/auth/login/LoginContext/ConfigConstructor.java @@ -31,12 +31,6 @@ * */ -/** - * This test shares the login config with ConfigConstructorNoPerm. - * This test has all necessary permissions configured in the policy - * (ConfigConstructorNoPerm has no perms and checks for SecurityExceptions). - */ - import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.login.AppConfigurationEntry; @@ -209,8 +203,7 @@ public class ConfigConstructor { public void initialize(Subject s, CallbackHandler ch, Map<String,?> state, Map<String,?> options) { if (s != ConfigConstructor.s || - ch == null || - ch == ConfigConstructor.ch) { + ch == null) { throw new SecurityException("Module 3 failed"); } } diff --git a/test/jdk/javax/security/auth/login/LoginContext/LCTest.java b/test/jdk/javax/security/auth/login/LoginContext/LCTest.java index e5eeb6c1d7f..b9c8735499f 100644 --- a/test/jdk/javax/security/auth/login/LoginContext/LCTest.java +++ b/test/jdk/javax/security/auth/login/LoginContext/LCTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -287,15 +287,9 @@ public class LCTest { return false; } userPrincipal = new UnixPrincipal(username); - final Subject s = subject; - final UnixPrincipal up = userPrincipal; - java.security.AccessController.doPrivileged - ((java.security.PrivilegedAction) () -> { - if (!s.getPrincipals().contains(up)) { - s.getPrincipals().add(up); - } - return null; - }); + if (!subject.getPrincipals().contains(userPrincipal)) { + subject.getPrincipals().add(userPrincipal); + } password = null; commitSucceeded = true; return true; @@ -320,13 +314,7 @@ public class LCTest { private void clearState() { if (commitSucceeded) { - final Subject s = subject; - final UnixPrincipal up = userPrincipal; - java.security.AccessController.doPrivileged - ((java.security.PrivilegedAction) () -> { - s.getPrincipals().remove(up); - return null; - }); + subject.getPrincipals().remove(userPrincipal); } username = null; password = null;