8344420: Remove Security Manager dependencies from javax.security package

Reviewed-by: alanb, rriggs, wetmore
This commit is contained in:
Sean Mullan 2024-11-26 17:24:22 +00:00
parent 246552674c
commit 65c98e577f
10 changed files with 86 additions and 599 deletions
src/java.base/share/classes
test/jdk/javax/security/auth/login

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2010, 2022, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,6 @@
package com.sun.security.ntlm; package com.sun.security.ntlm;
import sun.security.action.GetBooleanAction;
import static com.sun.security.ntlm.Version.*; import static com.sun.security.ntlm.Version.*;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
@ -57,8 +55,7 @@ class NTLM {
private final MessageDigest md4; private final MessageDigest md4;
private final Mac hmac; private final Mac hmac;
private final MessageDigest md5; private final MessageDigest md5;
private static final boolean DEBUG private static final boolean DEBUG = Boolean.getBoolean("ntlm.debug");
= GetBooleanAction.privilegedGetProperty("ntlm.debug");
final Version v; final Version v;

@ -237,12 +237,6 @@ public final class Subject implements java.io.Serializable {
* it can not be reset to being writable again. * it can not be reset to being writable again.
*/ */
public void setReadOnly() { public void setReadOnly() {
@SuppressWarnings("removal")
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION);
}
this.readOnly = true; this.readOnly = true;
} }
@ -305,7 +299,6 @@ public final class Subject implements java.io.Serializable {
* @see #callAs(Subject, Callable) * @see #callAs(Subject, Callable)
* @since 18 * @since 18
*/ */
@SuppressWarnings("removal")
public static Subject current() { public static Subject current() {
return SCOPED_SUBJECT.orElse(null); return SCOPED_SUBJECT.orElse(null);
} }
@ -375,16 +368,10 @@ public final class Subject implements java.io.Serializable {
* *
* @see #callAs(Subject, Callable) * @see #callAs(Subject, Callable)
*/ */
@SuppressWarnings("removal")
@Deprecated(since="18", forRemoval=true) @Deprecated(since="18", forRemoval=true)
public static <T> T doAs(final Subject subject, public static <T> T doAs(final Subject subject,
final java.security.PrivilegedAction<T> action) { final java.security.PrivilegedAction<T> action) {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
}
Objects.requireNonNull(action, Objects.requireNonNull(action,
ResourcesMgr.getString("invalid.null.action.provided")); ResourcesMgr.getString("invalid.null.action.provided"));
@ -441,17 +428,11 @@ public final class Subject implements java.io.Serializable {
* *
* @see #callAs(Subject, Callable) * @see #callAs(Subject, Callable)
*/ */
@SuppressWarnings("removal")
@Deprecated(since="18", forRemoval=true) @Deprecated(since="18", forRemoval=true)
public static <T> T doAs(final Subject subject, public static <T> T doAs(final Subject subject,
final java.security.PrivilegedExceptionAction<T> action) final java.security.PrivilegedExceptionAction<T> action)
throws java.security.PrivilegedActionException { throws java.security.PrivilegedActionException {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
}
Objects.requireNonNull(action, Objects.requireNonNull(action,
ResourcesMgr.getString("invalid.null.action.provided")); ResourcesMgr.getString("invalid.null.action.provided"));
@ -514,11 +495,6 @@ public final class Subject implements java.io.Serializable {
final java.security.PrivilegedAction<T> action, final java.security.PrivilegedAction<T> action,
final java.security.AccessControlContext acc) { final java.security.AccessControlContext acc) {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
}
Objects.requireNonNull(action, Objects.requireNonNull(action,
ResourcesMgr.getString("invalid.null.action.provided")); ResourcesMgr.getString("invalid.null.action.provided"));
@ -585,11 +561,6 @@ public final class Subject implements java.io.Serializable {
final java.security.AccessControlContext acc) final java.security.AccessControlContext acc)
throws java.security.PrivilegedActionException { throws java.security.PrivilegedActionException {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
}
Objects.requireNonNull(action, Objects.requireNonNull(action,
ResourcesMgr.getString("invalid.null.action.provided")); ResourcesMgr.getString("invalid.null.action.provided"));
@ -609,25 +580,6 @@ public final class Subject implements java.io.Serializable {
} }
} }
@SuppressWarnings("removal")
private static AccessControlContext createContext(final Subject subject,
final AccessControlContext acc) {
return java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<>() {
public AccessControlContext run() {
if (subject == null) {
return new AccessControlContext(acc, null);
} else {
return new AccessControlContext
(acc,
new SubjectDomainCombiner(subject));
}
}
});
}
/** /**
* Return the {@code Set} of Principals associated with this * Return the {@code Set} of Principals associated with this
* {@code Subject}. Each {@code Principal} represents * {@code Subject}. Each {@code Principal} represents
@ -713,14 +665,6 @@ public final class Subject implements java.io.Serializable {
*/ */
public Set<Object> getPrivateCredentials() { public Set<Object> getPrivateCredentials() {
// XXX
// we do not need a security check for
// AuthPermission(getPrivateCredentials)
// because we already restrict access to private credentials
// via the PrivateCredentialPermission. all the extra AuthPermission
// would do is protect the set operations themselves
// (like size()), which don't seem security-sensitive.
// always return an empty Set instead of null // always return an empty Set instead of null
// so LoginModules can add to the Set if necessary // so LoginModules can add to the Set if necessary
return privCredentials; return privCredentials;
@ -782,14 +726,6 @@ public final class Subject implements java.io.Serializable {
*/ */
public <T> Set<T> getPrivateCredentials(Class<T> c) { public <T> Set<T> getPrivateCredentials(Class<T> c) {
// XXX
// we do not need a security check for
// AuthPermission(getPrivateCredentials)
// because we already restrict access to private credentials
// via the PrivateCredentialPermission. all the extra AuthPermission
// would do is protect the set operations themselves
// (like size()), which don't seem security-sensitive.
Objects.requireNonNull(c, Objects.requireNonNull(c,
ResourcesMgr.getString("invalid.null.Class.provided")); ResourcesMgr.getString("invalid.null.Class.provided"));
@ -857,15 +793,6 @@ public final class Subject implements java.io.Serializable {
*/ */
@Override @Override
public String toString() { public String toString() {
return toString(true);
}
/**
* package private convenience method to print out the Subject
* without firing off a security check when trying to access
* the Private Credentials
*/
String toString(boolean includePrivateCredentials) {
String s = ResourcesMgr.getString("Subject."); String s = ResourcesMgr.getString("Subject.");
String suffix = ""; String suffix = "";
@ -885,21 +812,19 @@ public final class Subject implements java.io.Serializable {
} }
} }
if (includePrivateCredentials) { synchronized(privCredentials) {
synchronized(privCredentials) { Iterator<Object> pI = privCredentials.iterator();
Iterator<Object> pI = privCredentials.iterator(); while (pI.hasNext()) {
while (pI.hasNext()) { try {
try { Object o = pI.next();
Object o = pI.next(); suffix += ResourcesMgr.getString
suffix += ResourcesMgr.getString (".Private.Credential.") +
(".Private.Credential.") + o.toString() +
o.toString() + ResourcesMgr.getString("NEWLINE");
ResourcesMgr.getString("NEWLINE"); } catch (SecurityException se) {
} catch (SecurityException se) { suffix += ResourcesMgr.getString
suffix += ResourcesMgr.getString (".Private.Credential.inaccessible.");
(".Private.Credential.inaccessible."); break;
break;
}
} }
} }
} }
@ -1091,22 +1016,6 @@ public final class Subject implements java.io.Serializable {
} }
public E next() { public E next() {
if (which != Subject.PRIV_CREDENTIAL_SET) {
return i.next();
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkPermission(new PrivateCredentialPermission
(list.get(i.nextIndex()).getClass().getName(),
subject.getPrincipals()));
} catch (SecurityException se) {
i.next();
throw (se);
}
}
return i.next(); return i.next();
} }
@ -1117,21 +1026,6 @@ public final class Subject implements java.io.Serializable {
("Subject.is.read.only")); ("Subject.is.read.only"));
} }
@SuppressWarnings("removal")
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
switch (which) {
case Subject.PRINCIPAL_SET:
sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
break;
case Subject.PUB_CREDENTIAL_SET:
sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
break;
default:
sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
break;
}
}
i.remove(); i.remove();
} }
}; };
@ -1147,22 +1041,6 @@ public final class Subject implements java.io.Serializable {
(ResourcesMgr.getString("Subject.is.read.only")); (ResourcesMgr.getString("Subject.is.read.only"));
} }
@SuppressWarnings("removal")
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
switch (which) {
case Subject.PRINCIPAL_SET:
sm.checkPermission(AuthPermissionHolder.MODIFY_PRINCIPALS_PERMISSION);
break;
case Subject.PUB_CREDENTIAL_SET:
sm.checkPermission(AuthPermissionHolder.MODIFY_PUBLIC_CREDENTIALS_PERMISSION);
break;
default:
sm.checkPermission(AuthPermissionHolder.MODIFY_PRIVATE_CREDENTIALS_PERMISSION);
break;
}
}
switch (which) { switch (which) {
case Subject.PRINCIPAL_SET: case Subject.PRINCIPAL_SET:
if (!(o instanceof Principal)) { if (!(o instanceof Principal)) {
@ -1180,10 +1058,9 @@ public final class Subject implements java.io.Serializable {
return elements.add(o); return elements.add(o);
else { else {
return false; return false;
} }
} }
@SuppressWarnings("removal")
public boolean remove(Object o) { public boolean remove(Object o) {
Objects.requireNonNull(o, Objects.requireNonNull(o,
@ -1191,17 +1068,7 @@ public final class Subject implements java.io.Serializable {
final Iterator<E> e = iterator(); final Iterator<E> e = iterator();
while (e.hasNext()) { while (e.hasNext()) {
E next; E next = e.next();
if (which != Subject.PRIV_CREDENTIAL_SET) {
next = e.next();
} else {
next = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<E>() {
public E run() {
return e.next();
}
});
}
if (next.equals(o)) { if (next.equals(o)) {
e.remove(); e.remove();
@ -1211,7 +1078,6 @@ public final class Subject implements java.io.Serializable {
return false; return false;
} }
@SuppressWarnings("removal")
public boolean contains(Object o) { public boolean contains(Object o) {
Objects.requireNonNull(o, Objects.requireNonNull(o,
@ -1219,30 +1085,7 @@ public final class Subject implements java.io.Serializable {
final Iterator<E> e = iterator(); final Iterator<E> e = iterator();
while (e.hasNext()) { while (e.hasNext()) {
E next; E next = e.next();
if (which != Subject.PRIV_CREDENTIAL_SET) {
next = e.next();
} else {
// For private credentials:
// If the caller does not have read permission
// for o.getClass(), we throw a SecurityException.
// Otherwise, we check the private cred set to see whether
// it contains the Object
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new PrivateCredentialPermission
(o.getClass().getName(),
subject.getPrincipals()));
}
next = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<E>() {
public E run() {
return e.next();
}
});
}
if (next.equals(o)) { if (next.equals(o)) {
return true; return true;
@ -1263,24 +1106,13 @@ public final class Subject implements java.io.Serializable {
return result; return result;
} }
@SuppressWarnings("removal")
public boolean removeAll(Collection<?> c) { public boolean removeAll(Collection<?> c) {
c = collectionNullClean(c); c = collectionNullClean(c);
boolean modified = false; boolean modified = false;
final Iterator<E> e = iterator(); final Iterator<E> e = iterator();
while (e.hasNext()) { while (e.hasNext()) {
E next; E next = e.next();
if (which != Subject.PRIV_CREDENTIAL_SET) {
next = e.next();
} else {
next = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<E>() {
public E run() {
return e.next();
}
});
}
for (Object o : c) { for (Object o : c) {
if (next.equals(o)) { if (next.equals(o)) {
@ -1305,24 +1137,13 @@ public final class Subject implements java.io.Serializable {
return true; return true;
} }
@SuppressWarnings("removal")
public boolean retainAll(Collection<?> c) { public boolean retainAll(Collection<?> c) {
c = collectionNullClean(c); c = collectionNullClean(c);
boolean modified = false; boolean modified = false;
final Iterator<E> e = iterator(); final Iterator<E> e = iterator();
while (e.hasNext()) { while (e.hasNext()) {
E next; E next = e.next();
if (which != Subject.PRIV_CREDENTIAL_SET) {
next = e.next();
} else {
next = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<E>() {
public E run() {
return e.next();
}
});
}
if (c.contains(next) == false) { if (c.contains(next) == false) {
e.remove(); e.remove();
@ -1333,21 +1154,10 @@ public final class Subject implements java.io.Serializable {
return modified; return modified;
} }
@SuppressWarnings("removal")
public void clear() { public void clear() {
final Iterator<E> e = iterator(); final Iterator<E> e = iterator();
while (e.hasNext()) { while (e.hasNext()) {
E next; E next = e.next();
if (which != Subject.PRIV_CREDENTIAL_SET) {
next = e.next();
} else {
next = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<E>() {
public E run() {
return e.next();
}
});
}
e.remove(); e.remove();
} }
} }
@ -1357,30 +1167,10 @@ public final class Subject implements java.io.Serializable {
} }
public Object[] toArray() { public Object[] toArray() {
final Iterator<E> e = iterator();
while (e.hasNext()) {
// The next() method performs a security manager check
// on each element in the SecureSet. If we make it all
// the way through we should be able to simply return
// element's toArray results. Otherwise, we'll let
// the SecurityException pass up the call stack.
e.next();
}
return elements.toArray(); return elements.toArray();
} }
public <T> T[] toArray(T[] a) { public <T> T[] toArray(T[] a) {
final Iterator<E> e = iterator();
while (e.hasNext()) {
// The next() method performs a security manager check
// on each element in the SecureSet. If we make it all
// the way through we should be able to simply return
// element's toArray results. Otherwise, we'll let
// the SecurityException pass up the call stack.
e.next();
}
return elements.toArray(a); return elements.toArray(a);
} }
@ -1425,13 +1215,6 @@ public final class Subject implements java.io.Serializable {
private void writeObject(java.io.ObjectOutputStream oos) private void writeObject(java.io.ObjectOutputStream oos)
throws java.io.IOException { throws java.io.IOException {
if (which == Subject.PRIV_CREDENTIAL_SET) {
// check permissions before serializing
Iterator<E> i = iterator();
while (i.hasNext()) {
i.next();
}
}
ObjectOutputStream.PutField fields = oos.putFields(); ObjectOutputStream.PutField fields = oos.putFields();
fields.put("this$0", subject); fields.put("this$0", subject);
fields.put("elements", elements); fields.put("elements", elements);
@ -1490,7 +1273,7 @@ public final class Subject implements java.io.Serializable {
} }
} }
@SuppressWarnings({"removal","unchecked"}) /*To suppress warning from line 1374*/ @SuppressWarnings("unchecked")
private void populateSet() { private void populateSet() {
final Iterator<?> iterator; final Iterator<?> iterator;
switch(which) { switch(which) {
@ -1505,34 +1288,10 @@ public final class Subject implements java.io.Serializable {
break; break;
} }
// Check whether the caller has permission to get
// credentials of Class c
while (iterator.hasNext()) { while (iterator.hasNext()) {
Object next; Object next = iterator.next();
if (which == Subject.PRIV_CREDENTIAL_SET) {
next = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<>() {
public Object run() {
return iterator.next();
}
});
} else {
next = iterator.next();
}
if (c.isAssignableFrom(next.getClass())) { if (c.isAssignableFrom(next.getClass())) {
if (which != Subject.PRIV_CREDENTIAL_SET) { set.add((T)next);
set.add((T)next);
} else {
// Check permission for private creds
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new PrivateCredentialPermission
(next.getClass().getName(),
Subject.this.getPrincipals()));
}
set.add((T)next);
}
} }
} }
} }
@ -1560,27 +1319,4 @@ public final class Subject implements java.io.Serializable {
return set.add(o); return set.add(o);
} }
} }
static final class AuthPermissionHolder {
static final AuthPermission DO_AS_PERMISSION =
new AuthPermission("doAs");
static final AuthPermission DO_AS_PRIVILEGED_PERMISSION =
new AuthPermission("doAsPrivileged");
static final AuthPermission SET_READ_ONLY_PERMISSION =
new AuthPermission("setReadOnly");
static final AuthPermission GET_SUBJECT_PERMISSION =
new AuthPermission("getSubject");
static final AuthPermission MODIFY_PRINCIPALS_PERMISSION =
new AuthPermission("modifyPrincipals");
static final AuthPermission MODIFY_PUBLIC_CREDENTIALS_PERMISSION =
new AuthPermission("modifyPublicCredentials");
static final AuthPermission MODIFY_PRIVATE_CREDENTIALS_PERMISSION =
new AuthPermission("modifyPrivateCredentials");
}
} }

@ -25,9 +25,7 @@
package javax.security.auth; package javax.security.auth;
import java.security.AccessController;
import java.security.Principal; import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain; import java.security.ProtectionDomain;
import java.util.Set; import java.util.Set;
import java.util.WeakHashMap; import java.util.WeakHashMap;
@ -84,11 +82,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
* {@code SubjectDomainCombiner}. * {@code SubjectDomainCombiner}.
*/ */
public Subject getSubject() { public Subject getSubject() {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new AuthPermission
("getSubjectFromDomainCombiner"));
}
return subject; return subject;
} }
@ -144,14 +137,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
if (subject == null) { if (subject == null) {
debug.println("null subject"); debug.println("null subject");
} else { } else {
final Subject s = subject; debug.println(subject.toString());
AccessController.doPrivileged
(new java.security.PrivilegedAction<Void>() {
public Void run() {
debug.println(s.toString());
return null;
}
});
} }
printInputDomains(currentDomains, assignedDomains); printInputDomains(currentDomains, assignedDomains);
} }
@ -349,11 +335,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
if (pd == null) { if (pd == null) {
return "null"; return "null";
} }
return AccessController.doPrivileged(new PrivilegedAction<String>() { return pd.toString();
public String run() {
return pd.toString();
}
});
} }
/** /**

@ -25,12 +25,6 @@
package javax.security.auth.login; package javax.security.auth.login;
import javax.security.auth.AuthPermission;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException; import java.security.NoSuchProviderException;
import java.security.Provider; import java.security.Provider;
@ -190,19 +184,6 @@ public abstract class Configuration {
private static Configuration configuration; private static Configuration configuration;
@SuppressWarnings("removal")
private final java.security.AccessControlContext acc =
java.security.AccessController.getContext();
private static void checkPermission(String type) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new AuthPermission
("createLoginConfiguration." + type));
}
}
/** /**
* Sole constructor. (For invocation by subclass constructors, typically * Sole constructor. (For invocation by subclass constructors, typically
* implicit.) * implicit.)
@ -219,64 +200,29 @@ public abstract class Configuration {
* *
* @see #setConfiguration * @see #setConfiguration
*/ */
@SuppressWarnings("removal")
public static Configuration getConfiguration() { public static Configuration getConfiguration() {
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new AuthPermission("getLoginConfiguration"));
synchronized (Configuration.class) { synchronized (Configuration.class) {
if (configuration == null) { if (configuration == null) {
String config_class = null; String config_class = Security.getProperty
config_class = AccessController.doPrivileged ("login.configuration.provider");
(new PrivilegedAction<>() {
public String run() {
return java.security.Security.getProperty
("login.configuration.provider");
}
});
if (config_class == null) { if (config_class == null) {
config_class = "sun.security.provider.ConfigFile"; config_class = "sun.security.provider.ConfigFile";
} }
try { try {
final String finalClass = config_class; Class<? extends Configuration> implClass = Class.forName(
Configuration untrustedImpl = AccessController.doPrivileged( config_class, false,
new PrivilegedExceptionAction<>() { Thread.currentThread().getContextClassLoader()
public Configuration run() throws ClassNotFoundException, ).asSubclass(Configuration.class);
InstantiationException, @SuppressWarnings("deprecation")
IllegalAccessException { Configuration result = implClass.newInstance();
Class<? extends Configuration> implClass = Class.forName( setConfiguration(result);
finalClass, false, } catch (ReflectiveOperationException e) {
Thread.currentThread().getContextClassLoader() throw new SecurityException
).asSubclass(Configuration.class); ("Configuration error: " +
@SuppressWarnings("deprecation") e.toString() +
Configuration result = implClass.newInstance(); "\n", e);
return result;
}
});
AccessController.doPrivileged(
new PrivilegedExceptionAction<>() {
public Void run() {
setConfiguration(untrustedImpl);
return null;
}
}, Objects.requireNonNull(untrustedImpl.acc)
);
} catch (PrivilegedActionException e) {
Exception ee = e.getException();
if (ee instanceof InstantiationException) {
throw new SecurityException
("Configuration error:" +
ee.getCause().getMessage() +
"\n", ee.getCause());
} else {
throw new SecurityException
("Configuration error: " +
ee.toString() +
"\n", ee);
}
} }
} }
return configuration; return configuration;
@ -291,10 +237,6 @@ public abstract class Configuration {
* @see #getConfiguration * @see #getConfiguration
*/ */
public static void setConfiguration(Configuration configuration) { public static void setConfiguration(Configuration configuration) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new AuthPermission("setLoginConfiguration"));
Configuration.configuration = configuration; Configuration.configuration = configuration;
} }
@ -346,7 +288,6 @@ public abstract class Configuration {
throws NoSuchAlgorithmException { throws NoSuchAlgorithmException {
Objects.requireNonNull(type, "null type name"); Objects.requireNonNull(type, "null type name");
checkPermission(type);
try { try {
GetInstance.Instance instance = GetInstance.getInstance GetInstance.Instance instance = GetInstance.getInstance
("Configuration", ("Configuration",
@ -412,7 +353,6 @@ public abstract class Configuration {
throw new IllegalArgumentException("missing provider"); throw new IllegalArgumentException("missing provider");
} }
checkPermission(type);
try { try {
GetInstance.Instance instance = GetInstance.getInstance GetInstance.Instance instance = GetInstance.getInstance
("Configuration", ("Configuration",
@ -473,7 +413,6 @@ public abstract class Configuration {
throw new IllegalArgumentException("missing provider"); throw new IllegalArgumentException("missing provider");
} }
checkPermission(type);
try { try {
GetInstance.Instance instance = GetInstance.getInstance GetInstance.Instance instance = GetInstance.getInstance
("Configuration", ("Configuration",

@ -25,16 +25,13 @@
package javax.security.auth.login; package javax.security.auth.login;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map; import java.util.Map;
import java.util.HashMap; import java.util.HashMap;
import java.security.Security;
import java.text.MessageFormat; import java.text.MessageFormat;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.AuthPermission;
import javax.security.auth.callback.*; import javax.security.auth.callback.*;
import javax.security.auth.spi.LoginModule; import javax.security.auth.spi.LoginModule;
import java.security.AccessControlContext;
import java.util.ServiceLoader; import java.util.ServiceLoader;
import sun.security.util.PendingException; import sun.security.util.PendingException;
@ -182,8 +179,6 @@ public class LoginContext {
private final Map<String,?> state = new HashMap<>(); private final Map<String,?> state = new HashMap<>();
private Configuration config; private Configuration config;
@SuppressWarnings("removal")
private AccessControlContext creatorAcc = null; // customized config only
private ModuleInfo[] moduleStack; private ModuleInfo[] moduleStack;
private ClassLoader contextClassLoader = null; private ClassLoader contextClassLoader = null;
@ -200,38 +195,21 @@ public class LoginContext {
private static final WeakHashMap<ClassLoader, Set<Provider<LoginModule>>> providersCache = private static final WeakHashMap<ClassLoader, Set<Provider<LoginModule>>> providersCache =
new WeakHashMap<>(); new WeakHashMap<>();
@SuppressWarnings("removal")
private void init(String name) throws LoginException { private void init(String name) throws LoginException {
SecurityManager sm = System.getSecurityManager();
if (sm != null && creatorAcc == null) {
sm.checkPermission(new AuthPermission
("createLoginContext." + name));
}
if (name == null) if (name == null)
throw new LoginException throw new LoginException
(ResourcesMgr.getString("Invalid.null.input.name")); (ResourcesMgr.getString("Invalid.null.input.name"));
// get the Configuration // get the Configuration
if (config == null) { if (config == null) {
config = java.security.AccessController.doPrivileged config = Configuration.getConfiguration();
(new java.security.PrivilegedAction<Configuration>() {
public Configuration run() {
return Configuration.getConfiguration();
}
});
} }
// get the LoginModules configured for this application // get the LoginModules configured for this application
AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name); AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
if (entries == null) { if (entries == null) {
if (sm != null && creatorAcc == null) {
sm.checkPermission(new AuthPermission
("createLoginContext." + OTHER));
}
entries = config.getAppConfigurationEntry(OTHER); entries = config.getAppConfigurationEntry(OTHER);
if (entries == null) { if (entries == null) {
MessageFormat form = new MessageFormat(ResourcesMgr.getString MessageFormat form = new MessageFormat(ResourcesMgr.getString
@ -251,55 +229,30 @@ public class LoginContext {
null); null);
} }
contextClassLoader = java.security.AccessController.doPrivileged ClassLoader loader = Thread.currentThread().getContextClassLoader();
(new java.security.PrivilegedAction<ClassLoader>() { if (loader == null) {
public ClassLoader run() { loader = ClassLoader.getSystemClassLoader();
ClassLoader loader = }
Thread.currentThread().getContextClassLoader(); contextClassLoader = loader;
if (loader == null) {
// Don't use bootstrap class loader directly to ensure
// proper package access control!
loader = ClassLoader.getSystemClassLoader();
}
return loader;
}
});
} }
@SuppressWarnings("removal") @SuppressWarnings("deprecation")
private void loadDefaultCallbackHandler() throws LoginException { private void loadDefaultCallbackHandler() throws LoginException {
// get the default handler class // get the default handler class
try { try {
String defaultHandler = Security.getProperty(DEFAULT_HANDLER);
final ClassLoader finalLoader = contextClassLoader; if (defaultHandler == null || defaultHandler.isEmpty()) {
this.callbackHandler = null;
this.callbackHandler = java.security.AccessController.doPrivileged( } else {
new java.security.PrivilegedExceptionAction<CallbackHandler>() { Class<? extends CallbackHandler> c = Class.forName(
public CallbackHandler run() throws Exception { defaultHandler, true,
String defaultHandler = java.security.Security.getProperty contextClassLoader).asSubclass(CallbackHandler.class);
(DEFAULT_HANDLER); this.callbackHandler = (CallbackHandler) c.newInstance();
if (defaultHandler == null || defaultHandler.isEmpty()) }
return null; } catch (ReflectiveOperationException e) {
Class<? extends CallbackHandler> c = Class.forName( throw new LoginException(e.toString());
defaultHandler, true,
finalLoader).asSubclass(CallbackHandler.class);
@SuppressWarnings("deprecation")
CallbackHandler result = c.newInstance();
return result;
}
});
} catch (java.security.PrivilegedActionException pae) {
throw new LoginException(pae.getException().toString());
}
// secure it with the caller's ACC
if (this.callbackHandler != null && creatorAcc == null) {
this.callbackHandler = new SecureCallbackHandler
(java.security.AccessController.getContext(),
this.callbackHandler);
} }
} }
@ -367,16 +320,13 @@ public class LoginContext {
* for "{@code other}", or if the caller-specified * for "{@code other}", or if the caller-specified
* {@code callbackHandler} is {@code null}. * {@code callbackHandler} is {@code null}.
*/ */
@SuppressWarnings("removal")
public LoginContext(String name, CallbackHandler callbackHandler) public LoginContext(String name, CallbackHandler callbackHandler)
throws LoginException { throws LoginException {
init(name); init(name);
if (callbackHandler == null) if (callbackHandler == null)
throw new LoginException(ResourcesMgr.getString throw new LoginException(ResourcesMgr.getString
("invalid.null.CallbackHandler.provided")); ("invalid.null.CallbackHandler.provided"));
this.callbackHandler = new SecureCallbackHandler this.callbackHandler = callbackHandler;
(java.security.AccessController.getContext(),
callbackHandler);
} }
/** /**
@ -400,16 +350,13 @@ public class LoginContext {
* or if the caller-specified * or if the caller-specified
* {@code callbackHandler} is {@code null}. * {@code callbackHandler} is {@code null}.
*/ */
@SuppressWarnings("removal")
public LoginContext(String name, Subject subject, public LoginContext(String name, Subject subject,
CallbackHandler callbackHandler) throws LoginException { CallbackHandler callbackHandler) throws LoginException {
this(name, subject); this(name, subject);
if (callbackHandler == null) if (callbackHandler == null)
throw new LoginException(ResourcesMgr.getString throw new LoginException(ResourcesMgr.getString
("invalid.null.CallbackHandler.provided")); ("invalid.null.CallbackHandler.provided"));
this.callbackHandler = new SecureCallbackHandler this.callbackHandler = callbackHandler;
(java.security.AccessController.getContext(),
callbackHandler);
} }
/** /**
@ -437,14 +384,10 @@ public class LoginContext {
* *
* @since 1.5 * @since 1.5
*/ */
@SuppressWarnings("removal")
public LoginContext(String name, Subject subject, public LoginContext(String name, Subject subject,
CallbackHandler callbackHandler, CallbackHandler callbackHandler,
Configuration config) throws LoginException { Configuration config) throws LoginException {
this.config = config; this.config = config;
if (config != null) {
creatorAcc = java.security.AccessController.getContext();
}
init(name); init(name);
if (subject != null) { if (subject != null) {
@ -453,10 +396,6 @@ public class LoginContext {
} }
if (callbackHandler == null) { if (callbackHandler == null) {
loadDefaultCallbackHandler(); loadDefaultCallbackHandler();
} else if (creatorAcc == null) {
this.callbackHandler = new SecureCallbackHandler
(java.security.AccessController.getContext(),
callbackHandler);
} else { } else {
this.callbackHandler = callbackHandler; this.callbackHandler = callbackHandler;
} }
@ -518,13 +457,12 @@ public class LoginContext {
} }
try { try {
// module invoked in doPrivileged invoke(LOGIN_METHOD);
invokePriv(LOGIN_METHOD); invoke(COMMIT_METHOD);
invokePriv(COMMIT_METHOD);
loginSucceeded = true; loginSucceeded = true;
} catch (LoginException le) { } catch (LoginException le) {
try { try {
invokePriv(ABORT_METHOD); invoke(ABORT_METHOD);
} catch (LoginException le2) { } catch (LoginException le2) {
throw le; throw le;
} }
@ -557,8 +495,7 @@ public class LoginContext {
("null.subject.logout.called.before.login")); ("null.subject.logout.called.before.login"));
} }
// module invoked in doPrivileged invoke(LOGOUT_METHOD);
invokePriv(LOGOUT_METHOD);
} }
/** /**
@ -597,28 +534,8 @@ public class LoginContext {
} }
/** /**
* Invokes the login, commit, and logout methods * Invokes the login, commit, and logout methods from a LoginModule.
* from a LoginModule inside a doPrivileged block restricted
* by creatorAcc (may be null).
*
* This version is called if the caller did not instantiate
* the LoginContext with a Configuration object.
*/ */
@SuppressWarnings("removal")
private void invokePriv(final String methodName) throws LoginException {
try {
java.security.AccessController.doPrivileged
(new java.security.PrivilegedExceptionAction<Void>() {
public Void run() throws LoginException {
invoke(methodName);
return null;
}
}, creatorAcc);
} catch (java.security.PrivilegedActionException pae) {
throw (LoginException)pae.getException();
}
}
private void invoke(String methodName) throws LoginException { private void invoke(String methodName) throws LoginException {
// start at moduleIndex // start at moduleIndex
@ -639,11 +556,8 @@ public class LoginContext {
if (debug != null){ if (debug != null){
debug.println("Build ServiceProviders cache for ClassLoader: " + contextClassLoader.getName()); debug.println("Build ServiceProviders cache for ClassLoader: " + contextClassLoader.getName());
} }
@SuppressWarnings("removal") ServiceLoader<LoginModule> sc = ServiceLoader.load(
ServiceLoader<LoginModule> sc = AccessController.doPrivileged( LoginModule.class, contextClassLoader);
(PrivilegedAction<ServiceLoader<LoginModule>>)
() -> java.util.ServiceLoader.load(
LoginModule.class, contextClassLoader));
lmProviders = sc.stream().collect(Collectors.toSet()); lmProviders = sc.stream().collect(Collectors.toSet());
if (debug != null){ if (debug != null){
debug.println("Discovered ServiceProviders for ClassLoader: " + contextClassLoader.getName()); debug.println("Discovered ServiceProviders for ClassLoader: " + contextClassLoader.getName());
@ -841,45 +755,6 @@ public class LoginContext {
} }
} }
/**
* Wrap the caller-specified CallbackHandler in our own
* and invoke it within a privileged block, constrained by
* the caller's AccessControlContext.
*/
private static class SecureCallbackHandler implements CallbackHandler {
@SuppressWarnings("removal")
private final java.security.AccessControlContext acc;
private final CallbackHandler ch;
SecureCallbackHandler(@SuppressWarnings("removal") java.security.AccessControlContext acc,
CallbackHandler ch) {
this.acc = acc;
this.ch = ch;
}
@SuppressWarnings("removal")
public void handle(final Callback[] callbacks)
throws java.io.IOException, UnsupportedCallbackException {
try {
java.security.AccessController.doPrivileged
(new java.security.PrivilegedExceptionAction<Void>() {
public Void run() throws java.io.IOException,
UnsupportedCallbackException {
ch.handle(callbacks);
return null;
}
}, acc);
} catch (java.security.PrivilegedActionException pae) {
if (pae.getException() instanceof java.io.IOException) {
throw (java.io.IOException)pae.getException();
} else {
throw (UnsupportedCallbackException)pae.getException();
}
}
}
}
/** /**
* LoginModule information - * LoginModule information -
* encapsulates Configuration info and actual module instances * encapsulates Configuration info and actual module instances

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -30,9 +30,7 @@ import java.io.InputStream;
import java.lang.reflect.Constructor; import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.AccessController;
import java.security.Principal; import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.Security; import java.security.Security;
import java.util.Date; import java.util.Date;
@ -140,17 +138,7 @@ public abstract class X509Certificate extends Certificate {
* </pre> * </pre>
*/ */
private static final String X509_PROVIDER = "cert.provider.x509v1"; private static final String X509_PROVIDER = "cert.provider.x509v1";
private static String X509Provider; private static String X509Provider = Security.getProperty(X509_PROVIDER);
static {
X509Provider = AccessController.doPrivileged(
new PrivilegedAction<>() {
public String run() {
return Security.getProperty(X509_PROVIDER);
}
}
);
}
/** /**
* Instantiates an X509Certificate object, and initializes it with * Instantiates an X509Certificate object, and initializes it with

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -21,7 +21,7 @@
* questions. * questions.
*/ */
import java.security.*; import java.security.URIParameter;
import javax.security.auth.login.*; import javax.security.auth.login.*;
import com.sun.security.auth.login.*; import com.sun.security.auth.login.*;
@ -31,16 +31,11 @@ public class GetInstanceConfigSpi extends ConfigurationSpi {
public GetInstanceConfigSpi(final Configuration.Parameters params) { public GetInstanceConfigSpi(final Configuration.Parameters params) {
c = AccessController.doPrivileged if (params instanceof URIParameter uriParam) {
(new PrivilegedAction<Configuration>() { c = new ConfigFile(uriParam.getURI());
public Configuration run() { } else {
if (params instanceof URIParameter) { c = new ConfigFile();
URIParameter uriParam = (URIParameter)params; }
return new ConfigFile(uriParam.getURI());
}
return new ConfigFile();
}
});
} }
public AppConfigurationEntry[] engineGetAppConfigurationEntry(String name) { public AppConfigurationEntry[] engineGetAppConfigurationEntry(String name) {

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -21,7 +21,7 @@
* questions. * questions.
*/ */
import java.security.*; import java.security.Provider;
public class GetInstanceProvider extends Provider { public class GetInstanceProvider extends Provider {
@ -30,12 +30,6 @@ public class GetInstanceProvider extends Provider {
"1", "1",
"GetInstanceProvider: Configuration.GetInstanceConfigSpi"); "GetInstanceProvider: Configuration.GetInstanceConfigSpi");
AccessController.doPrivileged(new PrivilegedAction() { put("Configuration.GetInstanceConfigSpi", "GetInstanceConfigSpi");
public Object run() {
put("Configuration.GetInstanceConfigSpi",
"GetInstanceConfigSpi");
return null;
}
});
} }
} }

@ -31,12 +31,6 @@
* *
*/ */
/**
* This test shares the login config with ConfigConstructorNoPerm.
* This test has all necessary permissions configured in the policy
* (ConfigConstructorNoPerm has no perms and checks for SecurityExceptions).
*/
import java.util.Map; import java.util.Map;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.AppConfigurationEntry;
@ -209,8 +203,7 @@ public class ConfigConstructor {
public void initialize(Subject s, CallbackHandler ch, public void initialize(Subject s, CallbackHandler ch,
Map<String,?> state, Map<String,?> options) { Map<String,?> state, Map<String,?> options) {
if (s != ConfigConstructor.s || if (s != ConfigConstructor.s ||
ch == null || ch == null) {
ch == ConfigConstructor.ch) {
throw new SecurityException("Module 3 failed"); throw new SecurityException("Module 3 failed");
} }
} }

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -287,15 +287,9 @@ public class LCTest {
return false; return false;
} }
userPrincipal = new UnixPrincipal(username); userPrincipal = new UnixPrincipal(username);
final Subject s = subject; if (!subject.getPrincipals().contains(userPrincipal)) {
final UnixPrincipal up = userPrincipal; subject.getPrincipals().add(userPrincipal);
java.security.AccessController.doPrivileged }
((java.security.PrivilegedAction) () -> {
if (!s.getPrincipals().contains(up)) {
s.getPrincipals().add(up);
}
return null;
});
password = null; password = null;
commitSucceeded = true; commitSucceeded = true;
return true; return true;
@ -320,13 +314,7 @@ public class LCTest {
private void clearState() { private void clearState() {
if (commitSucceeded) { if (commitSucceeded) {
final Subject s = subject; subject.getPrincipals().remove(userPrincipal);
final UnixPrincipal up = userPrincipal;
java.security.AccessController.doPrivileged
((java.security.PrivilegedAction) () -> {
s.getPrincipals().remove(up);
return null;
});
} }
username = null; username = null;
password = null; password = null;