8008981: Deprecate SecurityManager checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess

Reviewed-by: anthony, art, mchung
This commit is contained in:
Alan Bateman 2013-09-04 11:40:23 +01:00
parent 0fb014c2b3
commit cc84e69bec
12 changed files with 181 additions and 83 deletions

View File

@ -38,6 +38,7 @@ import java.util.*;
import sun.awt.*;
import sun.lwawt.macosx.*;
import sun.print.*;
import sun.security.util.SecurityConstants;
public abstract class LWToolkit extends SunToolkit implements Runnable {
@ -502,7 +503,7 @@ public abstract class LWToolkit extends SunToolkit implements Runnable {
public Clipboard getSystemClipboard() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSystemClipboardAccess();
security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
synchronized (this) {

View File

@ -35,6 +35,7 @@ import java.text.BreakIterator;
import javax.swing.text.AttributeSet;
import javax.accessibility.*;
import java.awt.im.InputMethodRequests;
import sun.security.util.SecurityConstants;
/**
* The <code>TextComponent</code> class is the superclass of
@ -728,7 +729,7 @@ public class TextComponent extends Component implements Accessible {
SecurityManager sm = System.getSecurityManager();
if (sm == null) return true;
try {
sm.checkSystemClipboardAccess();
sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
return true;
} catch (SecurityException e) {}
return false;

View File

@ -1270,12 +1270,8 @@ public abstract class Toolkit {
* <p>
* Each actual implementation of this method should first check if there
* is a security manager installed. If there is, the method should call
* the security manager's <code>checkSystemClipboardAccess</code> method
* to ensure it's ok to to access the system clipboard. If the default
* implementation of <code>checkSystemClipboardAccess</code> is used (that
* is, that method is not overriden), then this results in a call to the
* security manager's <code>checkPermission</code> method with an <code>
* AWTPermission("accessClipboard")</code> permission.
* the security manager's {@link SecurityManager#checkPermission
* checkPermission} method to check {@code AWTPermission("accessClipboard")}.
*
* @return the system Clipboard
* @exception HeadlessException if GraphicsEnvironment.isHeadless()
@ -1318,14 +1314,9 @@ public abstract class Toolkit {
* system selection <code>Clipboard</code> as described above.
* <p>
* Each actual implementation of this method should first check if there
* is a <code>SecurityManager</code> installed. If there is, the method
* should call the <code>SecurityManager</code>'s
* <code>checkSystemClipboardAccess</code> method to ensure that client
* code has access the system selection. If the default implementation of
* <code>checkSystemClipboardAccess</code> is used (that is, if the method
* is not overridden), then this results in a call to the
* <code>SecurityManager</code>'s <code>checkPermission</code> method with
* an <code>AWTPermission("accessClipboard")</code> permission.
* is a security manager installed. If there is, the method should call
* the security manager's {@link SecurityManager#checkPermission
* checkPermission} method to check {@code AWTPermission("accessClipboard")}.
*
* @return the system selection as a <code>Clipboard</code>, or
* <code>null</code> if the native platform does not support a
@ -1699,25 +1690,20 @@ public abstract class Toolkit {
* therefore not assume that the EventQueue instance returned
* by this method will be shared by other applets or the system.
*
* <p>First, if there is a security manager, its
* <code>checkAwtEventQueueAccess</code>
* method is called.
* If the default implementation of <code>checkAwtEventQueueAccess</code>
* is used (that is, that method is not overriden), then this results in
* a call to the security manager's <code>checkPermission</code> method
* with an <code>AWTPermission("accessEventQueue")</code> permission.
* <p> If there is a security manager then its
* {@link SecurityManager#checkPermission checkPermission} method
* is called to check {@code AWTPermission("accessEventQueue")}.
*
* @return the <code>EventQueue</code> object
* @throws SecurityException
* if a security manager exists and its <code>{@link
* java.lang.SecurityManager#checkAwtEventQueueAccess}</code>
* method denies access to the <code>EventQueue</code>
* if a security manager is set and it denies access to
* the {@code EventQueue}
* @see java.awt.AWTPermission
*/
public final EventQueue getSystemEventQueue() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkAwtEventQueueAccess();
security.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
}
return getSystemEventQueueImpl();
}

View File

@ -195,10 +195,9 @@ public class Window extends Container implements Accessible {
/**
* This represents the warning message that is
* to be displayed in a non secure window. ie :
* a window that has a security manager installed for
* which calling SecurityManager.checkTopLevelWindow()
* is false. This message can be displayed anywhere in
* the window.
* a window that has a security manager installed that denies
* {@code AWTPermission("showWindowWithoutWarningBanner")}.
* This message can be displayed anywhere in the window.
*
* @serial
* @see #getWarningString
@ -417,11 +416,10 @@ public class Window extends Container implements Accessible {
* Constructs a new, initially invisible window in default size with the
* specified {@code GraphicsConfiguration}.
* <p>
* If there is a security manager, this method first calls
* the security manager's {@code checkTopLevelWindow}
* method with {@code this}
* as its argument to determine whether or not the window
* must be displayed with a warning banner.
* If there is a security manager, then it is invoked to check
* {@code AWTPermission("showWindowWithoutWarningBanner")}
* to determine whether or not the window must be displayed with
* a warning banner.
*
* @param gc the {@code GraphicsConfiguration} of the target screen
* device. If {@code gc} is {@code null}, the system default
@ -432,7 +430,6 @@ public class Window extends Container implements Accessible {
* {@code GraphicsEnvironment.isHeadless()} returns {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
* @see java.lang.SecurityManager#checkTopLevelWindow
*/
Window(GraphicsConfiguration gc) {
init(gc);
@ -511,25 +508,16 @@ public class Window extends Container implements Accessible {
/**
* Constructs a new, initially invisible window in the default size.
*
* <p>First, if there is a security manager, its
* {@code checkTopLevelWindow}
* method is called with {@code this}
* as its argument
* to see if it's ok to display the window without a warning banner.
* If the default implementation of {@code checkTopLevelWindow}
* is used (that is, that method is not overriden), then this results in
* a call to the security manager's {@code checkPermission} method
* with an {@code AWTPermission("showWindowWithoutWarningBanner")}
* permission. It that method raises a SecurityException,
* {@code checkTopLevelWindow} returns false, otherwise it
* returns true. If it returns false, a warning banner is created.
* <p>
* If there is a security manager set, it is invoked to check
* {@code AWTPermission("showWindowWithoutWarningBanner")}.
* If that check fails with a {@code SecurityException} then a warning
* banner is created.
*
* @exception HeadlessException when
* {@code GraphicsEnvironment.isHeadless()} returns {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
* @see java.lang.SecurityManager#checkTopLevelWindow
*/
Window() throws HeadlessException {
GraphicsEnvironment.checkHeadless();
@ -541,11 +529,10 @@ public class Window extends Container implements Accessible {
* {@code Frame} as its owner. The window will not be focusable
* unless its owner is showing on the screen.
* <p>
* If there is a security manager, this method first calls
* the security manager's {@code checkTopLevelWindow}
* method with {@code this}
* as its argument to determine whether or not the window
* must be displayed with a warning banner.
* If there is a security manager set, it is invoked to check
* {@code AWTPermission("showWindowWithoutWarningBanner")}.
* If that check fails with a {@code SecurityException} then a warning
* banner is created.
*
* @param owner the {@code Frame} to act as owner or {@code null}
* if this window has no owner
@ -555,7 +542,6 @@ public class Window extends Container implements Accessible {
* {@code GraphicsEnvironment.isHeadless} returns {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
* @see java.lang.SecurityManager#checkTopLevelWindow
* @see #isShowing
*/
public Window(Frame owner) {
@ -570,11 +556,10 @@ public class Window extends Container implements Accessible {
* unless its nearest owning {@code Frame} or {@code Dialog}
* is showing on the screen.
* <p>
* If there is a security manager, this method first calls
* the security manager's {@code checkTopLevelWindow}
* method with {@code this}
* as its argument to determine whether or not the window
* must be displayed with a warning banner.
* If there is a security manager set, it is invoked to check
* {@code AWTPermission("showWindowWithoutWarningBanner")}.
* If that check fails with a {@code SecurityException} then a
* warning banner is created.
*
* @param owner the {@code Window} to act as owner or
* {@code null} if this window has no owner
@ -585,7 +570,6 @@ public class Window extends Container implements Accessible {
* {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
* @see java.lang.SecurityManager#checkTopLevelWindow
* @see #isShowing
*
* @since 1.2
@ -603,11 +587,10 @@ public class Window extends Container implements Accessible {
* its nearest owning {@code Frame} or {@code Dialog}
* is showing on the screen.
* <p>
* If there is a security manager, this method first calls
* the security manager's {@code checkTopLevelWindow}
* method with {@code this}
* as its argument to determine whether or not the window
* must be displayed with a warning banner.
* If there is a security manager set, it is invoked to check
* {@code AWTPermission("showWindowWithoutWarningBanner")}. If that
* check fails with a {@code SecurityException} then a warning banner
* is created.
*
* @param owner the window to act as owner or {@code null}
* if this window has no owner
@ -621,7 +604,6 @@ public class Window extends Container implements Accessible {
* {@code true}
*
* @see java.awt.GraphicsEnvironment#isHeadless
* @see java.lang.SecurityManager#checkTopLevelWindow
* @see GraphicsConfiguration#getBounds
* @see #isShowing
* @since 1.3
@ -1362,10 +1344,9 @@ public class Window extends Container implements Accessible {
* Gets the warning string that is displayed with this window.
* If this window is insecure, the warning string is displayed
* somewhere in the visible area of the window. A window is
* insecure if there is a security manager, and the security
* manager's {@code checkTopLevelWindow} method returns
* {@code false} when this window is passed to it as an
* argument.
* insecure if there is a security manager and the security
* manager denies
* {@code AWTPermission("showWindowWithoutWarningBanner")}.
* <p>
* If the window is secure, then {@code getWarningString}
* returns {@code null}. If the window is insecure, this
@ -1373,7 +1354,6 @@ public class Window extends Container implements Accessible {
* {@code awt.appletWarning}
* and returns the string value of that property.
* @return the warning string for this window.
* @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
*/
public final String getWarningString() {
return warningString;
@ -1383,10 +1363,12 @@ public class Window extends Container implements Accessible {
warningString = null;
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (!sm.checkTopLevelWindow(this)) {
try {
sm.checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION);
} catch (SecurityException se) {
// make sure the privileged action is only
// for getting the property! We don't want the
// above checkTopLevelWindow call to always succeed!
// above checkPermission call to always succeed!
warningString = AccessController.doPrivileged(
new GetPropertyAction("awt.appletWarning",
"Java Applet Window"));

View File

@ -33,6 +33,7 @@ import java.util.Arrays;
import sun.awt.AWTAccessor;
import sun.util.logging.PlatformLogger;
import sun.security.util.SecurityConstants;
/**
* The root event class for all component-level input events.
@ -350,7 +351,7 @@ public abstract class InputEvent extends ComponentEvent {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
try {
sm.checkSystemClipboardAccess();
sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
b = true;
} catch (SecurityException se) {
if (logger.isLoggable(PlatformLogger.Level.FINE)) {

View File

@ -1336,9 +1336,16 @@ class SecurityManager {
* top-level windows; <code>false</code> otherwise.
* @exception NullPointerException if the <code>window</code> argument is
* <code>null</code>.
* @deprecated The dependency on {@code AWTPermission} creates an
* impediment to future modularization of the Java platform.
* Users of this method should instead invoke
* {@link #checkPermission} directly.
* This method will be changed in a future release to check
* the permission {@code java.security.AllPermission}.
* @see java.awt.Window
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated
public boolean checkTopLevelWindow(Object window) {
if (window == null) {
throw new NullPointerException("window can't be null");
@ -1398,8 +1405,15 @@ class SecurityManager {
* @since JDK1.1
* @exception SecurityException if the calling thread does not have
* permission to access the system clipboard.
* @deprecated The dependency on {@code AWTPermission} creates an
* impediment to future modularization of the Java platform.
* Users of this method should instead invoke
* {@link #checkPermission} directly.
* This method will be changed in a future release to check
* the permission {@code java.security.AllPermission}.
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated
public void checkSystemClipboardAccess() {
Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION;
if (perm == null) {
@ -1427,8 +1441,15 @@ class SecurityManager {
* @since JDK1.1
* @exception SecurityException if the calling thread does not have
* permission to access the AWT event queue.
* @deprecated The dependency on {@code AWTPermission} creates an
* impediment to future modularization of the Java platform.
* Users of this method should instead invoke
* {@link #checkPermission} directly.
* This method will be changed in a future release to check
* the permission {@code java.security.AllPermission}.
* @see #checkPermission(java.security.Permission) checkPermission
*/
@Deprecated
public void checkAwtEventQueueAccess() {
Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION;
if (perm == null) {

View File

@ -314,7 +314,7 @@ class AppletSecurity extends AWTSecurityManager {
// If we're about to allow access to the main EventQueue,
// and anything untrusted is on the class context stack,
// disallow access.
super.checkAwtEventQueueAccess();
super.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
}
} // checkAwtEventQueueAccess()

View File

@ -57,6 +57,7 @@ import sun.awt.AppContext;
import sun.awt.SunToolkit;
import sun.awt.datatransfer.DataTransferer;
import sun.awt.datatransfer.ToolkitThreadBlockedHandler;
import sun.security.util.SecurityConstants;
/**
* <p>
@ -225,7 +226,7 @@ public abstract class SunDropTargetContextPeer implements DropTargetContextPeer,
SecurityManager sm = System.getSecurityManager();
try {
if (!dropInProcess && sm != null) {
sm.checkSystemClipboardAccess();
sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
} catch (Exception e) {
Thread currentThread = Thread.currentThread();

View File

@ -1184,7 +1184,7 @@ public class SwingUtilities2 {
canAccess = true;
} else {
try {
sm.checkSystemClipboardAccess();
sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
canAccess = true;
} catch (SecurityException e) {
}

View File

@ -54,6 +54,7 @@ import sun.print.PrintJob2D;
import sun.security.action.GetPropertyAction;
import sun.security.action.GetBooleanAction;
import sun.util.logging.PlatformLogger;
import sun.security.util.SecurityConstants;
public final class XToolkit extends UNIXToolkit implements Runnable {
private static final PlatformLogger log = PlatformLogger.getLogger("sun.awt.X11.XToolkit");
@ -1152,7 +1153,7 @@ public final class XToolkit extends UNIXToolkit implements Runnable {
public Clipboard getSystemClipboard() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSystemClipboardAccess();
security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
synchronized (this) {
if (clipboard == null) {
@ -1165,7 +1166,7 @@ public final class XToolkit extends UNIXToolkit implements Runnable {
public Clipboard getSystemSelection() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSystemClipboardAccess();
security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
synchronized (this) {
if (selection == null) {

View File

@ -64,6 +64,7 @@ import sun.font.FontManagerFactory;
import sun.font.SunFontManager;
import sun.misc.PerformanceLogger;
import sun.util.logging.PlatformLogger;
import sun.security.util.SecurityConstants;
public class WToolkit extends SunToolkit implements Runnable {
@ -681,7 +682,7 @@ public class WToolkit extends SunToolkit implements Runnable {
public Clipboard getSystemClipboard() {
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSystemClipboardAccess();
security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
}
synchronized (this) {
if (clipboard == null) {

View File

@ -0,0 +1,103 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8008981
* @summary Test that selected Toolkit and Window methods/constructors do
* the appropriate permission check
* @run main/othervm Permissions
*/
import java.awt.AWTPermission;
import java.awt.Frame;
import java.awt.GraphicsConfiguration;
import java.awt.Toolkit;
import java.awt.Window;
import java.util.ArrayList;
import java.util.List;
import java.security.Permission;
public class Permissions {
static class MySecurityManager extends SecurityManager {
private List<Permission> permissionsChecked = new ArrayList<>();
static MySecurityManager install() {
MySecurityManager sm = new MySecurityManager();
System.setSecurityManager(sm);
return sm;
}
@Override
public void checkPermission(Permission perm) {
permissionsChecked.add(perm);
}
void prepare(String msg) {
System.out.println(msg);
permissionsChecked.clear();
}
/**
* Checks the security manager's checkPermission method was invoked
* to check the given permission and target name.
*/
void assertChecked(Class<? extends Permission> type, String name) {
for (Permission perm: permissionsChecked) {
if (type.isInstance(perm) && perm.getName().equals(name))
return;
}
throw new RuntimeException(type.getName() + "(\"" + name + "\") not checked");
}
}
public static void main(String[] args) {
MySecurityManager sm = MySecurityManager.install();
Toolkit toolkit = Toolkit.getDefaultToolkit();
sm.prepare("Toolkit.getSystemClipboard()");
toolkit.getSystemClipboard();
sm.assertChecked(AWTPermission.class, "accessClipboard");
sm.prepare("Toolkit.getSystemEventQueue()");
toolkit.getSystemEventQueue();
sm.assertChecked(AWTPermission.class, "accessEventQueue");
sm.prepare("Toolkit.getSystemSelection()");
toolkit.getSystemSelection();
//sm.assertChecked(AWTPermission.class, "accessClipboard");
sm.prepare("Window(Frame)");
new Window((Frame)null);
sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
sm.prepare("Window(Window)");
new Window((Window)null);
sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
sm.prepare("Window(Window,GraphicsConfiguration)");
new Window((Window)null, (GraphicsConfiguration)null);
sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
}
}