stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344221: Remove calls to SecurityManager and and doPrivileged in java.net.IDN, java.net.URL, java.net.URLConnection, sun.net.util.URLUtil, and java.net.URLStreamHandlerProvider after JEP 486 integration

Browse Source 
Reviewed-by: alanb, rriggs
This commit is contained in:
Daniel Fuchs 2024-11-18 15:17:40 +00:00
parent dfddbcaab8
commit d52d136486
5 changed files with 35 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/java.base/share/classes/java/net/IDN.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,8 +26,6 @@ package java.net;
import java.io.InputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import jdk.internal.icu.impl.Punycode;
import jdk.internal.icu.text.StringPrep;
@ -248,14 +246,7 @@ public final class IDN {
StringPrep stringPrep = null;
try {
final String IDN_PROFILE = "/sun/net/idn/uidna.spp";
@SuppressWarnings("removal")
InputStream stream = System.getSecurityManager() != null
? AccessController.doPrivileged(new PrivilegedAction<>() {
public InputStream run() {
return StringPrep.class.getResourceAsStream(IDN_PROFILE);
}})
: StringPrep.class.getResourceAsStream(IDN_PROFILE);
InputStream stream = StringPrep.class.getResourceAsStream(IDN_PROFILE);
stringPrep = new StringPrep(stream);
stream.close();
} catch (IOException e) {

121
src/java.base/share/classes/java/net/URL.java
View File

@ -30,8 +30,6 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.spi.URLStreamHandlerProvider;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.io.InvalidObjectException;
import java.io.ObjectStreamException;
@ -39,8 +37,6 @@ import java.io.ObjectStreamField;
import java.io.ObjectInputStream.GetField;
import java.util.Iterator;
import java.util.Locale;
import java.util.NoSuchElementException;
import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;
import jdk.internal.access.JavaNetURLAccess;
@ -48,8 +44,6 @@ import jdk.internal.access.SharedSecrets;
import jdk.internal.misc.ThreadTracker;
import jdk.internal.misc.VM;
import sun.net.util.IPAddressUtil;
import sun.security.util.SecurityConstants;
import sun.security.action.GetPropertyAction;
/**
* Class {@code URL} represents a Uniform Resource
@ -485,14 +479,6 @@ public final class URL implements java.io.Serializable {
@Deprecated(since = "20")
public URL(String protocol, String host, int port, String file,
URLStreamHandler handler) throws MalformedURLException {
if (handler != null) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// check for permission to specify a handler
checkSpecifyHandler(sm);
}
}
protocol = lowerCaseProtocol(protocol);
this.protocol = protocol;
@ -683,15 +669,6 @@ public final class URL implements java.io.Serializable {
boolean aRef=false;
boolean isRelative = false;
// Check for permission to specify a handler
if (handler != null) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkSpecifyHandler(sm);
}
}
try {
limit = spec.length();
while ((limit > 0) && (spec.charAt(limit - 1) <= ' ')) {
@ -912,13 +889,6 @@ public final class URL implements java.io.Serializable {
return true;
}
/*
* Checks for permission to specify a stream handler.
*/
private void checkSpecifyHandler(@SuppressWarnings("removal") SecurityManager sm) {
sm.checkPermission(SecurityConstants.SPECIFY_HANDLER_PERMISSION);
}
/**
* Sets the specified 8 fields of the URL. This is not a public method so
* that only URLStreamHandlers can modify URL fields. URLs are otherwise
@ -956,9 +926,8 @@ public final class URL implements java.io.Serializable {
/**
* Returns the address of the host represented by this URL.
* A {@link SecurityException} or an {@link UnknownHostException}
* while getting the host address will result in this method returning
* {@code null}
* An {@link UnknownHostException} while getting the host address
* will result in this method returning {@code null}.
*
* @return an {@link InetAddress} representing the host
*/
@ -972,7 +941,7 @@ public final class URL implements java.io.Serializable {
}
try {
hostAddress = InetAddress.getByName(host);
} catch (UnknownHostException | SecurityException ex) {
} catch (UnknownHostException e) {
return null;
}
return hostAddress;
@ -1271,16 +1240,6 @@ public final class URL implements java.io.Serializable {
// Create a copy of Proxy as a security measure
Proxy p = proxy == Proxy.NO_PROXY ? Proxy.NO_PROXY : sun.net.ApplicationProxy.create(proxy);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (p.type() != Proxy.Type.DIRECT && sm != null) {
InetSocketAddress epoint = (InetSocketAddress) p.address();
if (epoint.isUnresolved())
sm.checkConnect(epoint.getHostName(), epoint.getPort());
else
sm.checkConnect(epoint.getAddress().getHostAddress(),
epoint.getPort());
}
return handler.openConnection(this, p);
}
@ -1358,11 +1317,6 @@ public final class URL implements java.io.Serializable {
if (factory != null) {
throw new Error("factory already defined");
}
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSetFactory();
}
handlers.clear();
// safe publication of URLStreamHandlerFactory with volatile write
@ -1398,8 +1352,7 @@ public final class URL implements java.io.Serializable {
}
private static URLStreamHandler lookupViaProperty(String protocol) {
String packagePrefixList =
GetPropertyAction.privilegedGetProperty(protocolPathProp);
String packagePrefixList = System.getProperty(protocolPathProp);
if (packagePrefixList == null || packagePrefixList.isEmpty()) {
// not set
return null;
@ -1435,47 +1388,6 @@ public final class URL implements java.io.Serializable {
return handler;
}
private static Iterator<URLStreamHandlerProvider> providers() {
return new Iterator<>() {
final ClassLoader cl = ClassLoader.getSystemClassLoader();
final ServiceLoader<URLStreamHandlerProvider> sl =
ServiceLoader.load(URLStreamHandlerProvider.class, cl);
final Iterator<URLStreamHandlerProvider> i = sl.iterator();
URLStreamHandlerProvider next = null;
private boolean getNext() {
while (next == null) {
try {
if (!i.hasNext())
return false;
next = i.next();
} catch (ServiceConfigurationError sce) {
if (sce.getCause() instanceof SecurityException) {
// Ignore security exceptions
continue;
}
throw sce;
}
}
return true;
}
public boolean hasNext() {
return getNext();
}
public URLStreamHandlerProvider next() {
if (!getNext())
throw new NoSuchElementException();
URLStreamHandlerProvider n = next;
next = null;
return n;
}
};
}
private static class ThreadTrackHolder {
static final ThreadTracker TRACKER = new ThreadTracker();
}
@ -1488,26 +1400,23 @@ public final class URL implements java.io.Serializable {
ThreadTrackHolder.TRACKER.end(key);
}
@SuppressWarnings("removal")
private static URLStreamHandler lookupViaProviders(final String protocol) {
Object key = tryBeginLookup();
if (key == null) {
throw new Error("Circular loading of URL stream handler providers detected");
}
try {
return AccessController.doPrivileged(
new PrivilegedAction<>() {
public URLStreamHandler run() {
Iterator<URLStreamHandlerProvider> itr = providers();
while (itr.hasNext()) {
URLStreamHandlerProvider f = itr.next();
URLStreamHandler h = f.createURLStreamHandler(protocol);
if (h != null)
return h;
}
return null;
}
});
final ClassLoader cl = ClassLoader.getSystemClassLoader();
final ServiceLoader<URLStreamHandlerProvider> sl =
ServiceLoader.load(URLStreamHandlerProvider.class, cl);
final Iterator<URLStreamHandlerProvider> itr = sl.iterator();
while (itr.hasNext()) {
URLStreamHandlerProvider f = itr.next();
URLStreamHandler h = f.createURLStreamHandler(protocol);
if (h != null)
return h;
}
return null;
} finally {
endLookup(key);
}

55
src/java.base/share/classes/java/net/URLConnection.java
View File

@ -28,7 +28,6 @@ package java.net;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.Date;
@ -42,10 +41,8 @@ import java.util.Locale;
import java.util.Map;
import java.util.List;
import java.security.Permission;
import java.security.AccessController;
import sun.security.util.SecurityConstants;
import sun.net.www.MessageHeader;
import sun.security.action.GetPropertyAction;
/**
* The abstract class {@code URLConnection} is the superclass
@ -328,9 +325,6 @@ public abstract class URLConnection {
* @since 1.2
*/
public static void setFileNameMap(FileNameMap map) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkSetFactory();
fileNameMap = map;
}
@ -1285,11 +1279,6 @@ public abstract class URLConnection {
if (factory != null) {
throw new Error("factory already defined");
}
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSetFactory();
}
factory = fac;
}
@ -1401,35 +1390,22 @@ public abstract class URLConnection {
@SuppressWarnings("removal")
private ContentHandler lookupContentHandlerViaProvider(String contentType) {
return AccessController.doPrivileged(
new PrivilegedAction<>() {
@Override
public ContentHandler run() {
ClassLoader cl = ClassLoader.getSystemClassLoader();
ServiceLoader<ContentHandlerFactory> sl =
ServiceLoader.load(ContentHandlerFactory.class, cl);
Iterator<ContentHandlerFactory> iterator = sl.iterator();
ClassLoader cl = ClassLoader.getSystemClassLoader();
ServiceLoader<ContentHandlerFactory> sl =
ServiceLoader.load(ContentHandlerFactory.class, cl);
ContentHandler handler = null;
while (iterator.hasNext()) {
ContentHandlerFactory f;
try {
f = iterator.next();
} catch (ServiceConfigurationError e) {
if (e.getCause() instanceof SecurityException) {
continue;
}
throw e;
}
handler = f.createContentHandler(contentType);
if (handler != null) {
break;
}
}
return handler;
}
});
Iterator<ContentHandlerFactory> iterator = sl.iterator();
ContentHandler handler = null;
while (iterator.hasNext()) {
ContentHandlerFactory f = iterator.next();
handler = f.createContentHandler(contentType);
if (handler != null) {
break;
}
}
return handler;
}
/**
@ -1465,8 +1441,7 @@ public abstract class URLConnection {
* is always the last one on the returned package list.
*/
private String getContentHandlerPkgPrefixes() {
String packagePrefixList =
GetPropertyAction.privilegedGetProperty(contentPathProp, "");
String packagePrefixList = System.getProperty(contentPathProp, "");
if (packagePrefixList != "") {
packagePrefixList += "|";

10
src/java.base/share/classes/java/net/spi/URLStreamHandlerProvider.java
View File

@ -49,19 +49,9 @@ import java.net.URLStreamHandlerFactory;
public abstract class URLStreamHandlerProvider
implements URLStreamHandlerFactory
{
private static Void checkPermission() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new RuntimePermission("setFactory"));
return null;
}
private URLStreamHandlerProvider(Void ignore) { }
/**
* Initializes a new URL stream handler provider.
*/
protected URLStreamHandlerProvider() {
this(checkPermission());
}
}

6
src/java.base/share/classes/sun/net/util/URLUtil.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -38,12 +38,12 @@ public class URLUtil {
/**
* Returns a string form of the url suitable for use as a key in HashMap/Sets.
*
* The string form should be behave in the same manner as the URL when
* The string form should behave in the same manner as the URL when
* compared for equality in a HashMap/Set, except that no nameservice
* lookup is done on the hostname (only string comparison), and the fragment
* is not considered.
*
* @see java.net.URLStreamHandler.sameFile(java.net.URL)
* @see java.net.URL#sameFile(java.net.URL)
*/
public static String urlNoFragString(URL url) {
StringBuilder strForm = new StringBuilder();