Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8189750

Remove deprecated pre-1.2 SecurityManager methods and fields

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P2 P2
    • 10
    • security-libs
    • None
    • source, binary, behavioral
    • low
    • Java API
    • SE

      Summary

      Remove the deprecated pre-JDK 1.2 java.lang.SecurityManager methods and fields that have been marked for removal in Java SE 9.

      Problem

      These methods and fields are only for use in SecurityManager implementations prior to JDK 1.2. It is no longer necessary to retain support for pre-JDK 1.2 SecurityManager implementations. Removing these methods will clean up the SecurityManager class and eliminate the potential for them to be used incorrectly or insecurely.

      Solution

      Remove the following deprecated java.lang.SecurityManager methods and fields that have been marked with forRemoval=true in JDK 9: the inCheck field, and the classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getInCheck, inClass, and inClassLoader methods.

      Also, change the checkMemberAccess method to throw SecurityException if the caller has not been granted AllPermission as this method is error-prone and users should instead invoke checkPermission directly. The checkMemberAccess method was deprecated in JDK 8 and marked for removal in 9, but we feel it is too early to remove it. Changing the behavior as noted eliminates the risk that it will be used incorrectly (and unsafely).

      Specification

      See 8186535-webrev.zip attachment.

            mullan Sean Mullan
            mullan Sean Mullan
            Alan Bateman
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: