Summary

Remove the deprecated pre-JDK 1.2 java.lang.SecurityManager methods and fields that have been marked for removal in Java SE 9.

Problem

These methods and fields are only for use in SecurityManager implementations prior to JDK 1.2. It is no longer necessary to retain support for pre-JDK 1.2 SecurityManager implementations. Removing these methods will clean up the SecurityManager class and eliminate the potential for them to be used incorrectly or insecurely.

Solution

Remove the following deprecated java.lang.SecurityManager methods and fields that have been marked with forRemoval=true in JDK 9: the inCheck field, and the classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, getInCheck, inClass, and inClassLoader methods.

Also, change the checkMemberAccess method to throw SecurityException if the caller has not been granted AllPermission as this method is error-prone and users should instead invoke checkPermission directly. The checkMemberAccess method was deprecated in JDK 8 and marked for removal in 9, but we feel it is too early to remove it. Changing the behavior as noted eliminates the risk that it will be used incorrectly (and unsafely).

Specification

See 8186535-webrev.zip attachment.