Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8200185

Remove terminally deprecated SecurityManager APIs

    XMLWordPrintable

Details

    • CSR
    • Resolution: Approved
    • P3
    • 11
    • security-libs
    • None
    • source, binary
    • low
    • Hide
      I have evaluated usages from a large number of Maven projects. There are 13 projects that include custom SecurityManagers which override one or more of these methods. 8 of these use the @Override annotation or invoke the method directly or using super. Most of these overrides are simple: they either delegate to the installed SM or pass/fail by default, so they should be able to remove the overrides with minimal side-effects. There are also a couple of projects that still call checkSystemClipboardAccess but that can be easily replaced with checkPermission(AWTPermission("accessClipboard")).

      So, overall, I believe the risk is fairly low.
      Show
      I have evaluated usages from a large number of Maven projects. There are 13 projects that include custom SecurityManagers which override one or more of these methods. 8 of these use the @Override annotation or invoke the method directly or using super. Most of these overrides are simple: they either delegate to the installed SM or pass/fail by default, so they should be able to remove the overrides with minimal side-effects. There are also a couple of projects that still call checkSystemClipboardAccess but that can be easily replaced with checkPermission(AWTPermission("accessClipboard")). So, overall, I believe the risk is fairly low.
    • Java API
    • SE

    Description

      Summary

      Remove the terminally deprecated java.lang.SecurityManager methods that have been marked for removal since Java SE 9: checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess, and checkMemberAccess.

      Problem

      In Java SE 9, these methods were marked for removal as part of JDK-8145468. Also in Java SE 9, the first three methods were re-specified to check AllPermission by JDK-8029886, and in Java SE 10 checkMemberAccess was changed to check AllPermission by JDK-8186535. These methods no longer have any benefit, and removing them will follow through on the the plan to remove them.

      Solution

      Remove the following deprecated java.lang.SecurityManager methods that have been marked with forRemoval=true since JDK 9: checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess, and checkMemberAccess.

      Specification

      See the attached specdiff 8193032-specdiff.00.zip.

      Attachments

        Issue Links

          csr of

          Sub-task - The sub-task of the issue JDK-8193032 Remove terminally deprecated SecurityManager APIs

          • P3 - Major loss of function.
          • Resolved

          Activity

            People

              mullan Sean Mullan
              smarks Stuart Marks
              Alan Bateman, Mandy Chung
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: