This is an automated email from the ASF dual-hosted git repository. paulk pushed a commit to branch GROOVY_4_0_X in repository https://gitbox.apache.org/repos/asf/groovy.git
commit acc9f4a69e68e8ce37e18d3da789d5d464612bf5 Author: Paul King <[email protected]> AuthorDate: Mon Apr 18 17:08:44 2022 +1000 GROOVY-10586: Revert doPrivileged in VMPlugin approach to JEP-411 (cont'd) --- src/main/java/groovy/grape/Grape.java | 10 ++--- src/main/java/groovy/lang/GroovyClassLoader.java | 41 +++++++++++++------- src/main/java/groovy/lang/GroovyCodeSource.java | 8 +++- src/main/java/groovy/lang/GroovyShell.java | 25 ++++++++---- src/main/java/groovy/lang/MetaClassImpl.java | 10 +++-- src/main/java/groovy/ui/GroovyMain.java | 8 +++- src/main/java/groovy/util/GroovyScriptEngine.java | 22 ++++++----- .../internal/util/ReevaluatingReference.java | 8 +++- .../codehaus/groovy/control/ProcessingUnit.java | 9 +++-- .../org/codehaus/groovy/control/SourceUnit.java | 8 +++- .../codehaus/groovy/reflection/CachedClass.java | 14 ++++--- .../org/codehaus/groovy/reflection/ClassInfo.java | 4 +- .../reflection/ClassLoaderForClassArtifacts.java | 20 ++++++---- .../groovy/reflection/ReflectionUtils.java | 4 +- .../codehaus/groovy/reflection/SunClassLoader.java | 10 ++++- .../reflection/stdclasses/CachedSAMClass.java | 3 +- .../groovy/runtime/DefaultGroovyMethods.java | 14 ++++--- .../groovy/runtime/ProxyGeneratorAdapter.java | 5 +-- .../groovy/runtime/callsite/CallSiteArray.java | 9 +++-- .../runtime/callsite/GroovySunClassLoader.java | 8 +++- .../org/codehaus/groovy/tools/GroovyStarter.java | 9 +++-- .../groovy/tools/javac/JavacJavaCompiler.java | 10 +++-- .../codehaus/groovy/vmplugin/VMPluginFactory.java | 8 +++- .../org/codehaus/groovy/vmplugin/v8/Java8.java | 12 ++++-- src/test/groovy/security/SecurityTest.java | 8 +++- src/test/groovy/security/SecurityTestSupport.java | 36 ++++++++++-------- .../codehaus/groovy/reflection/SecurityTest.java | 20 +++++++++- .../org/codehaus/groovy/classgen/TestSupport.java | 24 ++++++++---- .../codehaus/groovy/ant/CompileTaskSupport.java | 7 ++-- .../main/java/org/codehaus/groovy/ant/Groovy.java | 7 ++-- .../main/java/org/codehaus/groovy/ant/Groovyc.java | 7 ++-- .../org/codehaus/groovy/ant/RootLoaderRef.java | 7 +++- .../main/groovy/groovy/console/ui/Console.groovy | 5 ++- .../groovy/jsr223/GroovyScriptEngineImpl.java | 10 +++-- .../groovy-sql/src/main/java/groovy/sql/Sql.java | 44 ++++++++++++---------- .../swing/binding/ClosureTriggerBinding.java | 14 +++++-- .../groovy/groovy/text/GStringTemplateEngine.java | 3 +- .../groovy/text/StreamingTemplateEngine.java | 3 +- .../groovy/text/markup/MarkupTemplateEngine.java | 12 ++++-- .../src/main/java/groovy/test/AllTestSuite.java | 5 ++- .../src/main/java/groovy/test/GroovyTestSuite.java | 5 +-- .../src/main/java/groovy/xml/FactorySupport.java | 11 ++---- 42 files changed, 325 insertions(+), 182 deletions(-) diff --git a/src/main/java/groovy/grape/Grape.java b/src/main/java/groovy/grape/Grape.java index a8dcc88a58..78e346ba43 100644 --- a/src/main/java/groovy/grape/Grape.java +++ b/src/main/java/groovy/grape/Grape.java @@ -20,7 +20,6 @@ package groovy.grape; import java.lang.reflect.InvocationTargetException; import java.net.URI; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Collections; import java.util.List; @@ -155,13 +154,14 @@ public class Grape { } } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action public static void grab(final Map<String, Object> args, final Map... dependencies) { if (enableGrapes) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { + java.security.AccessController.doPrivileged(new PrivilegedAction<Void>() { @Override public Void run() { - GrapeEngine instance = getInstance(); - if (instance != null) { + GrapeEngine instance1 = getInstance(); + if (instance1 != null) { if (!args.containsKey(AUTO_DOWNLOAD_SETTING)) { args.put(AUTO_DOWNLOAD_SETTING, enableAutoDownload); } @@ -171,7 +171,7 @@ public class Grape { if (!args.containsKey(GrapeEngine.CALLEE_DEPTH)) { args.put(GrapeEngine.CALLEE_DEPTH, GrapeEngine.DEFAULT_CALLEE_DEPTH + 2); } - instance.grab(args, dependencies); + instance1.grab(args, dependencies); } return null; } diff --git a/src/main/java/groovy/lang/GroovyClassLoader.java b/src/main/java/groovy/lang/GroovyClassLoader.java index 9053b63c86..cb5e5bde92 100644 --- a/src/main/java/groovy/lang/GroovyClassLoader.java +++ b/src/main/java/groovy/lang/GroovyClassLoader.java @@ -66,7 +66,6 @@ import java.net.URL; import java.net.URLClassLoader; import java.net.URLConnection; import java.net.URLDecoder; -import java.security.AccessController; import java.security.CodeSource; import java.security.NoSuchAlgorithmException; import java.security.Permission; @@ -110,8 +109,9 @@ public class GroovyClassLoader extends URLClassLoader { private GroovyResourceLoader resourceLoader = new GroovyResourceLoader() { @Override + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action public URL loadGroovySource(final String filename) throws MalformedURLException { - return AccessController.doPrivileged((PrivilegedAction<URL>) () -> { + return java.security.AccessController.doPrivileged((PrivilegedAction<URL>) () -> { for (String extension : config.getScriptExtensions()) { try { URL ret = getSourceFile(filename, extension); @@ -253,11 +253,16 @@ public class GroovyClassLoader extends URLClassLoader { * @return the main class defined in the given script */ public Class parseClass(final String text, final String fileName) throws CompilationFailedException { - GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, fileName, "/groovy/script")); + GroovyCodeSource gcs = createCodeSource((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, fileName, "/groovy/script")); gcs.setCachable(false); return parseClass(gcs); } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private GroovyCodeSource createCodeSource(PrivilegedAction<GroovyCodeSource> action) { + return java.security.AccessController.doPrivileged(action); + } + /** * Parses the given text into a Java class capable of being run * @@ -278,7 +283,7 @@ public class GroovyClassLoader extends URLClassLoader { } public Class parseClass(final Reader reader, final String fileName) throws CompilationFailedException { - GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> { + GroovyCodeSource gcs = createCodeSource((PrivilegedAction<GroovyCodeSource>) () -> { try { String scriptText = IOGroovyMethods.getText(reader); return new GroovyCodeSource(scriptText, fileName, "/groovy/script"); @@ -426,12 +431,7 @@ public class GroovyClassLoader extends URLClassLoader { perms = new Permissions(); } - ProtectionDomain myDomain = AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() { - @Override - public ProtectionDomain run() { - return getClass().getProtectionDomain(); - } - }); + ProtectionDomain myDomain = getProtectionDomain(); PermissionCollection myPerms = myDomain.getPermissions(); if (myPerms != null) { for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements();) { @@ -446,6 +446,16 @@ public class GroovyClassLoader extends URLClassLoader { return perms; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private ProtectionDomain getProtectionDomain() { + return java.security.AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() { + @Override + public ProtectionDomain run() { + return getClass().getProtectionDomain(); + } + }); + } + public static class InnerLoader extends GroovyClassLoader { private final GroovyClassLoader delegate; private final long timeStamp; @@ -644,8 +654,12 @@ public class GroovyClassLoader extends URLClassLoader { * @return the ClassCollector */ protected ClassCollector createCollector(CompilationUnit unit, SourceUnit su) { - InnerLoader loader = AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(GroovyClassLoader.this)); - return new ClassCollector(loader, unit, su); + return new ClassCollector(createLoader(), unit, su); + } + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private InnerLoader createLoader() { + return java.security.AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(GroovyClassLoader.this)); } public static class ClassCollector implements CompilationUnit.ClassgenCallback { @@ -1083,8 +1097,9 @@ public class GroovyClassLoader extends URLClassLoader { * @param path is a jar file or a directory. * @see #addURL(URL) */ + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action public void addClasspath(final String path) { - AccessController.doPrivileged((PrivilegedAction<Void>) () -> { + java.security.AccessController.doPrivileged((PrivilegedAction<Void>) () -> { URI newURI; try { diff --git a/src/main/java/groovy/lang/GroovyCodeSource.java b/src/main/java/groovy/lang/GroovyCodeSource.java index 2ca2a8edc0..063227251a 100644 --- a/src/main/java/groovy/lang/GroovyCodeSource.java +++ b/src/main/java/groovy/lang/GroovyCodeSource.java @@ -31,7 +31,6 @@ import java.net.MalformedURLException; import java.net.URI; import java.net.URL; import java.net.URLConnection; -import java.security.AccessController; import java.security.CodeSource; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -123,7 +122,7 @@ public class GroovyCodeSource { //The calls below require access to user.dir - allow here since getName() and getCodeSource() are //package private and used only by the GroovyClassLoader. try { - Object[] info = AccessController.doPrivileged((PrivilegedExceptionAction<Object[]>) () -> { + Object[] info = doPrivileged((PrivilegedExceptionAction<Object[]>) () -> { // retrieve the content of the file using the provided encoding if (encoding != null) { scriptText = ResourceGroovyMethods.getText(infile, encoding); @@ -150,6 +149,11 @@ public class GroovyCodeSource { } } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException { + return java.security.AccessController.doPrivileged(action); + } + /** * @param infile the file to create a GroovyCodeSource for. * @throws IOException if an issue arises opening and reading the file. diff --git a/src/main/java/groovy/lang/GroovyShell.java b/src/main/java/groovy/lang/GroovyShell.java index 82ab601a9f..6630356cc6 100644 --- a/src/main/java/groovy/lang/GroovyShell.java +++ b/src/main/java/groovy/lang/GroovyShell.java @@ -33,7 +33,6 @@ import java.io.Reader; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.net.URI; -import java.security.AccessController; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -100,12 +99,22 @@ public class GroovyShell extends GroovyObjectSupport { && ((GroovyClassLoader) parentLoader).hasCompatibleConfiguration(config)) { this.loader = (GroovyClassLoader) parentLoader; } else { - this.loader = AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader,config)); + this.loader = doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader, config)); } this.context = binding; this.config = config; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException { + return java.security.AccessController.doPrivileged(action); + } + public void resetLoadedClasses() { loader.clearCache(); } @@ -203,13 +212,13 @@ public class GroovyShell extends GroovyObjectSupport { } } - AccessController.doPrivileged(new DoSetContext(loader)); + doPrivileged(new DoSetContext(loader)); // Parse the script, generate the class, and invoke the main method. This is a little looser than // if you are compiling the script because the JVM isn't executing the main method. Class scriptClass; try { - scriptClass = AccessController.doPrivileged((PrivilegedExceptionAction<Class>) () -> loader.parseClass(scriptFile)); + scriptClass = doPrivileged((PrivilegedExceptionAction<Class>) () -> loader.parseClass(scriptFile)); } catch (PrivilegedActionException pae) { Exception e = pae.getException(); if (e instanceof CompilationFailedException) { @@ -340,7 +349,7 @@ public class GroovyShell extends GroovyObjectSupport { * @param args the command line arguments to pass in */ public Object run(final String scriptText, final String fileName, String[] args) throws CompilationFailedException { - GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE)); + GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE)); return run(gcs, args); } @@ -404,7 +413,7 @@ public class GroovyShell extends GroovyObjectSupport { * @param args the command line arguments to pass in */ public Object run(final Reader in, final String fileName, String[] args) throws CompilationFailedException { - GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(in, fileName, DEFAULT_CODE_BASE)); + GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(in, fileName, DEFAULT_CODE_BASE)); Class scriptClass = parseClass(gcs); return runScriptOrMainOrTestOrRunnable(scriptClass, args); } @@ -462,7 +471,7 @@ public class GroovyShell extends GroovyObjectSupport { sm.checkPermission(new GroovyCodeSourcePermission(codeBase)); } - GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, codeBase)); + GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, codeBase)); return evaluate(gcs); } @@ -607,7 +616,7 @@ public class GroovyShell extends GroovyObjectSupport { } public Script parse(final String scriptText, final String fileName, Binding binding) throws CompilationFailedException { - GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE)); + GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE)); return parse(gcs, binding); } diff --git a/src/main/java/groovy/lang/MetaClassImpl.java b/src/main/java/groovy/lang/MetaClassImpl.java index d69548268b..97de3f7c23 100644 --- a/src/main/java/groovy/lang/MetaClassImpl.java +++ b/src/main/java/groovy/lang/MetaClassImpl.java @@ -98,7 +98,6 @@ import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; import java.net.URL; -import java.security.AccessController; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.ArrayList; @@ -3498,9 +3497,9 @@ public class MetaClassImpl implements MetaClass, MutableMetaClass { // introspect try { if (isBeanDerivative(theClass)) { - info = (BeanInfo) AccessController.doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass, Introspector.IGNORE_ALL_BEANINFO)); + info = (BeanInfo) doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass, Introspector.IGNORE_ALL_BEANINFO)); } else { - info = (BeanInfo) AccessController.doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass)); + info = (BeanInfo) doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass)); } } catch (PrivilegedActionException pae) { throw new GroovyRuntimeException("exception during bean introspection", pae.getException()); @@ -3530,6 +3529,11 @@ public class MetaClassImpl implements MetaClass, MutableMetaClass { } } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private Object doPrivileged(PrivilegedExceptionAction action) throws PrivilegedActionException { + return java.security.AccessController.doPrivileged(action); + } + private static boolean isBeanDerivative(Class theClass) { Class next = theClass; while (next != null) { diff --git a/src/main/java/groovy/ui/GroovyMain.java b/src/main/java/groovy/ui/GroovyMain.java index 10cd8b0ab6..11ae848b0e 100644 --- a/src/main/java/groovy/ui/GroovyMain.java +++ b/src/main/java/groovy/ui/GroovyMain.java @@ -54,7 +54,6 @@ import java.math.BigInteger; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.LinkedHashMap; @@ -527,7 +526,12 @@ public class GroovyMain { } } - AccessController.doPrivileged(new DoSetContext(shell.getClassLoader())); + doPrivileged(new DoSetContext(shell.getClassLoader())); + } + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); } /** diff --git a/src/main/java/groovy/util/GroovyScriptEngine.java b/src/main/java/groovy/util/GroovyScriptEngine.java index f4bbd58f84..1a4c367ba4 100644 --- a/src/main/java/groovy/util/GroovyScriptEngine.java +++ b/src/main/java/groovy/util/GroovyScriptEngine.java @@ -47,7 +47,6 @@ import java.lang.ref.WeakReference; import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; -import java.security.AccessController; import java.security.CodeSource; import java.security.PrivilegedAction; import java.util.HashMap; @@ -61,23 +60,23 @@ import java.util.concurrent.ConcurrentHashMap; * with dependent scripts. */ public class GroovyScriptEngine implements ResourceConnector { - private static final ClassLoader CL_STUB = AccessController.doPrivileged((PrivilegedAction<ClassLoader>) () -> new ClassLoader() {}); + private static final ClassLoader CL_STUB = doPrivileged((PrivilegedAction<ClassLoader>) () -> new ClassLoader() {}); private static final URL[] EMPTY_URL_ARRAY = new URL[0]; private static class LocalData { CompilationUnit cu; final StringSetMap dependencyCache = new StringSetMap(); - final Map<String, String> precompiledEntries = new HashMap<String, String>(); + final Map<String, String> precompiledEntries = new HashMap<>(); } - private static WeakReference<ThreadLocal<LocalData>> localData = new WeakReference<ThreadLocal<LocalData>>(null); + private static WeakReference<ThreadLocal<LocalData>> localData = new WeakReference<>(null); private static synchronized ThreadLocal<LocalData> getLocalData() { ThreadLocal<LocalData> local = localData.get(); if (local != null) return local; - local = new ThreadLocal<LocalData>(); - localData = new WeakReference<ThreadLocal<LocalData>>(local); + local = new ThreadLocal<>(); + localData = new WeakReference<>(local); return local; } @@ -261,7 +260,7 @@ public class GroovyScriptEngine implements ResourceConnector { StringSetMap cache = localData.dependencyCache; cache.makeTransitiveHull(); long time = getCurrentTime(); - Set<String> entryNames = new HashSet<String>(); + Set<String> entryNames = new HashSet<>(); for (Map.Entry<String, Set<String>> entry : cache.entrySet()) { String className = entry.getKey(); Class clazz = getClassCacheEntry(className); @@ -297,7 +296,7 @@ public class GroovyScriptEngine implements ResourceConnector { } private Set<String> convertToPaths(Set<String> orig, Map<String, String> precompiledEntries) { - Set<String> ret = new HashSet<String>(); + Set<String> ret = new HashSet<>(); for (String className : orig) { Class clazz = getClassCacheEntry(className); if (clazz == null) continue; @@ -339,7 +338,7 @@ public class GroovyScriptEngine implements ResourceConnector { */ private GroovyClassLoader initGroovyLoader() { GroovyClassLoader groovyClassLoader = - AccessController.doPrivileged((PrivilegedAction<ScriptClassLoader>) () -> { + doPrivileged((PrivilegedAction<ScriptClassLoader>) () -> { if (parentLoader instanceof GroovyClassLoader) { return new ScriptClassLoader((GroovyClassLoader) parentLoader); } else { @@ -350,6 +349,11 @@ public class GroovyScriptEngine implements ResourceConnector { return groovyClassLoader; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + /** * Get a resource connection as a <code>URLConnection</code> to retrieve a script * from the <code>ResourceConnector</code>. diff --git a/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java b/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java index 255e97bf40..91e476cfef 100644 --- a/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java +++ b/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java @@ -27,7 +27,6 @@ import java.lang.invoke.MethodHandles; import java.lang.invoke.MethodType; import java.lang.invoke.SwitchPoint; import java.lang.ref.WeakReference; -import java.security.AccessController; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -41,7 +40,7 @@ public class ReevaluatingReference<T> { static { try { //TODO Jochen: move the findSpecial to a central place together with others to easy security configuration - FALLBACK_HANDLE = AccessController.doPrivileged((PrivilegedExceptionAction<MethodHandle>) () -> MethodHandles.lookup().findSpecial( + FALLBACK_HANDLE = doPrivileged((PrivilegedExceptionAction<MethodHandle>) () -> MethodHandles.lookup().findSpecial( ReevaluatingReference.class, "replacePayLoad", MethodType.methodType(Object.class), ReevaluatingReference.class)); @@ -50,6 +49,11 @@ public class ReevaluatingReference<T> { } } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException { + return java.security.AccessController.doPrivileged(action); + } + private final Supplier<T> valueSupplier; private final Function<T, SwitchPoint> validationSupplier; private final WeakReference<Class<T>> clazzRef; diff --git a/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java b/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java index 0b12ebf75e..8aca4f8197 100644 --- a/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java +++ b/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java @@ -20,7 +20,6 @@ package org.codehaus.groovy.control; import groovy.lang.GroovyClassLoader; -import java.security.AccessController; import java.security.PrivilegedAction; import static java.util.Objects.requireNonNull; @@ -100,13 +99,17 @@ public abstract class ProcessingUnit { public void setClassLoader(final GroovyClassLoader loader) { // ClassLoaders should only be created inside a doPrivileged block in case // this method is invoked by code that does not have security permissions. - this.classLoader = loader != null ? loader : AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> { + this.classLoader = loader != null ? loader : createClassLoader(); + } + + @SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action + private GroovyClassLoader createClassLoader() { + return java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> { ClassLoader parent = Thread.currentThread().getContextClassLoader(); if (parent == null) parent = ProcessingUnit.class.getClassLoader(); return new GroovyClassLoader(parent, getConfiguration()); }); } - /** * Errors found during the compilation should be reported through the ErrorCollector. */ diff --git a/src/main/java/org/codehaus/groovy/control/SourceUnit.java b/src/main/java/org/codehaus/groovy/control/SourceUnit.java index 703a803043..2fc4460d17 100644 --- a/src/main/java/org/codehaus/groovy/control/SourceUnit.java +++ b/src/main/java/org/codehaus/groovy/control/SourceUnit.java @@ -37,7 +37,6 @@ import java.io.File; import java.io.IOException; import java.io.Reader; import java.net.URL; -import java.security.AccessController; import java.security.PrivilegedAction; /** @@ -237,11 +236,16 @@ public class SourceUnit extends ProcessingUnit { buildAST(); - if ("xml".equals(AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("groovy.ast")))) { + if ("xml".equals(getProperty("groovy.ast"))) { XStreamUtils.serialize(name, ast); } } + @SuppressWarnings("removal") // TODO a future Groovy version should get the property not as a privileged action + private String getProperty(String key) { + return java.security.AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty(key)); + } + /** * Builds the AST. */ diff --git a/src/main/java/org/codehaus/groovy/reflection/CachedClass.java b/src/main/java/org/codehaus/groovy/reflection/CachedClass.java index 866692de48..61cdc32092 100644 --- a/src/main/java/org/codehaus/groovy/reflection/CachedClass.java +++ b/src/main/java/org/codehaus/groovy/reflection/CachedClass.java @@ -31,7 +31,6 @@ import org.codehaus.groovy.util.FastArray; import org.codehaus.groovy.util.LazyReference; import org.codehaus.groovy.util.ReferenceBundle; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; @@ -57,7 +56,7 @@ public class CachedClass { PrivilegedAction<CachedField[]> action = () -> Arrays.stream(getTheClass().getDeclaredFields()) .filter(f -> ReflectionUtils.checkCanSetAccessible(f, CachedClass.class)) .map(CachedField::new).toArray(CachedField[]::new); - return AccessController.doPrivileged(action); + return doPrivileged(action); } }; @@ -71,7 +70,7 @@ public class CachedClass { .filter(c -> ReflectionUtils.checkCanSetAccessible(c, CachedClass.class)) .map(c -> new CachedConstructor(CachedClass.this, c)) .toArray(CachedConstructor[]::new); - return AccessController.doPrivileged(action); + return doPrivileged(action); } }; @@ -91,7 +90,7 @@ public class CachedClass { return CachedMethod.EMPTY_ARRAY; } }; - CachedMethod[] declaredMethods = AccessController.doPrivileged(action); + CachedMethod[] declaredMethods = doPrivileged(action); List<CachedMethod> methods = new ArrayList<>(declaredMethods.length); List<CachedMethod> mopMethods = new ArrayList<>(declaredMethods.length); @@ -134,12 +133,17 @@ public class CachedClass { } }; + @SuppressWarnings("removal") // TODO a future Groovy version should perform the action not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + private final LazyReference<CallSiteClassLoader> callSiteClassLoader = new LazyReference<CallSiteClassLoader>(softBundle) { private static final long serialVersionUID = 4410385968428074090L; @Override public CallSiteClassLoader initValue() { - return AccessController.doPrivileged((PrivilegedAction<CallSiteClassLoader>) () -> new CallSiteClassLoader(CachedClass.this.cachedClass)); + return doPrivileged((PrivilegedAction<CallSiteClassLoader>) () -> new CallSiteClassLoader(CachedClass.this.cachedClass)); } }; diff --git a/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java b/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java index b4b4f6d238..f01cb3bcd7 100644 --- a/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java +++ b/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java @@ -54,7 +54,6 @@ import org.codehaus.groovy.vmplugin.VMPluginFactory; import java.lang.ref.WeakReference; import java.math.BigDecimal; import java.math.BigInteger; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Collection; import java.util.Iterator; @@ -449,8 +448,9 @@ public class ClassInfo implements Finalizable { } @Override + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action public ClassLoaderForClassArtifacts initValue() { - return AccessController.doPrivileged((PrivilegedAction<ClassLoaderForClassArtifacts>) () -> new ClassLoaderForClassArtifacts(info.classRef.get())); + return java.security.AccessController.doPrivileged((PrivilegedAction<ClassLoaderForClassArtifacts>) () -> new ClassLoaderForClassArtifacts(info.classRef.get())); } } diff --git a/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java b/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java index 4995c58ea2..1fe20f193b 100644 --- a/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java +++ b/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java @@ -26,7 +26,6 @@ import org.codehaus.groovy.runtime.callsite.GroovySunClassLoader; import java.lang.ref.SoftReference; import java.lang.reflect.Constructor; import java.lang.reflect.Method; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.concurrent.atomic.AtomicInteger; @@ -36,10 +35,10 @@ public class ClassLoaderForClassArtifacts extends ClassLoader { public ClassLoaderForClassArtifacts(Class klazz) { super(klazz.getClassLoader()); - this.klazz = new SoftReference<Class> (klazz); + this.klazz = new SoftReference<>(klazz); } - public Class define (String name, byte [] bytes) { + public Class define(String name, byte[] bytes) { Class cls = defineClass(name, bytes, 0, bytes.length, klazz.get().getProtectionDomain()); resolveClass(cls); return cls; @@ -49,12 +48,12 @@ public class ClassLoaderForClassArtifacts extends ClassLoader { public Class loadClass(String name) throws ClassNotFoundException { Class cls = findLoadedClass(name); if (cls != null) - return cls; + return cls; if (GroovySunClassLoader.sunVM != null) { cls = GroovySunClassLoader.sunVM.doesKnow(name); if (cls != null) - return cls; + return cls; } return super.loadClass(name); @@ -68,15 +67,15 @@ public class ClassLoaderForClassArtifacts extends ClassLoader { final String name; final String clsName = klazz.get().getName(); if (clsName.startsWith("java.")) - name = clsName.replace('.','_') + "$" + methodName; + name = clsName.replace('.', '_') + "$" + methodName; else name = clsName + "$" + methodName; int suffix = classNamesCounter.getAndIncrement(); - return suffix == -1? name : name + "$" + suffix; + return suffix == -1 ? name : name + "$" + suffix; } public Constructor defineClassAndGetConstructor(final String name, final byte[] bytes) { - final Class cls = AccessController.doPrivileged((PrivilegedAction<Class>) () -> define(name, bytes)); + final Class cls = definePrivileged(name, bytes); if (cls != null) { try { @@ -86,4 +85,9 @@ public class ClassLoaderForClassArtifacts extends ClassLoader { } return null; } + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private Class definePrivileged(String name, byte[] bytes) { + return java.security.AccessController.doPrivileged((PrivilegedAction<Class>) () -> define(name, bytes)); + } } diff --git a/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java b/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java index f14a2aca65..dc390437d4 100644 --- a/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java +++ b/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java @@ -28,7 +28,6 @@ import java.lang.invoke.MethodType; import java.lang.reflect.AccessibleObject; import java.lang.reflect.Array; import java.lang.reflect.Method; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collection; @@ -206,8 +205,9 @@ public class ReflectionUtils { return false; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action public static Optional<AccessibleObject> makeAccessibleInPrivilegedAction(final AccessibleObject ao) { - return AccessController.doPrivileged((PrivilegedAction<Optional<AccessibleObject>>) () -> makeAccessible(ao)); + return java.security.AccessController.doPrivileged((PrivilegedAction<Optional<AccessibleObject>>) () -> makeAccessible(ao)); } // to be run in PrivilegedAction! diff --git a/src/main/java/org/codehaus/groovy/reflection/SunClassLoader.java b/src/main/java/org/codehaus/groovy/reflection/SunClassLoader.java index 2c78c968f9..ee0a104390 100644 --- a/src/main/java/org/codehaus/groovy/reflection/SunClassLoader.java +++ b/src/main/java/org/codehaus/groovy/reflection/SunClassLoader.java @@ -25,8 +25,9 @@ import org.objectweb.asm.MethodVisitor; import java.io.IOException; import java.io.InputStream; -import java.security.AccessController; import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.HashMap; import java.util.Map; @@ -46,7 +47,7 @@ public class SunClassLoader extends ClassLoader { static { SunClassLoader res; try { - res = AccessController.doPrivileged((PrivilegedAction<SunClassLoader>) () -> { + res = doPrivileged((PrivilegedAction<SunClassLoader>) () -> { try { return new SunClassLoader(); } catch (Throwable e) { @@ -59,6 +60,11 @@ public class SunClassLoader extends ClassLoader { sunVM = res; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + protected SunClassLoader() throws Throwable { super(SunClassLoader.class.getClassLoader()); diff --git a/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java b/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java index 4800461a33..60d545c183 100644 --- a/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java +++ b/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java @@ -30,7 +30,6 @@ import org.codehaus.groovy.transform.trait.Traits; import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Collections; @@ -103,7 +102,7 @@ public class CachedSAMClass extends CachedClass { @SuppressWarnings("removal") // TODO a future Groovy version should remove the security check private static Method[] getDeclaredMethods(final Class c) { try { - Method[] methods = AccessController.doPrivileged((PrivilegedAction<Method[]>) c::getDeclaredMethods); + Method[] methods = java.security.AccessController.doPrivileged((PrivilegedAction<Method[]>) c::getDeclaredMethods); if (methods!=null) return methods; } catch (java.security.AccessControlException ace) { // swallow and do as if no method is available diff --git a/src/main/java/org/codehaus/groovy/runtime/DefaultGroovyMethods.java b/src/main/java/org/codehaus/groovy/runtime/DefaultGroovyMethods.java index b25ca8e4aa..c28ca78094 100644 --- a/src/main/java/org/codehaus/groovy/runtime/DefaultGroovyMethods.java +++ b/src/main/java/org/codehaus/groovy/runtime/DefaultGroovyMethods.java @@ -125,7 +125,6 @@ import java.math.BigDecimal; import java.math.BigInteger; import java.math.RoundingMode; import java.net.URL; -import java.security.AccessController; import java.security.CodeSource; import java.security.PrivilegedAction; import java.text.MessageFormat; @@ -462,10 +461,7 @@ public class DefaultGroovyMethods extends DefaultGroovyMethodsSupport { if (groovyObject && field.getName().equals("metaClass")) { continue; } - AccessController.doPrivileged((PrivilegedAction<Object>) () -> { - ReflectionUtils.trySetAccessible(field); - return null; - }); + trySetAccessible(field); buffer.append(" "); buffer.append(field.getName()); buffer.append("="); @@ -484,6 +480,14 @@ public class DefaultGroovyMethods extends DefaultGroovyMethodsSupport { return buffer.toString(); } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the accessible check not as a privileged action + private static void trySetAccessible(final Field field) { + java.security.AccessController.doPrivileged((PrivilegedAction<Object>) () -> { + ReflectionUtils.trySetAccessible(field); + return null; + }); + } + /** * Retrieves the list of {@link groovy.lang.MetaProperty} objects for 'self' and wraps it * in a list of {@link groovy.lang.PropertyValue} objects that additionally provide diff --git a/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java b/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java index 16beccdabd..9e24d1b3d2 100644 --- a/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java +++ b/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java @@ -44,7 +44,6 @@ import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.lang.reflect.Modifier; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; @@ -288,12 +287,12 @@ public class ProxyGeneratorAdapter extends ClassVisitor { @SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action private GroovyClassLoader createClassLoader(ClassLoader parentLoader) { - return AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader)); + return java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader)); } @SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action private static InnerLoader createInnerLoader(final ClassLoader parent, final Class<?>[] interfaces) { - return AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(parent, interfaces)); + return java.security.AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(parent, interfaces)); } private InnerLoader findClassLoader(final Class<?> clazz, final Class<?>[] interfaces) { diff --git a/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java b/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java index 5fe58fbae8..04c2e0865f 100644 --- a/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java +++ b/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java @@ -26,11 +26,9 @@ import org.codehaus.groovy.reflection.ClassInfo; import org.codehaus.groovy.runtime.GroovyCategorySupport; import org.codehaus.groovy.runtime.InvokerHelper; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.stream.IntStream; - public final class CallSiteArray { public static final Object[] NOPARAM = new Object[0]; public final CallSite[] array; @@ -60,7 +58,7 @@ public final class CallSiteArray { } private static CallSite createCallStaticSite(CallSite callSite, final Class receiver, Object[] args) { - AccessController.doPrivileged((PrivilegedAction<Void>) () -> { + doPrivileged((PrivilegedAction<Void>) () -> { try { Class.forName(receiver.getName(), true, receiver.getClassLoader()); } catch (Exception e) { @@ -78,6 +76,11 @@ public final class CallSiteArray { return site; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static void doPrivileged(PrivilegedAction<Void> action) { + java.security.AccessController.doPrivileged(action); + } + private static CallSite createCallConstructorSite(CallSite callSite, Class receiver, Object[] args) { MetaClass metaClass = InvokerHelper.getMetaClass(receiver); CallSite site = diff --git a/src/main/java/org/codehaus/groovy/runtime/callsite/GroovySunClassLoader.java b/src/main/java/org/codehaus/groovy/runtime/callsite/GroovySunClassLoader.java index d16dcc97d1..9dc48c4e8c 100644 --- a/src/main/java/org/codehaus/groovy/runtime/callsite/GroovySunClassLoader.java +++ b/src/main/java/org/codehaus/groovy/runtime/callsite/GroovySunClassLoader.java @@ -25,7 +25,6 @@ import org.objectweb.asm.ClassWriter; import java.io.IOException; import java.io.InputStream; -import java.security.AccessController; import java.security.PrivilegedAction; import static org.codehaus.groovy.control.CompilerConfiguration.ASM_API_VERSION; @@ -35,7 +34,7 @@ public class GroovySunClassLoader extends SunClassLoader { public static final SunClassLoader sunVM; static { - sunVM = AccessController.doPrivileged((PrivilegedAction<SunClassLoader>) () -> { + sunVM = doPrivileged((PrivilegedAction<SunClassLoader>) () -> { try { if (SunClassLoader.sunVM != null) { return new GroovySunClassLoader(); @@ -46,6 +45,11 @@ public class GroovySunClassLoader extends SunClassLoader { }); } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + protected GroovySunClassLoader() throws Throwable { this(ClassReader.SKIP_CODE); } diff --git a/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java b/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java index 4bffd7237b..2dd9a596ab 100644 --- a/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java +++ b/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java @@ -21,7 +21,6 @@ package org.codehaus.groovy.tools; import java.io.FileInputStream; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; -import java.security.AccessController; import java.security.PrivilegedAction; /** @@ -34,7 +33,6 @@ public class GroovyStarter { System.exit(1); } - public static void rootLoader(String[] args) { String conf = System.getProperty("groovy.starter.conf",null); final LoaderConfiguration lc = new LoaderConfiguration(); @@ -99,7 +97,7 @@ public class GroovyStarter { } } // create loader and execute main class - ClassLoader loader = AccessController.doPrivileged((PrivilegedAction<RootLoader>) () -> new RootLoader(lc)); + ClassLoader loader = getLoader(lc); Method m=null; try { Class c = loader.loadClass(lc.getMainClass()); @@ -114,6 +112,11 @@ public class GroovyStarter { } } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static RootLoader getLoader(LoaderConfiguration lc) { + return java.security.AccessController.doPrivileged((PrivilegedAction<RootLoader>) () -> new RootLoader(lc)); + } + private static void exit(Exception e) { e.printStackTrace(); System.exit(1); diff --git a/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java b/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java index c654cdf8e6..c49dc2bc5e 100644 --- a/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java +++ b/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java @@ -34,7 +34,6 @@ import java.net.URISyntaxException; import java.net.URL; import java.net.URLClassLoader; import java.nio.charset.Charset; -import java.security.AccessController; import java.security.CodeSource; import java.security.PrivilegedAction; import java.util.ArrayList; @@ -189,8 +188,7 @@ public class JavacJavaCompiler implements JavaCompiler { } try { - CodeSource codeSource = AccessController.doPrivileged( - (PrivilegedAction<CodeSource>) () -> GroovyObject.class.getProtectionDomain().getCodeSource()); + CodeSource codeSource = getCodeSource(); if (codeSource != null) { paths.add(new File(codeSource.getLocation().toURI()).getPath()); } @@ -203,4 +201,10 @@ public class JavacJavaCompiler implements JavaCompiler { return params; } + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private CodeSource getCodeSource() { + return java.security.AccessController.doPrivileged( + (PrivilegedAction<CodeSource>) () -> GroovyObject.class.getProtectionDomain().getCodeSource()); + } } diff --git a/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java b/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java index e8d46d47bd..da9df41e8a 100644 --- a/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java +++ b/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java @@ -22,7 +22,6 @@ import org.apache.groovy.util.Maps; import org.codehaus.groovy.runtime.DefaultGroovyMethods; import java.math.BigDecimal; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Map; import java.util.logging.Level; @@ -55,8 +54,13 @@ public class VMPluginFactory { return PLUGIN; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + private static VMPlugin createPlugin() { - return AccessController.doPrivileged((PrivilegedAction<VMPlugin>) () -> { + return doPrivileged((PrivilegedAction<VMPlugin>) () -> { final BigDecimal specVer = new BigDecimal(VMPlugin.getJavaVersion()); ClassLoader loader = VMPluginFactory.class.getClassLoader(); for (Map.Entry<BigDecimal, String> entry : PLUGIN_MAP.entrySet()) { diff --git a/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java b/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java index 77f5a6a401..51a6c3538c 100644 --- a/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java +++ b/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java @@ -66,8 +66,8 @@ import java.lang.reflect.ReflectPermission; import java.lang.reflect.Type; import java.lang.reflect.TypeVariable; import java.lang.reflect.WildcardType; -import java.security.AccessController; import java.security.Permission; +import java.security.PrivilegedAction; import java.util.Arrays; import java.util.List; import java.util.Optional; @@ -583,6 +583,7 @@ public class Java8 implements VMPlugin { * @return the check result */ @Override + @SuppressWarnings("removal") // TODO a future Groovy version should skip the permission check public boolean checkCanSetAccessible(final AccessibleObject accessibleObject, final Class<?> callerClass) { SecurityManager sm = System.getSecurityManager(); try { @@ -670,7 +671,7 @@ public class Java8 implements VMPlugin { private Object getInvokeSpecialHandleFallback(final Method method, final Object receiver) { if (!method.isAccessible()) { - AccessController.doPrivileged((java.security.PrivilegedAction<Object>) () -> { + doPrivilegedInternal((PrivilegedAction<Object>) () -> { ReflectionUtils.trySetAccessible(method); return null; }); @@ -682,6 +683,11 @@ public class Java8 implements VMPlugin { throw new GroovyBugError(e); } } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivilegedInternal(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + @Override public Object invokeHandle(final Object handle, final Object[] args) throws Throwable { @@ -715,7 +721,7 @@ public class Java8 implements VMPlugin { try { if (!lookup.isAccessible()) { final Constructor<MethodHandles.Lookup> finalReference = lookup; - AccessController.doPrivileged((java.security.PrivilegedAction<Object>) () -> { + doPrivilegedInternal((java.security.PrivilegedAction<Object>) () -> { ReflectionUtils.trySetAccessible(finalReference); return null; }); diff --git a/src/test/groovy/security/SecurityTest.java b/src/test/groovy/security/SecurityTest.java index cae37ec757..fb7067e901 100644 --- a/src/test/groovy/security/SecurityTest.java +++ b/src/test/groovy/security/SecurityTest.java @@ -25,7 +25,6 @@ import org.junit.Ignore; import java.io.File; import java.io.IOException; import java.net.URL; -import java.security.AccessController; import java.security.PrivilegedAction; import java.security.Security; import java.util.PropertyPermission; @@ -63,7 +62,7 @@ public class SecurityTest extends SecurityTestSupport { // Use our privileged access in order to prevent checks lower in the call stack. Otherwise we would have // to grant access to IDE unit test runners and unit test libs. We only care about testing the call stack // higher upstream from this point of execution. - AccessController.doPrivileged((PrivilegedAction<Void>) () -> { + doPrivileged((PrivilegedAction<Void>) () -> { Security.setProperty("package.access", "javax.print"); return null; }); @@ -73,6 +72,11 @@ public class SecurityTest extends SecurityTestSupport { assertExecute(script, "/groovy/security/javax/print/allow", null); } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + public void testBadScriptNameBug() { assertExecute(new File("src/test/groovy/bugs/BadScriptNameBug.groovy"), null); } diff --git a/src/test/groovy/security/SecurityTestSupport.java b/src/test/groovy/security/SecurityTestSupport.java index be33f9fdd6..ef78c8a260 100644 --- a/src/test/groovy/security/SecurityTestSupport.java +++ b/src/test/groovy/security/SecurityTestSupport.java @@ -33,10 +33,7 @@ import org.codehaus.groovy.runtime.InvokerHelper; import java.io.File; import java.io.IOException; import java.io.PrintStream; -import java.security.AccessControlException; -import java.security.AccessController; import java.security.Permission; -import java.security.Policy; import java.security.PrivilegedAction; import java.util.Enumeration; @@ -72,9 +69,10 @@ public abstract class SecurityTestSupport extends GroovyTestCase { return securityDisabled; } + @SuppressWarnings("removal") // TODO a future Groovy version should remove this method public static void resetSecurityPolicy(String policyFileURL) { System.setProperty("java.security.policy", policyFileURL); - Policy.getPolicy().refresh(); + java.security.Policy.getPolicy().refresh(); } protected class SecurityTestResultPrinter extends ResultPrinter { @@ -91,11 +89,10 @@ public abstract class SecurityTestSupport extends GroovyTestCase { } } - protected GroovyClassLoader loader = - AccessController.doPrivileged( - (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(SecurityTestSupport.class.getClassLoader()) - ); + protected GroovyClassLoader loader = doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> + new GroovyClassLoader(SecurityTestSupport.class.getClassLoader())); + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager private SecurityManager securityManager; private ClassLoader currentClassLoader; @@ -124,6 +121,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase { //test case: a.groovy depends on b.groovy; a.groovy is parsed (and in the process the gcl //loads b.groovy via findClass). Note that b.groovy is only available in the groovy class loader. //See + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager protected void setUp() { if (checkSecurity()) { securityManager = System.getSecurityManager(); @@ -132,7 +130,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase { } } currentClassLoader = Thread.currentThread().getContextClassLoader(); - AccessController.doPrivileged((PrivilegedAction) () -> { + doPrivileged((PrivilegedAction) () -> { Thread.currentThread().setUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() { @Override public void uncaughtException(Thread t, Throwable e) { @@ -144,14 +142,20 @@ public abstract class SecurityTestSupport extends GroovyTestCase { }); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager protected void tearDown() { - AccessController.doPrivileged((PrivilegedAction) () -> { + doPrivileged((PrivilegedAction) () -> { System.setSecurityManager(securityManager); Thread.currentThread().setContextClassLoader(currentClassLoader); return null; }); } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + protected synchronized String generateClassName() { return "testSecurity" + (++counter); } @@ -205,6 +209,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase { } } + @SuppressWarnings("removal") // TODO in a future Groovy version remove AccessControlException protected void executeTest(Class test, Permission missingPermission) { TestSuite suite = new TestSuite(); suite.addTestSuite(test); @@ -225,8 +230,8 @@ public abstract class SecurityTestSupport extends GroovyTestCase { boolean otherFailure = false; for (Enumeration e = result.errors(); e.hasMoreElements();) { TestFailure failure = (TestFailure) e.nextElement(); - if (failure.thrownException() instanceof AccessControlException) { - AccessControlException ace = (AccessControlException) failure.thrownException(); + if (failure.thrownException() instanceof java.security.AccessControlException) { + java.security.AccessControlException ace = (java.security.AccessControlException) failure.thrownException(); if (missingPermission.implies(ace.getPermission())) { continue; } @@ -242,12 +247,13 @@ public abstract class SecurityTestSupport extends GroovyTestCase { } } + @SuppressWarnings("removal") // TODO in a future Groovy version remove AccessControlException protected void executeScript(Class scriptClass, Permission missingPermission) { try { Script script = InvokerHelper.createScript(scriptClass, new Binding()); script.run(); //InvokerHelper.runScript(scriptClass, null); - } catch (AccessControlException ace) { + } catch (java.security.AccessControlException ace) { if (missingPermission != null && missingPermission.implies(ace.getPermission())) { return; } else { @@ -271,7 +277,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase { // Use our privileged access in order to prevent checks lower in the call stack. Otherwise we would have // to grant access to IDE unit test runners and unit test libs. We only care about testing the call stack // higher upstream from this point of execution. - AccessController.doPrivileged((PrivilegedAction<Void>) () -> { + doPrivileged((PrivilegedAction<Void>) () -> { GroovyCodeSource gcs = null; try { gcs = new GroovyCodeSource(file); @@ -296,7 +302,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase { // Use our privileged access in order to prevent checks lower in the call stack. Otherwise we would have // to grant access to IDE unit test runners and unit test libs. We only care about testing the call stack // higher upstream from this point of execution. - AccessController.doPrivileged((PrivilegedAction<Void>) () -> { + doPrivileged((PrivilegedAction<Void>) () -> { parseAndExecute(new GroovyCodeSource(scriptStr, generateClassName(), effectiveCodeBase), missingPermission); return null; }); diff --git a/src/test/org/codehaus/groovy/reflection/SecurityTest.java b/src/test/org/codehaus/groovy/reflection/SecurityTest.java index 2020420c36..3d42d0f78b 100644 --- a/src/test/org/codehaus/groovy/reflection/SecurityTest.java +++ b/src/test/org/codehaus/groovy/reflection/SecurityTest.java @@ -27,7 +27,6 @@ import java.lang.reflect.Field; import java.lang.reflect.Method; import java.lang.reflect.ReflectPermission; import java.nio.ByteBuffer; -import java.security.AccessControlException; import java.security.Permission; import java.security.Permissions; import java.security.ProtectionDomain; @@ -77,11 +76,13 @@ public class SecurityTest extends GroovyTestCase { return methodCalled; } } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager SecurityManager restrictiveSecurityManager; CachedMethod cachedMethodUnderTest; CachedField cachedFieldUnderTest; Permissions forbidden; + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager & AccessControlException public void setUp() { // Forbidding suppressAccessChecks in the test will make the internal implementation of some JDK fail, // so load vm plugin before security manager is installed: @@ -106,11 +107,12 @@ public class SecurityTest extends GroovyTestCase { @Override public void checkPermission(Permission perm) { if (forbidden.implies(perm)) - throw new AccessControlException(perm.getName()); + throw new java.security.AccessControlException(perm.getName()); } }; } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void tearDown(){ System.setSecurityManager(null); } @@ -137,6 +139,7 @@ public class SecurityTest extends GroovyTestCase { return new CachedField(field); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testInvokesPublicMethodsWithoutChecks() throws Exception { if (isAtLeastJdk("18.0")) return; cachedMethodUnderTest = createCachedMethod("publicMethod"); @@ -144,6 +147,7 @@ public class SecurityTest extends GroovyTestCase { assertTrue(invokesCachedMethod()); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testReturnsAccesiblePublicMethodsWithoutChecks() throws Exception { if (isAtLeastJdk("18.0")) return; cachedMethodUnderTest = createCachedMethod("publicMethod"); @@ -152,6 +156,7 @@ public class SecurityTest extends GroovyTestCase { assertEquals("publicMethod", cachedMethodUnderTest.getName()); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testAccessesPublicFieldsWithoutChecks() throws Exception { if (isAtLeastJdk("18.0")) return; cachedFieldUnderTest = createCachedField("publicField"); @@ -166,6 +171,7 @@ public class SecurityTest extends GroovyTestCase { assertTrue(invokesCachedMethod()); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testAccessesPrivateFieldsWithoutSecurityManager() throws Exception { if (isAtLeastJdk("18.0")) return; cachedFieldUnderTest = createCachedField("privateField"); @@ -175,6 +181,7 @@ public class SecurityTest extends GroovyTestCase { assertEquals("value", cachedFieldUnderTest.getProperty(object)); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testReturnsAccesiblePrivateMethodsWithoutSecurityManager() throws Exception { if (isAtLeastJdk("18.0")) return; cachedMethodUnderTest = createCachedMethod("privateMethod"); @@ -183,6 +190,7 @@ public class SecurityTest extends GroovyTestCase { assertEquals("privateMethod", cachedMethodUnderTest.getName()); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testChecksReflectPermissionForInvokeOnPrivateMethods() throws Exception { if (isAtLeastJdk("18.0")) return; cachedMethodUnderTest = createCachedMethod("privateMethod"); @@ -196,6 +204,7 @@ public class SecurityTest extends GroovyTestCase { } } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testChecksReflectPermissionForFieldAccessOnPrivateFields() throws Exception { if (isAtLeastJdk("18.0")) return; cachedFieldUnderTest = createCachedField("privateField"); @@ -216,6 +225,7 @@ public class SecurityTest extends GroovyTestCase { } } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testChecksReflectPermissionForMethodAccessOnPrivateMethods() throws Exception { if (isAtLeastJdk("18.0")) return; cachedMethodUnderTest = createCachedMethod("privateMethod"); @@ -235,6 +245,7 @@ public class SecurityTest extends GroovyTestCase { } } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testInvokesPackagePrivateMethodsWithoutChecksInNonRestrictedPackages() throws Exception { if (isAtLeastJdk("18.0")) return; cachedMethodUnderTest = createCachedMethod("packagePrivateMethod"); @@ -242,6 +253,7 @@ public class SecurityTest extends GroovyTestCase { assertTrue(invokesCachedMethod()); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK9+ public void testChecksReflectPermissionForInvokeOnPackagePrivateMethodsInRestrictedJavaPackages() throws Exception { // FIX_JDK9 remove this exemption for JDK9 if (isAtLeastJdk("9.0")) return; @@ -257,6 +269,7 @@ public class SecurityTest extends GroovyTestCase { } } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testInvokesProtectedMethodsWithoutChecks() throws Exception { if (isAtLeastJdk("18.0")) return; cachedMethodUnderTest = createCachedMethod("protectedMethod"); @@ -265,6 +278,7 @@ public class SecurityTest extends GroovyTestCase { } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK16+ public void testChecksCreateClassLoaderPermissionForClassLoaderProtectedMethodAccess() throws Exception { // Illegal access to java.lang.ClassLoader.defineClass(java.lang.String,java.nio.ByteBuffer,java.security.ProtectionDomain) if (isAtLeastJdk("16.0")) return; @@ -285,6 +299,7 @@ public class SecurityTest extends GroovyTestCase { } } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testInvokesPrivateMethodsInGroovyObjectsWithoutChecks() throws Exception { if (isAtLeastJdk("18.0")) return; cachedMethodUnderTest = createCachedMethod(TestGroovyClass.class, "privateMethod"); @@ -294,6 +309,7 @@ public class SecurityTest extends GroovyTestCase { assertTrue(object.isMethodCalled()); } + @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+ public void testAccessesPrivateFieldsInGroovyObjectsWithoutChecks() throws Exception { if (isAtLeastJdk("18.0")) return; Field field = TestGroovyClass.class.getDeclaredField("privateField"); diff --git a/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java b/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java index 0f60cca183..86fbb1fbce 100644 --- a/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java +++ b/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java @@ -44,7 +44,6 @@ import java.io.File; import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; -import java.security.AccessController; import java.security.PrivilegedAction; /** @@ -57,9 +56,15 @@ public class TestSupport extends GroovyTestCase implements Opcodes { final ClassLoader parentLoader = getClass().getClassLoader(); protected final GroovyClassLoader loader = - AccessController.doPrivileged( - (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader) - ); + createClassLoader(); + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private GroovyClassLoader createClassLoader() { + return java.security.AccessController.doPrivileged( + (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader) + ); + } + final CompileUnit unit = new CompileUnit(loader, new CompilerConfiguration()); final ModuleNode module = new ModuleNode(unit); @@ -137,14 +142,19 @@ public class TestSupport extends GroovyTestCase implements Opcodes { protected void assertScript(final String text, final String scriptName) throws Exception { log.info("About to execute script"); log.info(text); - GroovyCodeSource gcs = AccessController.doPrivileged( - (PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, scriptName, "/groovy/testSupport") - ); + GroovyCodeSource gcs = getCodeSource(text, scriptName); Class<?> groovyClass = loader.parseClass(gcs); Script script = InvokerHelper.createScript(groovyClass, new Binding()); script.run(); } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private GroovyCodeSource getCodeSource(String text, String scriptName) { + return java.security.AccessController.doPrivileged( + (PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, scriptName, "/groovy/testSupport") + ); + } + protected void assertScriptFile(String fileName) throws Exception { log.info("About to execute script: " + fileName); Class<?> groovyClass = loader.parseClass(new GroovyCodeSource(new File(fileName))); diff --git a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java index 56ba6949f2..f88d4b7c36 100644 --- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java +++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java @@ -30,7 +30,6 @@ import org.codehaus.groovy.tools.ErrorReporter; import java.io.File; import java.io.PrintWriter; import java.io.Writer; -import java.security.AccessController; import java.security.PrivilegedAction; /** @@ -135,9 +134,9 @@ public abstract class CompileTaskSupport } protected GroovyClassLoader createClassLoader() { - GroovyClassLoader gcl = - AccessController.doPrivileged( - (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(ClassLoader.getSystemClassLoader(), config)); + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + GroovyClassLoader gcl = java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> + new GroovyClassLoader(ClassLoader.getSystemClassLoader(), config)); Path path = getClasspath(); if (path != null) { diff --git a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java index c44e2bfc87..60cdb9a0ad 100644 --- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java +++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java @@ -62,7 +62,6 @@ import java.io.Reader; import java.io.Writer; import java.lang.reflect.Field; import java.nio.charset.Charset; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.List; import java.util.Vector; @@ -562,9 +561,9 @@ public class Groovy extends Java { } final String scriptName = computeScriptName(); - final GroovyClassLoader classLoader = - AccessController.doPrivileged( - (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(baseClassLoader)); + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + final GroovyClassLoader classLoader = java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> + new GroovyClassLoader(baseClassLoader)); addClassPathes(classLoader); configureCompiler(); final GroovyShell groovy = new GroovyShell(classLoader, new Binding(), configuration); diff --git a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java index 64dc16fa8c..3fcdbaf55c 100644 --- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java +++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java @@ -53,7 +53,6 @@ import java.io.Writer; import java.net.URI; import java.net.URISyntaxException; import java.nio.charset.Charset; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; @@ -1443,8 +1442,10 @@ public class Groovyc extends MatchingTask { } } - GroovyClassLoader groovyLoader = AccessController.doPrivileged( - (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(loader, configuration)); + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + GroovyClassLoader groovyLoader = java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> + new GroovyClassLoader(loader, configuration)); + if (!forceLookupUnnamedFiles) { // in normal case we don't need to do script lookups groovyLoader.setResourceLoader(filename -> null); diff --git a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java index a8d96b0c7a..933cdabbd6 100644 --- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java +++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java @@ -27,7 +27,6 @@ import org.apache.tools.ant.types.Reference; import org.codehaus.groovy.tools.LoaderConfiguration; import org.codehaus.groovy.tools.RootLoader; -import java.security.AccessController; import java.security.PrivilegedAction; /** @@ -88,7 +87,11 @@ public class RootLoaderRef extends MatchingTask { } lc.addFile(s); } - AntClassLoader loader = AccessController.doPrivileged((PrivilegedAction<AntClassLoader>) () -> new AntClassLoader(new RootLoader(lc), true)); + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + AntClassLoader loader = java.security.AccessController.doPrivileged((PrivilegedAction<AntClassLoader>) () -> + new AntClassLoader(new RootLoader(lc), true)); + project.addReference(name, loader); } diff --git a/subprojects/groovy-console/src/main/groovy/groovy/console/ui/Console.groovy b/subprojects/groovy-console/src/main/groovy/groovy/console/ui/Console.groovy index 1cdfd464d5..bc1b9a66f9 100644 --- a/subprojects/groovy-console/src/main/groovy/groovy/console/ui/Console.groovy +++ b/subprojects/groovy-console/src/main/groovy/groovy/console/ui/Console.groovy @@ -60,7 +60,6 @@ import org.codehaus.groovy.vmplugin.VMPluginFactory import javax.swing.Action import javax.swing.Icon -import javax.swing.JApplet import javax.swing.JFileChooser import javax.swing.JFrame import javax.swing.JLabel @@ -99,6 +98,7 @@ import java.awt.event.FocusEvent import java.awt.event.FocusListener import java.util.logging.Logger import java.util.prefs.Preferences + /** * Groovy Swing console. * @@ -416,7 +416,8 @@ class Console implements CaretListener, HyperlinkListener, ComponentListener, Fo } @Deprecated - void run(JApplet applet) { + @SuppressWarnings("removal") // TODO a future Groovy version will remove this method + void run(javax.swing.JApplet applet) { run([ rootContainerDelegate: { containingWindows += SwingUtilities.getRoot(applet.getParent()) diff --git a/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java b/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java index 540a155435..3b7c782e94 100644 --- a/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java +++ b/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java @@ -79,7 +79,6 @@ import java.io.Reader; import java.io.Writer; import java.lang.reflect.Method; import java.lang.reflect.Proxy; -import java.security.AccessController; import java.security.PrivilegedAction; /** @@ -109,12 +108,17 @@ public class GroovyScriptEngineImpl extends AbstractScriptEngine implements Comp } public GroovyScriptEngineImpl() { - this(AccessController.doPrivileged(new PrivilegedAction<GroovyClassLoader>() { + this(createClassLoader()); + } + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static GroovyClassLoader createClassLoader() { + return java.security.AccessController.doPrivileged(new PrivilegedAction<GroovyClassLoader>() { @Override public GroovyClassLoader run() { return new GroovyClassLoader(getParentLoader(), new CompilerConfiguration(CompilerConfiguration.DEFAULT)); } - })); + }); } public GroovyScriptEngineImpl(GroovyClassLoader classLoader) { diff --git a/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java b/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java index 5551f70d23..497047f723 100644 --- a/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java +++ b/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java @@ -30,8 +30,6 @@ import org.codehaus.groovy.runtime.InvokerHelper; import javax.sql.DataSource; -import java.security.AccessController; -import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.sql.CallableStatement; import java.sql.Connection; @@ -271,8 +269,8 @@ public class Sql implements AutoCloseable { private boolean withinBatch; - private final Map<String, Statement> statementCache = new HashMap<String, Statement>(); - private final Map<String, String> namedParamSqlCache = new HashMap<String, String>(); + private final Map<String, Statement> statementCache = new HashMap<>(); + private final Map<String, String> namedParamSqlCache = new HashMap<>(); private final Map<String, List<Tuple<?>>> namedParamIndexPropCache = new HashMap<>(); private List<String> keyColumnNames; @@ -4300,22 +4298,7 @@ public class Sql implements AutoCloseable { if (dataSource != null) { // Use a doPrivileged here as many different properties need to be // read, and the policy shouldn't have to list them all. - Connection con; - try { - con = AccessController.doPrivileged(new PrivilegedExceptionAction<Connection>() { - @Override - public Connection run() throws SQLException { - return dataSource.getConnection(); - } - }); - } catch (PrivilegedActionException pae) { - Exception e = pae.getException(); - if (e instanceof SQLException) { - throw (SQLException) e; - } else { - throw (RuntimeException) e; - } - } + Connection con = createConnection(dataSource); if (cacheStatements || cacheConnection) { useConnection = con; } @@ -4324,6 +4307,27 @@ public class Sql implements AutoCloseable { return useConnection; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private Connection createConnection(DataSource dataSource) throws SQLException { + Connection con; + try { + con = java.security.AccessController.doPrivileged(new PrivilegedExceptionAction<Connection>() { + @Override + public Connection run() throws SQLException { + return dataSource.getConnection(); + } + }); + } catch (java.security.PrivilegedActionException pae) { + Exception e = pae.getException(); + if (e instanceof SQLException) { + throw (SQLException) e; + } else { + throw (RuntimeException) e; + } + } + return con; + } + /** * An extension point allowing derived classes to change the behavior * of resource closing. diff --git a/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java b/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java index 44b6905480..6cbb268339 100644 --- a/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java +++ b/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java @@ -53,7 +53,7 @@ public class ClosureTriggerBinding implements TriggerBinding, SourceBinding { BindPath bp = new BindPath(); bp.propertyName = propertyName; bp.updateLocalSyntheticProperties(syntheticBindings); - List<BindPath> childPaths = new ArrayList<BindPath>(); + List<BindPath> childPaths = new ArrayList<>(); for (Map.Entry<String, BindPathSnooper> entry : snooper.fields.entrySet()) { childPaths.add(createBindPath(entry.getKey(), entry.getValue())); } @@ -72,7 +72,7 @@ public class ClosureTriggerBinding implements TriggerBinding, SourceBinding { final Class closureClass = closure.getClass(); // do in privileged block since we may be looking at private stuff - Closure closureLocalCopy = java.security.AccessController.doPrivileged(new PrivilegedAction<Closure>() { + Closure closureLocalCopy = doPrivileged(new PrivilegedAction<Closure>() { @Override public Closure run() { // assume closures have only 1 constructor, of the form (Object, Reference*) @@ -118,7 +118,7 @@ public class ClosureTriggerBinding implements TriggerBinding, SourceBinding { e.printStackTrace(System.out); throw new RuntimeException("A closure expression binding could not be created because of " + e.getClass().getName() + ":\n\t" + e.getMessage()); } - List<BindPath> rootPaths = new ArrayList<BindPath>(); + List<BindPath> rootPaths = new ArrayList<>(); for (Map.Entry<String, BindPathSnooper> entry : delegate.fields.entrySet()) { BindPath bp =createBindPath(entry.getKey(), entry.getValue()); bp.currentObject = closure; @@ -131,6 +131,12 @@ public class ClosureTriggerBinding implements TriggerBinding, SourceBinding { return fb; } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + + // TODO when JDK9+ is minimum, use canAccess and remove suppression @SuppressWarnings("deprecation") private boolean isAccessible(AccessibleObject accessibleObject) { @@ -159,7 +165,7 @@ class DeadEndObject { class BindPathSnooper extends GroovyObjectSupport { static final DeadEndObject DEAD_END = new DeadEndObject(); - Map<String, BindPathSnooper> fields = new LinkedHashMap<String, BindPathSnooper>(); + Map<String, BindPathSnooper> fields = new LinkedHashMap<>(); @Override public Object getProperty(String property) { diff --git a/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java b/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java index 5ec22b7112..30bb330293 100644 --- a/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java +++ b/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java @@ -31,7 +31,6 @@ import org.codehaus.groovy.control.CompilationFailedException; import java.io.IOException; import java.io.Reader; import java.lang.reflect.InvocationTargetException; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Map; import java.util.concurrent.atomic.AtomicInteger; @@ -216,7 +215,7 @@ public class GStringTemplateEngine extends TemplateEngine { @SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action private GroovyClassLoader createClassLoader(ClassLoader parentLoader) { - return AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader)); + return java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader)); } private static void appendCharacter(final char c, diff --git a/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java b/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java index 65907d3003..326fc783a5 100644 --- a/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java +++ b/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java @@ -38,7 +38,6 @@ import java.io.LineNumberReader; import java.io.Reader; import java.io.StringReader; import java.lang.reflect.InvocationTargetException; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.List; @@ -621,7 +620,7 @@ public class StreamingTemplateEngine extends TemplateEngine { @SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action private GroovyClassLoader createClassLoader(ClassLoader parentLoader) { - return AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader)); + return java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader)); } /** diff --git a/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java b/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java index abbbd0eed8..a8d40d2445 100644 --- a/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java +++ b/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java @@ -43,7 +43,6 @@ import java.io.StringReader; import java.net.MalformedURLException; import java.net.URL; import java.net.URLClassLoader; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Collections; import java.util.LinkedHashMap; @@ -70,7 +69,7 @@ public class MarkupTemplateEngine extends TemplateEngine { private final TemplateGroovyClassLoader groovyClassLoader; private final CompilerConfiguration compilerConfiguration; private final TemplateConfiguration templateConfiguration; - private final Map<String, GroovyCodeSource> codeSourceCache = new LinkedHashMap<String, GroovyCodeSource>(); + private final Map<String, GroovyCodeSource> codeSourceCache = new LinkedHashMap<>(); private final TemplateResolver templateResolver; public MarkupTemplateEngine() { @@ -101,7 +100,7 @@ public class MarkupTemplateEngine extends TemplateEngine { } ); } - groovyClassLoader = AccessController.doPrivileged((PrivilegedAction<TemplateGroovyClassLoader>) () -> new TemplateGroovyClassLoader(parentLoader, compilerConfiguration)); + groovyClassLoader = doPrivileged((PrivilegedAction<TemplateGroovyClassLoader>) () -> new TemplateGroovyClassLoader(parentLoader, compilerConfiguration)); if (DEBUG_BYTECODE) { compilerConfiguration.setBytecodePostprocessor(BytecodeDumper.STANDARD_ERR); } @@ -116,7 +115,7 @@ public class MarkupTemplateEngine extends TemplateEngine { * @param tplConfig template engine configuration */ public MarkupTemplateEngine(final ClassLoader parentLoader, final File templateDirectory, TemplateConfiguration tplConfig) { - this(AccessController.doPrivileged( + this(doPrivileged( new PrivilegedAction<URLClassLoader>() { @Override public URLClassLoader run() { @@ -127,6 +126,11 @@ public class MarkupTemplateEngine extends TemplateEngine { null); } + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action + private static <T> T doPrivileged(PrivilegedAction<T> action) { + return java.security.AccessController.doPrivileged(action); + } + private static URL[] buildURLs(final File templateDirectory) { try { return new URL[]{templateDirectory.toURI().toURL()}; diff --git a/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java b/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java index 757be72844..46e31b2a43 100644 --- a/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java +++ b/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java @@ -29,7 +29,6 @@ import org.apache.groovy.test.ScriptTestAdapter; import java.io.File; import java.io.IOException; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.List; import java.util.logging.Logger; @@ -77,8 +76,10 @@ public class AllTestSuite extends TestSuite { private static final Logger LOG = Logger.getLogger(AllTestSuite.class.getName()); private static final ClassLoader JAVA_LOADER = AllTestSuite.class.getClassLoader(); + + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action private static final GroovyClassLoader GROOVY_LOADER = - AccessController.doPrivileged( + java.security.AccessController.doPrivileged( (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(JAVA_LOADER) ); diff --git a/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java b/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java index eb1553e733..bbdf057aa6 100644 --- a/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java +++ b/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java @@ -27,10 +27,8 @@ import junit.textui.TestRunner; import org.apache.groovy.test.ScriptTestAdapter; import java.io.File; -import java.security.AccessController; import java.security.PrivilegedAction; - /** * A TestSuite which will run a Groovy unit test case inside any Java IDE * either as a unit test case or as an application. @@ -51,8 +49,9 @@ public class GroovyTestSuite extends TestSuite { protected static String file = null; + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action protected final GroovyClassLoader loader = - AccessController.doPrivileged( + java.security.AccessController.doPrivileged( (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(GroovyTestSuite.class.getClassLoader()) ); diff --git a/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java b/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java index a6d57c7c60..b49789d74a 100644 --- a/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java +++ b/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java @@ -21,27 +21,24 @@ package groovy.xml; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParserFactory; -import java.security.AccessController; -import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; /** * Support class for creating XML Factories */ public class FactorySupport { + @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action static Object createFactory(PrivilegedExceptionAction action) throws ParserConfigurationException { - Object factory; try { - factory = AccessController.doPrivileged(action); - } catch (PrivilegedActionException pae) { + return java.security.AccessController.doPrivileged(action); + } catch (java.security.PrivilegedActionException pae) { Exception e = pae.getException(); if (e instanceof ParserConfigurationException) { - throw(ParserConfigurationException) e; + throw (ParserConfigurationException) e; } else { throw new RuntimeException(e); } } - return factory; } public static DocumentBuilderFactory createDocumentBuilderFactory() throws ParserConfigurationException {
