On Fri, 15 Nov 2024 17:18:46 GMT, Alan Bateman <al...@openjdk.org> wrote:
>> Calls to getSecurityManager, checkPermission, and doPrivileged are removed. >> >> - URLUtils.getConnectPermission is still used in the client area and >> couldn't be removed right away. >> [JDK-8344303](https://bugs.openjdk.org/browse/JDK-8344303) has been logged. >> >> - Similarly, URLConnection.getPermission is a public API. >> [JDK-8344308](https://bugs.openjdk.org/browse/JDK-8344308) has been logged >> to deprecate it for removal. > > src/java.base/share/classes/java/net/URLConnection.java line 1406: > >> 1404: f = iterator.next(); >> 1405: } catch (ServiceConfigurationError e) { >> 1406: if (e.getCause() instanceof SecurityException) { > > I assume the try-catch can be removed as SecurityException won't be thrown. Is that sure? We might have custom handlers there (ContentHandlerFactory is a public exported service interface) - some of them might be throwing `SecurityException` for reasons of their own. That's why I was conservatively keeping this code. Please let me know if you think I should just throw SCE now in that case. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22153#discussion_r1844377135
