Sean, Mandy - can you review this? I also need someone from the AWT team.
This patch eliminates the static dependency on java.awt.AWTPermission from the security code, needed for the SecurityManager and default policy code to work in the event that the permission class is not present (in gui-less profile for example). The changes are relatively simple. Creation of the AWTPermissions is deferred until needed. If sun.awt.AWTPermissionFactory is present then it is used to create the AWTPermission instances. If not present, but somehow one the security manager's checkTopLevelWindow, checkSystemClipboardAccess, etc. methods is invoked then "fake" permissions are used. The reason for the approach is to keep the reflection usage to a minimum (usually we use the shared secrets mechanism to avoid reflection completely but for this case, there isn't one place to setup the secret).
The webrev is here: http://cr.openjdk.java.net/~alanb/6854954/webrev.00/ Thanks, Alan.
