On 11/28/17 2:41 PM, mandy chung wrote:
On 11/22/17 6:37 AM, Sean Mullan wrote:
Please review this change to remove the pre-JDK 1.2 SecurityManager
methods that have been deprecated since JDK 1.2 and marked for removal
in JDK 9. These methods are fragile, error-prone and have been
obsolete since the SecurityManager was revamped in JDK 1.2. The
methods to be removed are: getInCheck, classDepth, classLoaderDepth,
currentClassLoader, currentLoadedClass, inClass, and inClassLoader.
In addition, the deprecated and error-prone checkMemberAccess method
(which was deprecated in JDK 8 and marked for removal in JDK 9) has
been changed to throw SecurityException if the caller has not been
granted AllPermission. This makes the method less likely it will be
used incorrectly while still allowing some more time before it is
removed.
http://cr.openjdk.java.net/~mullan/webrevs/8186535/webrev.00/
src/java.desktop/share/classes/sun/applet/AppletSecurity.java
111 private static final StackWalker walker =
112 StackWalker.getInstance(RETAIN_CLASS_REFERENCE);
This call will do a stack-based permission check. So it needs to be
wrapped with doPrivileged.
Yes, Alan had the same comment. I have wrapped it in doPrivileged.
Otherwise, looks fine.
Just to mention this: AppletSecurity does not really need the
currentClassLoader method. AppletSecurity::currentAppletClassLoader
could be reimplemented to use StackWalker to walk the stack once
(replacing the call to currentClassLoader and getClassContext) to find
AppletClassLoader. OTOH it does not worth making more change since
applets are going away.
Ok. Good point though.
--Sean
