Skip to content

Commit

Permalink
8344221: Remove calls to SecurityManager and and doPrivileged in java…
Browse files Browse the repository at this point in the history 
….net.IDN, java.net.URL, java.net.URLConnection, sun.net.util.URLUtil, and java.net.URLStreamHandlerProvider after JEP 486 integration

Reviewed-by: alanb, rriggs
  • Loading branch information
@dfuch
dfuch committed Nov 18, 2024
1 parent dfddbca commit d52d136
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 172 deletions.
13 changes: 2 additions & 11 deletions src/java.base/share/classes/java/net/IDN.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -26,8 +26,6 @@

import java.io.InputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;

import jdk.internal.icu.impl.Punycode;
import jdk.internal.icu.text.StringPrep;
Expand Down Expand Up @@ -248,14 +246,7 @@ public static String toUnicode(String input) {
StringPrep stringPrep = null;
try {
final String IDN_PROFILE = "/sun/net/idn/uidna.spp";
@SuppressWarnings("removal")
InputStream stream = System.getSecurityManager() != null
? AccessController.doPrivileged(new PrivilegedAction<>() {
public InputStream run() {
return StringPrep.class.getResourceAsStream(IDN_PROFILE);
}})
: StringPrep.class.getResourceAsStream(IDN_PROFILE);

InputStream stream = StringPrep.class.getResourceAsStream(IDN_PROFILE);
stringPrep = new StringPrep(stream);
stream.close();
} catch (IOException e) {
Expand Down
121 changes: 15 additions & 106 deletions src/java.base/share/classes/java/net/URL.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,26 +30,20 @@
import java.io.InputStream;
import java.net.spi.URLStreamHandlerProvider;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.io.InvalidObjectException;
import java.io.ObjectStreamException;
import java.io.ObjectStreamField;
import java.io.ObjectInputStream.GetField;
import java.util.Iterator;
import java.util.Locale;
import java.util.NoSuchElementException;
import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;

import jdk.internal.access.JavaNetURLAccess;
import jdk.internal.access.SharedSecrets;
import jdk.internal.misc.ThreadTracker;
import jdk.internal.misc.VM;
import sun.net.util.IPAddressUtil;
import sun.security.util.SecurityConstants;
import sun.security.action.GetPropertyAction;

/**
* Class {@code URL} represents a Uniform Resource
Expand Down Expand Up @@ -485,14 +479,6 @@ public URL(String protocol, String host, String file)
@Deprecated(since = "20")
public URL(String protocol, String host, int port, String file,
URLStreamHandler handler) throws MalformedURLException {
if (handler != null) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
// check for permission to specify a handler
checkSpecifyHandler(sm);
}
}

protocol = lowerCaseProtocol(protocol);
this.protocol = protocol;
Expand Down Expand Up @@ -683,15 +669,6 @@ public URL(URL context, String spec, URLStreamHandler handler)
boolean aRef=false;
boolean isRelative = false;

// Check for permission to specify a handler
if (handler != null) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
checkSpecifyHandler(sm);
}
}

try {
limit = spec.length();
while ((limit > 0) && (spec.charAt(limit - 1) <= ' ')) {
Expand Down Expand Up @@ -912,13 +889,6 @@ private boolean isValidProtocol(String protocol) {
return true;
}

/*
* Checks for permission to specify a stream handler.
*/
private void checkSpecifyHandler(@SuppressWarnings("removal") SecurityManager sm) {
sm.checkPermission(SecurityConstants.SPECIFY_HANDLER_PERMISSION);
}

/**
* Sets the specified 8 fields of the URL. This is not a public method so
* that only URLStreamHandlers can modify URL fields. URLs are otherwise
Expand Down Expand Up @@ -956,9 +926,8 @@ void set(String protocol, String host, int port,

/**
* Returns the address of the host represented by this URL.
* A {@link SecurityException} or an {@link UnknownHostException}
* while getting the host address will result in this method returning
* {@code null}
* An {@link UnknownHostException} while getting the host address
* will result in this method returning {@code null}.
*
* @return an {@link InetAddress} representing the host
*/
Expand All @@ -972,7 +941,7 @@ synchronized InetAddress getHostAddress() {
}
try {
hostAddress = InetAddress.getByName(host);
} catch (UnknownHostException | SecurityException ex) {
} catch (UnknownHostException e) {
return null;
}
return hostAddress;
Expand Down Expand Up @@ -1271,16 +1240,6 @@ public URLConnection openConnection(Proxy proxy)

// Create a copy of Proxy as a security measure
Proxy p = proxy == Proxy.NO_PROXY ? Proxy.NO_PROXY : sun.net.ApplicationProxy.create(proxy);
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (p.type() != Proxy.Type.DIRECT && sm != null) {
InetSocketAddress epoint = (InetSocketAddress) p.address();
if (epoint.isUnresolved())
sm.checkConnect(epoint.getHostName(), epoint.getPort());
else
sm.checkConnect(epoint.getAddress().getHostAddress(),
epoint.getPort());
}
return handler.openConnection(this, p);
}

Expand Down Expand Up @@ -1358,11 +1317,6 @@ public static void setURLStreamHandlerFactory(URLStreamHandlerFactory fac) {
if (factory != null) {
throw new Error("factory already defined");
}
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSetFactory();
}
handlers.clear();

// safe publication of URLStreamHandlerFactory with volatile write
Expand Down Expand Up @@ -1398,8 +1352,7 @@ public URLStreamHandler createURLStreamHandler(String protocol) {
}

private static URLStreamHandler lookupViaProperty(String protocol) {
String packagePrefixList =
GetPropertyAction.privilegedGetProperty(protocolPathProp);
String packagePrefixList = System.getProperty(protocolPathProp);
if (packagePrefixList == null || packagePrefixList.isEmpty()) {
// not set
return null;
Expand Down Expand Up @@ -1435,47 +1388,6 @@ private static URLStreamHandler lookupViaProperty(String protocol) {
return handler;
}

private static Iterator<URLStreamHandlerProvider> providers() {
return new Iterator<>() {

final ClassLoader cl = ClassLoader.getSystemClassLoader();
final ServiceLoader<URLStreamHandlerProvider> sl =
ServiceLoader.load(URLStreamHandlerProvider.class, cl);
final Iterator<URLStreamHandlerProvider> i = sl.iterator();

URLStreamHandlerProvider next = null;

private boolean getNext() {
while (next == null) {
try {
if (!i.hasNext())
return false;
next = i.next();
} catch (ServiceConfigurationError sce) {
if (sce.getCause() instanceof SecurityException) {
// Ignore security exceptions
continue;
}
throw sce;
}
}
return true;
}

public boolean hasNext() {
return getNext();
}

public URLStreamHandlerProvider next() {
if (!getNext())
throw new NoSuchElementException();
URLStreamHandlerProvider n = next;
next = null;
return n;
}
};
}

private static class ThreadTrackHolder {
static final ThreadTracker TRACKER = new ThreadTracker();
}
Expand All @@ -1488,26 +1400,23 @@ private static void endLookup(Object key) {
ThreadTrackHolder.TRACKER.end(key);
}

@SuppressWarnings("removal")
private static URLStreamHandler lookupViaProviders(final String protocol) {
Object key = tryBeginLookup();
if (key == null) {
throw new Error("Circular loading of URL stream handler providers detected");
}
try {
return AccessController.doPrivileged(
new PrivilegedAction<>() {
public URLStreamHandler run() {
Iterator<URLStreamHandlerProvider> itr = providers();
while (itr.hasNext()) {
URLStreamHandlerProvider f = itr.next();
URLStreamHandler h = f.createURLStreamHandler(protocol);
if (h != null)
return h;
}
return null;
}
});
final ClassLoader cl = ClassLoader.getSystemClassLoader();
final ServiceLoader<URLStreamHandlerProvider> sl =
ServiceLoader.load(URLStreamHandlerProvider.class, cl);
final Iterator<URLStreamHandlerProvider> itr = sl.iterator();
while (itr.hasNext()) {
URLStreamHandlerProvider f = itr.next();
URLStreamHandler h = f.createURLStreamHandler(protocol);
if (h != null)
return h;
}
return null;
} finally {
endLookup(key);
}
Expand Down
59 changes: 17 additions & 42 deletions src/java.base/share/classes/java/net/URLConnection.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.Date;
Expand All @@ -42,10 +41,8 @@
import java.util.Map;
import java.util.List;
import java.security.Permission;
import java.security.AccessController;
import sun.security.util.SecurityConstants;
import sun.net.www.MessageHeader;
import sun.security.action.GetPropertyAction;

/**
* The abstract class {@code URLConnection} is the superclass
Expand Down Expand Up @@ -328,9 +325,6 @@ public String getContentTypeFor(String fileName) {
* @since 1.2
*/
public static void setFileNameMap(FileNameMap map) {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkSetFactory();
fileNameMap = map;
}

Expand Down Expand Up @@ -1285,11 +1279,6 @@ public static synchronized void setContentHandlerFactory(ContentHandlerFactory f
if (factory != null) {
throw new Error("factory already defined");
}
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkSetFactory();
}
factory = fac;
}

Expand Down Expand Up @@ -1401,35 +1390,22 @@ private ContentHandler lookupContentHandlerClassFor(String contentType) {

@SuppressWarnings("removal")
private ContentHandler lookupContentHandlerViaProvider(String contentType) {
return AccessController.doPrivileged(
new PrivilegedAction<>() {
@Override
public ContentHandler run() {
ClassLoader cl = ClassLoader.getSystemClassLoader();
ServiceLoader<ContentHandlerFactory> sl =
ServiceLoader.load(ContentHandlerFactory.class, cl);

Iterator<ContentHandlerFactory> iterator = sl.iterator();

ContentHandler handler = null;
while (iterator.hasNext()) {
ContentHandlerFactory f;
try {
f = iterator.next();
} catch (ServiceConfigurationError e) {
if (e.getCause() instanceof SecurityException) {
continue;
}
throw e;
}
handler = f.createContentHandler(contentType);
if (handler != null) {
break;
}
}
return handler;
}
});

ClassLoader cl = ClassLoader.getSystemClassLoader();
ServiceLoader<ContentHandlerFactory> sl =
ServiceLoader.load(ContentHandlerFactory.class, cl);

Iterator<ContentHandlerFactory> iterator = sl.iterator();

ContentHandler handler = null;
while (iterator.hasNext()) {
ContentHandlerFactory f = iterator.next();
handler = f.createContentHandler(contentType);
if (handler != null) {
break;
}
}
return handler;
}

/**
Expand Down Expand Up @@ -1465,8 +1441,7 @@ private String typeToPackageName(String contentType) {
* is always the last one on the returned package list.
*/
private String getContentHandlerPkgPrefixes() {
String packagePrefixList =
GetPropertyAction.privilegedGetProperty(contentPathProp, "");
String packagePrefixList = System.getProperty(contentPathProp, "");

if (packagePrefixList != "") {
packagePrefixList += "|";
Expand Down
10 changes: 0 additions & 10 deletions src/java.base/share/classes/java/net/spi/URLStreamHandlerProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,19 +49,9 @@
public abstract class URLStreamHandlerProvider
implements URLStreamHandlerFactory
{
private static Void checkPermission() {
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new RuntimePermission("setFactory"));
return null;
}
private URLStreamHandlerProvider(Void ignore) { }

/**
* Initializes a new URL stream handler provider.
*/
protected URLStreamHandlerProvider() {
this(checkPermission());
}
}
6 changes: 3 additions & 3 deletions src/java.base/share/classes/sun/net/util/URLUtil.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -38,12 +38,12 @@ public class URLUtil {
/**
* Returns a string form of the url suitable for use as a key in HashMap/Sets.
*
* The string form should be behave in the same manner as the URL when
* The string form should behave in the same manner as the URL when
* compared for equality in a HashMap/Set, except that no nameservice
* lookup is done on the hostname (only string comparison), and the fragment
* is not considered.
*
* @see java.net.URLStreamHandler.sameFile(java.net.URL)
* @see java.net.URL#sameFile(java.net.URL)
*/
public static String urlNoFragString(URL url) {
StringBuilder strForm = new StringBuilder();
Expand Down

1 comment on commit d52d136

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

Please sign in to comment.