Skip to content
Permalink
Browse files
GROOVY-10586: Revert doPrivileged in VMPlugin approach to JEP-411 (co…
…nt'd)
  • Loading branch information
paulk-asert committed Apr 18, 2022
1 parent 5f51060 commit 5c10ca3836891a6fe64394a9318c91ce98ac28b8
Showing 42 changed files with 325 additions and 182 deletions.
@@ -20,7 +20,6 @@

import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.List;
@@ -155,13 +154,14 @@ public static void grab(Map<String, Object> dependency) {
}
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
public static void grab(final Map<String, Object> args, final Map... dependencies) {
if (enableGrapes) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
java.security.AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
GrapeEngine instance = getInstance();
if (instance != null) {
GrapeEngine instance1 = getInstance();
if (instance1 != null) {
if (!args.containsKey(AUTO_DOWNLOAD_SETTING)) {
args.put(AUTO_DOWNLOAD_SETTING, enableAutoDownload);
}
@@ -171,7 +171,7 @@ public Void run() {
if (!args.containsKey(GrapeEngine.CALLEE_DEPTH)) {
args.put(GrapeEngine.CALLEE_DEPTH, GrapeEngine.DEFAULT_CALLEE_DEPTH + 2);
}
instance.grab(args, dependencies);
instance1.grab(args, dependencies);
}
return null;
}
@@ -66,7 +66,6 @@
import java.net.URLClassLoader;
import java.net.URLConnection;
import java.net.URLDecoder;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
@@ -110,8 +109,9 @@ public class GroovyClassLoader extends URLClassLoader {

private GroovyResourceLoader resourceLoader = new GroovyResourceLoader() {
@Override
@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
public URL loadGroovySource(final String filename) throws MalformedURLException {
return AccessController.doPrivileged((PrivilegedAction<URL>) () -> {
return java.security.AccessController.doPrivileged((PrivilegedAction<URL>) () -> {
for (String extension : config.getScriptExtensions()) {
try {
URL ret = getSourceFile(filename, extension);
@@ -253,11 +253,16 @@ public Class parseClass(File file) throws CompilationFailedException, IOExceptio
* @return the main class defined in the given script
*/
public Class parseClass(final String text, final String fileName) throws CompilationFailedException {
GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, fileName, "/groovy/script"));
GroovyCodeSource gcs = createCodeSource((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, fileName, "/groovy/script"));
gcs.setCachable(false);
return parseClass(gcs);
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private GroovyCodeSource createCodeSource(PrivilegedAction<GroovyCodeSource> action) {
return java.security.AccessController.doPrivileged(action);
}

/**
* Parses the given text into a Java class capable of being run
*
@@ -278,7 +283,7 @@ public synchronized String generateScriptName() {
}

public Class parseClass(final Reader reader, final String fileName) throws CompilationFailedException {
GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> {
GroovyCodeSource gcs = createCodeSource((PrivilegedAction<GroovyCodeSource>) () -> {
try {
String scriptText = IOGroovyMethods.getText(reader);
return new GroovyCodeSource(scriptText, fileName, "/groovy/script");
@@ -425,12 +430,7 @@ protected PermissionCollection getPermissions(CodeSource codeSource) {
perms = new Permissions();
}

ProtectionDomain myDomain = AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
@Override
public ProtectionDomain run() {
return getClass().getProtectionDomain();
}
});
ProtectionDomain myDomain = getProtectionDomain();
PermissionCollection myPerms = myDomain.getPermissions();
if (myPerms != null) {
for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements();) {
@@ -445,6 +445,16 @@ public ProtectionDomain run() {
return perms;
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private ProtectionDomain getProtectionDomain() {
return java.security.AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
@Override
public ProtectionDomain run() {
return getClass().getProtectionDomain();
}
});
}

public static class InnerLoader extends GroovyClassLoader {
private final GroovyClassLoader delegate;
private final long timeStamp;
@@ -643,8 +653,12 @@ protected CompilationUnit createCompilationUnit(CompilerConfiguration config, Co
* @return the ClassCollector
*/
protected ClassCollector createCollector(CompilationUnit unit, SourceUnit su) {
InnerLoader loader = AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(GroovyClassLoader.this));
return new ClassCollector(loader, unit, su);
return new ClassCollector(createLoader(), unit, su);
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private InnerLoader createLoader() {
return java.security.AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(GroovyClassLoader.this));
}

public static class ClassCollector implements CompilationUnit.ClassgenCallback {
@@ -1082,8 +1096,9 @@ protected boolean isSourceNewer(URL source, Class cls) throws IOException {
* @param path is a jar file or a directory.
* @see #addURL(URL)
*/
@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
public void addClasspath(final String path) {
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
java.security.AccessController.doPrivileged((PrivilegedAction<Void>) () -> {

URI newURI;
try {
@@ -31,7 +31,6 @@
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -123,7 +122,7 @@ public GroovyCodeSource(final File infile, final String encoding) throws IOExcep
//The calls below require access to user.dir - allow here since getName() and getCodeSource() are
//package private and used only by the GroovyClassLoader.
try {
Object[] info = AccessController.doPrivileged((PrivilegedExceptionAction<Object[]>) () -> {
Object[] info = doPrivileged((PrivilegedExceptionAction<Object[]>) () -> {
// retrieve the content of the file using the provided encoding
if (encoding != null) {
scriptText = ResourceGroovyMethods.getText(infile, encoding);
@@ -150,6 +149,11 @@ public GroovyCodeSource(final File infile, final String encoding) throws IOExcep
}
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
return java.security.AccessController.doPrivileged(action);
}

/**
* @param infile the file to create a GroovyCodeSource for.
* @throws IOException if an issue arises opening and reading the file.
@@ -33,7 +33,6 @@
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -100,12 +99,22 @@ public GroovyShell(ClassLoader parent, Binding binding, final CompilerConfigurat
&& ((GroovyClassLoader) parentLoader).hasCompatibleConfiguration(config)) {
this.loader = (GroovyClassLoader) parentLoader;
} else {
this.loader = AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader,config));
this.loader = doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader, config));
}
this.context = binding;
this.config = config;
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private <T> T doPrivileged(PrivilegedAction<T> action) {
return java.security.AccessController.doPrivileged(action);
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
return java.security.AccessController.doPrivileged(action);
}

public void resetLoadedClasses() {
loader.clearCache();
}
@@ -203,13 +212,13 @@ public Object run() {
}
}

AccessController.doPrivileged(new DoSetContext(loader));
doPrivileged(new DoSetContext(loader));

// Parse the script, generate the class, and invoke the main method. This is a little looser than
// if you are compiling the script because the JVM isn't executing the main method.
Class scriptClass;
try {
scriptClass = AccessController.doPrivileged((PrivilegedExceptionAction<Class>) () -> loader.parseClass(scriptFile));
scriptClass = doPrivileged((PrivilegedExceptionAction<Class>) () -> loader.parseClass(scriptFile));
} catch (PrivilegedActionException pae) {
Exception e = pae.getException();
if (e instanceof CompilationFailedException) {
@@ -340,7 +349,7 @@ private static Object runRunnable(Class scriptClass, String[] args) {
* @param args the command line arguments to pass in
*/
public Object run(final String scriptText, final String fileName, String[] args) throws CompilationFailedException {
GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
return run(gcs, args);
}

@@ -404,7 +413,7 @@ public Object run(final Reader in, final String fileName, List<String> list) thr
* @param args the command line arguments to pass in
*/
public Object run(final Reader in, final String fileName, String[] args) throws CompilationFailedException {
GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(in, fileName, DEFAULT_CODE_BASE));
GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(in, fileName, DEFAULT_CODE_BASE));
Class scriptClass = parseClass(gcs);
return runScriptOrMainOrTestOrRunnable(scriptClass, args);
}
@@ -462,7 +471,7 @@ public Object evaluate(final String scriptText, final String fileName, final Str
sm.checkPermission(new GroovyCodeSourcePermission(codeBase));
}

GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, codeBase));
GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, codeBase));

return evaluate(gcs);
}
@@ -607,7 +616,7 @@ public Script parse(String scriptText) throws CompilationFailedException {
}

public Script parse(final String scriptText, final String fileName, Binding binding) throws CompilationFailedException {
GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
return parse(gcs, binding);
}

@@ -98,7 +98,6 @@
import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
@@ -3496,9 +3495,9 @@ private void addProperties() {
// introspect
try {
if (isBeanDerivative(theClass)) {
info = (BeanInfo) AccessController.doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass, Introspector.IGNORE_ALL_BEANINFO));
info = (BeanInfo) doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass, Introspector.IGNORE_ALL_BEANINFO));
} else {
info = (BeanInfo) AccessController.doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass));
info = (BeanInfo) doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass));
}
} catch (PrivilegedActionException pae) {
throw new GroovyRuntimeException("exception during bean introspection", pae.getException());
@@ -3528,6 +3527,11 @@ private void addProperties() {
}
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private Object doPrivileged(PrivilegedExceptionAction action) throws PrivilegedActionException {
return java.security.AccessController.doPrivileged(action);
}

private static boolean isBeanDerivative(Class theClass) {
Class next = theClass;
while (next != null) {
@@ -54,7 +54,6 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.LinkedHashMap;
@@ -527,7 +526,12 @@ public Object run() {
}
}

AccessController.doPrivileged(new DoSetContext(shell.getClassLoader()));
doPrivileged(new DoSetContext(shell.getClassLoader()));
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private static <T> T doPrivileged(PrivilegedAction<T> action) {
return java.security.AccessController.doPrivileged(action);
}

/**
@@ -47,7 +47,6 @@
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.util.HashMap;
@@ -61,23 +60,23 @@
* with dependent scripts.
*/
public class GroovyScriptEngine implements ResourceConnector {
private static final ClassLoader CL_STUB = AccessController.doPrivileged((PrivilegedAction<ClassLoader>) () -> new ClassLoader() {});
private static final ClassLoader CL_STUB = doPrivileged((PrivilegedAction<ClassLoader>) () -> new ClassLoader() {});

private static final URL[] EMPTY_URL_ARRAY = new URL[0];

private static class LocalData {
CompilationUnit cu;
final StringSetMap dependencyCache = new StringSetMap();
final Map<String, String> precompiledEntries = new HashMap<String, String>();
final Map<String, String> precompiledEntries = new HashMap<>();
}

private static WeakReference<ThreadLocal<LocalData>> localData = new WeakReference<ThreadLocal<LocalData>>(null);
private static WeakReference<ThreadLocal<LocalData>> localData = new WeakReference<>(null);

private static synchronized ThreadLocal<LocalData> getLocalData() {
ThreadLocal<LocalData> local = localData.get();
if (local != null) return local;
local = new ThreadLocal<LocalData>();
localData = new WeakReference<ThreadLocal<LocalData>>(local);
local = new ThreadLocal<>();
localData = new WeakReference<>(local);
return local;
}

@@ -261,7 +260,7 @@ private void updateScriptCache(LocalData localData) {
StringSetMap cache = localData.dependencyCache;
cache.makeTransitiveHull();
long time = getCurrentTime();
Set<String> entryNames = new HashSet<String>();
Set<String> entryNames = new HashSet<>();
for (Map.Entry<String, Set<String>> entry : cache.entrySet()) {
String className = entry.getKey();
Class clazz = getClassCacheEntry(className);
@@ -297,7 +296,7 @@ private String getPath(Class clazz, Map<String, String> precompiledEntries) {
}

private Set<String> convertToPaths(Set<String> orig, Map<String, String> precompiledEntries) {
Set<String> ret = new HashSet<String>();
Set<String> ret = new HashSet<>();
for (String className : orig) {
Class clazz = getClassCacheEntry(className);
if (clazz == null) continue;
@@ -339,7 +338,7 @@ public static void main(String[] urls) throws Exception {
*/
private GroovyClassLoader initGroovyLoader() {
GroovyClassLoader groovyClassLoader =
AccessController.doPrivileged((PrivilegedAction<ScriptClassLoader>) () -> {
doPrivileged((PrivilegedAction<ScriptClassLoader>) () -> {
if (parentLoader instanceof GroovyClassLoader) {
return new ScriptClassLoader((GroovyClassLoader) parentLoader);
} else {
@@ -350,6 +349,11 @@ private GroovyClassLoader initGroovyLoader() {
return groovyClassLoader;
}

@SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private static <T> T doPrivileged(PrivilegedAction<T> action) {
return java.security.AccessController.doPrivileged(action);
}

/**
* Get a resource connection as a <code>URLConnection</code> to retrieve a script
* from the <code>ResourceConnector</code>.

0 comments on commit 5c10ca3

Please sign in to comment.