Reduce usage of Java SE Security Manager

Signed-off-by: Arjan Tijms <arjan.tijms@omnifish.ee>

appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/acc/ACCClassLoader.java

@@ -18,31 +18,26 @@
 
 package org.glassfish.appclient.client.acc;
 
+import static java.security.AccessController.doPrivileged;
+
 import com.sun.enterprise.loader.ResourceLocator;
 import com.sun.enterprise.util.io.FileUtils;
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.instrument.ClassFileTransformer;
 import java.lang.instrument.IllegalClassFormatException;
 import java.net.URL;
-import java.security.CodeSource;
-import java.security.PermissionCollection;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.List;
 import java.util.function.Consumer;
-
 import org.glassfish.appclient.common.ClassPathUtils;
-import org.glassfish.appclient.common.ClientClassLoaderDelegate;
 import org.glassfish.common.util.GlassfishUrlClassLoader;
 
-import static java.security.AccessController.doPrivileged;
-
 /**
  * Application client classloader
  *
@@ -58,8 +53,6 @@ public class ACCClassLoader extends GlassfishUrlClassLoader {
 
     private final List<ClassFileTransformer> transformers = Collections.synchronizedList(new ArrayList<ClassFileTransformer>());
 
-    private ClientClassLoaderDelegate clientCLDelegate;
-
     public static synchronized ACCClassLoader newInstance(ClassLoader parent, boolean shouldTransform) {
         if (instance != null) {
             throw new IllegalStateException("already set");
@@ -110,12 +103,10 @@ private static void adjustACCAgentClassLoaderParent(ACCClassLoader instance) thr
     public ACCClassLoader(ClassLoader parent, final boolean shouldTransform) {
         super(new URL[0], parent);
         this.shouldTransform = shouldTransform;
-        clientCLDelegate = new ClientClassLoaderDelegate(this);
     }
 
     public ACCClassLoader(URL[] urls, ClassLoader parent) {
         super(urls, parent);
-        clientCLDelegate = new ClientClassLoaderDelegate(this);
     }
 
     private ACCClassLoader(URL[] urls, ClassLoader parent, boolean shouldTransform) {
@@ -193,26 +184,6 @@ private byte[] readByteCode(final String className) throws ClassNotFoundExceptio
         }
     }
 
-    @Override
-    protected PermissionCollection getPermissions(CodeSource codesource) {
-        if (System.getSecurityManager() == null) {
-            return super.getPermissions(codesource);
-        }
-
-        // When security manager is enabled, find the declared permissions
-        if (clientCLDelegate.getCachedPerms(codesource) != null) {
-            return clientCLDelegate.getCachedPerms(codesource);
-        }
-
-        return clientCLDelegate.getPermissions(codesource, super.getPermissions(codesource));
-    }
-
-    public void processDeclaredPermissions() throws IOException {
-        if (clientCLDelegate == null) {
-            clientCLDelegate = new ClientClassLoaderDelegate(this);
-        }
-    }
-
     @Override
     public Enumeration<URL> getResources(String name) throws IOException {
         final ResourceLocator locator = new ResourceLocator(this, getParentClassLoader(), true);

appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/acc/AppClientContainer.java

@@ -262,13 +262,6 @@ void setClient(final Launchable client) throws ClassNotFoundException {
 
     }
 
-    void processPermissions() throws IOException {
-        // need to process the permissions files
-        if (classLoader instanceof ACCClassLoader) {
-            ((ACCClassLoader) classLoader).processDeclaredPermissions();
-        }
-    }
-
     protected Class<?> loadClass(final String className) throws ClassNotFoundException {
         return Class.forName(className, true, classLoader);
     }

appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/acc/AppClientContainerBuilder.java

@@ -17,27 +17,26 @@
 
 package org.glassfish.appclient.client.acc;
 
-import com.sun.enterprise.container.common.spi.util.InjectionException;
-import com.sun.enterprise.module.bootstrap.BootException;
-import com.sun.enterprise.util.LocalStringManager;
-import com.sun.enterprise.util.LocalStringManagerImpl;
-
+import static com.sun.enterprise.util.Utility.isEmpty;
 import static java.util.logging.Level.CONFIG;
 import static org.glassfish.internal.api.ORBLocator.OMG_ORB_INIT_HOST_PROPERTY;
 import static org.glassfish.internal.api.ORBLocator.OMG_ORB_INIT_PORT_PROPERTY;
 import static org.glassfish.internal.api.ORBLocator.ORB_SSL_CLIENT_REQUIRED;
 
+import com.sun.enterprise.container.common.spi.util.InjectionException;
+import com.sun.enterprise.module.bootstrap.BootException;
+import com.sun.enterprise.util.LocalStringManager;
+import com.sun.enterprise.util.LocalStringManagerImpl;
 import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLClassLoader;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
 import java.util.logging.Logger;
-
 import javax.security.auth.callback.CallbackHandler;
-
 import org.glassfish.appclient.client.acc.config.AuthRealm;
 import org.glassfish.appclient.client.acc.config.ClientCredential;
 import org.glassfish.appclient.client.acc.config.MessageSecurityConfig;
@@ -159,8 +158,6 @@ private AppClientContainer createContainer(final Launchable client, final Callba
 
         AppClientContainer container = ACCModulesManager.getService(AppClientContainer.class);
 
-        // process the packaged permissions.xml
-        container.processPermissions();
         container.setClient(client);
         container.setBuilder(this);
         CallbackHandler callbackHandler = (callerSuppliedCallbackHandler != null ? callerSuppliedCallbackHandler
@@ -171,11 +168,12 @@ private AppClientContainer createContainer(final Launchable client, final Callba
         return container;
     }
 
-    private CallbackHandler getCallbackHandlerFromDescriptor(final String callbackHandlerName)
-            throws ClassNotFoundException, InstantiationException, IllegalAccessException {
-        if (callbackHandlerName != null && !callbackHandlerName.equals("")) {
-            Class<CallbackHandler> callbackHandlerClass = (Class<CallbackHandler>) Class.forName(callbackHandlerName, true, classLoader);
-            return callbackHandlerClass.newInstance();
+    private CallbackHandler getCallbackHandlerFromDescriptor(final String callbackHandlerName) throws ClassNotFoundException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
+        if (!isEmpty(callbackHandlerName)) {
+            return (CallbackHandler)
+                Class.forName(callbackHandlerName, true, classLoader)
+                     .getDeclaredConstructor()
+                     .newInstance();
         }
 
         return null;

appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/client/jws/boot/JWSACCMain.java

@@ -36,11 +36,9 @@
 import java.text.MessageFormat;
 import java.util.ResourceBundle;
 import java.util.Vector;
-
 import javax.swing.SwingUtilities;
-
 import org.glassfish.appclient.client.acc.AppClientContainer;
-import org.glassfish.appclient.client.acc.JWSACCClassLoader;
+import org.glassfish.common.util.GlassfishUrlClassLoader;
 
 /**
  * Alternate main class for ACC, used when launched by Java Web Start.
@@ -394,8 +392,7 @@ private static File writeTextToTempFile(String content, String prefix, String su
      *@return the class loader
      */
     private static ClassLoader prepareClassLoader(File downloadedAppclientJarFile) throws IOException, URISyntaxException, ClassNotFoundException, NoSuchMethodException, IllegalAccessException, InvocationTargetException {
-        ClassLoader ldr = new JWSACCClassLoader(downloadedJarURLs, classPathManager.getParentClassLoader());
-        return ldr;
+        return new GlassfishUrlClassLoader(downloadedJarURLs, classPathManager.getParentClassLoader());
     }
 
     /*

appserver/appclient/client/acc/src/main/java/org/glassfish/appclient/common/PermissionsUtil.java

@@ -15,24 +15,10 @@
  */
 package org.glassfish.appclient.common;
 
-import static com.sun.enterprise.security.ee.perms.SMGlobalPolicyUtil.CLIENT_TYPE_CODESOURCE;
-import static com.sun.enterprise.security.ee.perms.SMGlobalPolicyUtil.CommponentType.car;
 
-import com.sun.enterprise.security.ee.perms.XMLPermissionsHandler;
 import java.io.File;
-import java.io.FileNotFoundException;
 import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.security.CodeSource;
-import java.security.NoSuchAlgorithmException;
 import java.security.PermissionCollection;
-import java.security.Policy;
-import java.security.URIParameter;
-import java.security.cert.Certificate;
-
-import javax.xml.stream.XMLStreamException;
 
 public class PermissionsUtil {
 
@@ -48,18 +34,7 @@ public class PermissionsUtil {
     // or in the client's module jar if standalone
     // result could be null
     public static PermissionCollection getClientDeclaredPermissions(ClassLoader classLoader) throws IOException {
-        URL permUrl = classLoader.getResource(PERMISSIONS_XML);
-        if (permUrl == null) {
-            return null;
-        }
-
-        try {
-            return new
-                XMLPermissionsHandler(null, permUrl.openStream(), car)
-                    .getAppDeclaredPermissions();
-        } catch (XMLStreamException | FileNotFoundException e) {
-            throw new IOException(e);
-        }
+        return null;
     }
 
     // get the permissions configured inside the javaee.client.policy,
@@ -79,40 +54,10 @@ public static PermissionCollection getClientRestrictPolicy(ClassLoader classLoad
     }
 
     private static PermissionCollection getClientPolicy(ClassLoader classLoader, String pkgedFile, String policyFileName) throws IOException {
-
-        // 1st try to find from the packaged client jar
-        URL eeClientUrl = classLoader.getResource(pkgedFile);
-        if (eeClientUrl != null)
-            return getEEPolicyPermissions(eeClientUrl);
-
-        // 2nd try to find from client's installation at lib/appclient folder
-        String clientPolicyClocation = getClientInstalledPath();
-        if (clientPolicyClocation != null) {
-            return getPolicyPermissions(clientPolicyClocation + policyFileName);
-        }
-
         return null;
 
     }
 
-    private static PermissionCollection getPolicyPermissions(String policyFilename) throws IOException {
-        if (!new File(policyFilename).exists()) {
-            return null;
-        }
-
-        return getEEPolicyPermissions(new URL("file:" + policyFilename));
-    }
-
-    private static PermissionCollection getEEPolicyPermissions(URL fileUrl) throws IOException {
-        try {
-            return
-                Policy.getInstance("JavaPolicy", new URIParameter(fileUrl.toURI()))
-                      .getPermissions(new CodeSource(new URL(CLIENT_TYPE_CODESOURCE), (Certificate[]) null));
-        } catch (NoSuchAlgorithmException | MalformedURLException | URISyntaxException e) {
-            throw new IllegalStateException(e);
-        }
-    }
-
     private static String getClientInstalledPath() {
         String policyPath = System.getProperty("java.security.policy");
         if (policyPath == null) {