8266459: Implement JEP 411: Deprecate the Security Manager for Removal

Author: wangweij

make/RunTests.gmk

@@ -769,7 +769,7 @@ define SetupRunJtregTestBody
       -vmoption:-XX:MaxRAMPercentage=$$($1_JTREG_MAX_RAM_PERCENTAGE) \
       -vmoption:-Djava.io.tmpdir="$$($1_TEST_TMP_DIR)"
 
-  $1_JTREG_BASIC_OPTIONS += -automatic -ignore:quiet
+  $1_JTREG_BASIC_OPTIONS += -automatic -ignore:quiet -Djavatest.security.noSecurityManager=true
 
   # Make it possible to specify the JIB_DATA_DIR for tests using the
   # JIB Artifact resolver

src/java.base/share/classes/java/lang/SecurityManager.java

@@ -80,36 +80,37 @@
  * <p>
  * Environments using a security manager will typically set the security
  * manager at startup. In the JDK implementation, this is done by setting
- * the system property {@code java.security.manager} on the command line to
- * the class name of the security manager. It can also be set to the empty
- * String ("") or the special token "{@code default}" to use the
+ * the system property {@systemProperty java.security.manager} on the command
+ * line to the class name of the security manager. It can also be set to the
+ * empty String ("") or the special token "{@code default}" to use the
  * default {@code java.lang.SecurityManager}. If a class name is specified,
  * it must be {@code java.lang.SecurityManager} or a public subclass and have
  * a public no-arg constructor. The class is loaded by the
  * {@linkplain ClassLoader#getSystemClassLoader() built-in system class loader}
- * if it is not {@code java.lang.SecurityManager}. If the
- * {@code java.security.manager} system property is not set, the default value
- * is {@code null}, which means a security manager will not be set at startup.
+ * if it is not {@code java.lang.SecurityManager}.
  * <p>
  * The Java run-time may also allow, but is not required to allow, the security
  * manager to be set dynamically by invoking the
  * {@link System#setSecurityManager(SecurityManager) setSecurityManager} method.
- * In the JDK implementation, if the Java virtual machine is started with
- * the {@code java.security.manager} system property set to the special token
- * "{@code disallow}" then a security manager will not be set at startup and
- * cannot be set dynamically (the
+ * In the JDK implementation, the default value of the
+ * {@systemProperty java.security.manager} system property, if not set, is
+ * the special token "{@code disallow}". If the Java virtual machine is
+ * started with the {@systemProperty java.security.manager} system property
+ * not set or set to "{@code disallow}" then a security manager will not be
+ * set at startup and cannot be set dynamically (the
  * {@link System#setSecurityManager(SecurityManager) setSecurityManager}
  * method will throw an {@code UnsupportedOperationException}). If the
- * {@code java.security.manager} system property is not set or is set to the
+ * {@systemProperty java.security.manager} system property is set to the
  * special token "{@code allow}", then a security manager will not be set at
  * startup but can be set dynamically. Finally, if the
- * {@code java.security.manager} system property is set to the class name of
- * the security manager, or to the empty String ("") or the special token
- * "{@code default}", then a security manager is set at startup (as described
- * previously) and can also be subsequently replaced (or disabled) dynamically
- * (subject to the policy of the currently installed security manager). The
- * following table illustrates the behavior of the JDK implementation for the
- * different settings of the {@code java.security.manager} system property:
+ * {@systemProperty java.security.manager} system property is set to the
+ * class name of the security manager, or to the empty String ("") or the
+ * special token "{@code default}", then a security manager is set at startup
+ * (as described previously) and can also be subsequently replaced (or
+ * disabled) dynamically (subject to the policy of the currently installed
+ * security manager). The following table illustrates the behavior of the JDK
+ * implementation for the different settings of the
+ * {@systemProperty java.security.manager} system property:
  * <table class="striped">
  * <caption style="display:none">property value,
  *  the SecurityManager set at startup,
@@ -167,8 +168,6 @@
  *
  * </tbody>
  * </table>
- * <p> A future release of the JDK may change the default value of the
- * {@code java.security.manager} system property to "{@code disallow}".
  * <p>
  * The current security manager is returned by the
  * {@link System#getSecurityManager() getSecurityManager} method.
@@ -313,7 +312,12 @@
  * @see     java.security.ProtectionDomain
  *
  * @since   1.0
+ * @deprecated The Security Manager is deprecated and subject to removal in a
+ *       future release. There is no replacement for the Security Manager.
+ *       See <a href="https://openjdk.java.net/jeps/411">JEP 411</a> for
+ *       discussion and alternatives.
  */
+@Deprecated(since="17", forRemoval=true)
 public class SecurityManager {
 
     /*
@@ -1084,7 +1088,7 @@ public void checkMulticast(InetAddress maddr) {
      * @deprecated Use #checkPermission(java.security.Permission) instead
      * @see        #checkPermission(java.security.Permission) checkPermission
      */
-    @Deprecated(since="1.4")
+    @Deprecated(since="1.4", forRemoval=true)
     public void checkMulticast(InetAddress maddr, byte ttl) {
         String host = maddr.getHostAddress();
         if (!host.startsWith("[") && host.indexOf(':') != -1) {

src/java.base/share/classes/java/lang/System.java

@@ -338,10 +338,16 @@ private static void checkIO() {
      * security manager has been established, then no action is taken and
      * the method simply returns.
      *
-     * @implNote In the JDK implementation, if the Java virtual machine is
-     * started with the system property {@code java.security.manager} set to
-     * the special token "{@code disallow}" then the {@code setSecurityManager}
-     * method cannot be used to set a security manager.
+     * @implNote In the JDK implementation, the default value of the
+     * {@systemProperty java.security.manager} system property, if not set, is
+     * the special token "{@code disallow}". If the Java virtual machine is
+     * started with the {@systemProperty java.security.manager} system property
+     * set to the special token "{@code allow}", then a security manager can
+     * be set dynamically. If the Java virtual machine is started with the
+     * system property {@systemProperty java.security.manager} not set or set
+     * to "{@code disallow}" then a security manager cannot be set
+     * dynamically (the {@code setSecurityManager} method will throw an
+     * {@code UnsupportedOperationException}).
      *
      * @param  sm the security manager or {@code null}
      * @throws SecurityException
@@ -353,7 +359,14 @@ private static void checkIO() {
      * @see #getSecurityManager
      * @see SecurityManager#checkPermission
      * @see java.lang.RuntimePermission
+     * @deprecated This method is only useful in conjunction with
+     *       {@linkplain SecurityManager the Security Manager}, which is
+     *       deprecated and subject to removal in a future release.
+     *       Consequently, this method is also deprecated and subject to
+     *       removal. There is no replacement for the Security Manager or this
+     *       method.
      */
+    @Deprecated(since="17", forRemoval=true)
     public static void setSecurityManager(SecurityManager sm) {
         if (allowSecurityManager()) {
             if (security == null) {
@@ -419,7 +432,14 @@ public Object run() {
      *          current application, then that security manager is returned;
      *          otherwise, {@code null} is returned.
      * @see     #setSecurityManager
+     * @deprecated This method is only useful in conjunction with
+     *       {@linkplain SecurityManager the Security Manager}, which is
+     *       deprecated and subject to removal in a future release.
+     *       Consequently, this method is also deprecated and subject to
+     *       removal. There is no replacement for the Security Manager or this
+     *       method.
      */
+    @Deprecated(since="17", forRemoval=true)
     public static SecurityManager getSecurityManager() {
         if (allowSecurityManager()) {
             return security;
@@ -2148,7 +2168,12 @@ private static void initPhase3() {
                     allowSecurityManager = MAYBE;
             }
         } else {
-            allowSecurityManager = MAYBE;
+            allowSecurityManager = NEVER;
+        }
+
+        if (allowSecurityManager != NEVER) {
+            System.err.println("WARNING: The Security Manager is deprecated" +
+                    " and will be removed in a future release.");
         }
 
         // initializing the system class loader

src/java.base/share/classes/java/lang/Thread.java

@@ -1424,7 +1424,14 @@ public final boolean isDaemon() {
      * @throws  SecurityException  if the current thread is not allowed to
      *          access this thread.
      * @see        SecurityManager#checkAccess(Thread)
-     */
+     * @deprecated This method is only useful in conjunction with
+     *       {@linkplain SecurityManager the Security Manager}, which is
+     *       deprecated and subject to removal in a future release.
+     *       Consequently, this method is also deprecated and subject to
+     *       removal. There is no replacement for the Security Manager or this
+     *       method.
+     */
+    @Deprecated(since="17", forRemoval=true)
     public final void checkAccess() {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {

src/java.base/share/classes/java/lang/ThreadGroup.java

@@ -320,7 +320,14 @@ public final boolean parentOf(ThreadGroup g) {
      *               access this thread group.
      * @see        java.lang.SecurityManager#checkAccess(java.lang.ThreadGroup)
      * @since      1.0
+     * @deprecated This method is only useful in conjunction with
+     *       {@linkplain SecurityManager the Security Manager}, which is
+     *       deprecated and subject to removal in a future release.
+     *       Consequently, this method is also deprecated and subject to
+     *       removal. There is no replacement for the Security Manager or this
+     *       method.
      */
+    @Deprecated(since="17", forRemoval=true)
     public final void checkAccess() {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {

src/java.base/share/classes/java/security/AccessControlContext.java

@@ -75,8 +75,14 @@
  *
  * @author Roland Schemers
  * @since 1.2
+ * @deprecated This class is only useful in conjunction with
+ *       {@linkplain SecurityManager the Security Manager}, which is deprecated
+ *       and subject to removal in a future release. Consequently, this class
+ *       is also deprecated and subject to removal. There is no replacement for
+ *       the Security Manager or this class.
  */
 
+@Deprecated(since="17", forRemoval=true)
 public final class AccessControlContext {
 
     private ProtectionDomain[] context;

src/java.base/share/classes/java/security/AccessControlException.java

@@ -39,8 +39,14 @@
  * @author Li Gong
  * @author Roland Schemers
  * @since 1.2
+ * @deprecated This class is only useful in conjunction with
+ *       {@linkplain SecurityManager the Security Manager}, which is deprecated
+ *       and subject to removal in a future release. Consequently, this class
+ *       is also deprecated and subject to removal. There is no replacement for
+ *       the Security Manager or this class.
  */
 
+@Deprecated(since="17", forRemoval=true)
 public class AccessControlException extends SecurityException {
 
     @java.io.Serial

src/java.base/share/classes/java/security/AccessController.java

@@ -271,8 +271,14 @@
  * @author Li Gong
  * @author Roland Schemers
  * @since 1.2
+ * @deprecated This class is only useful in conjunction with
+ *       {@linkplain SecurityManager the Security Manager}, which is deprecated
+ *       and subject to removal in a future release. Consequently, this class
+ *       is also deprecated and subject to removal. There is no replacement for
+ *       the Security Manager or this class.
  */
 
+@Deprecated(since="17", forRemoval=true)
 public final class AccessController {
 
     /**

src/java.base/share/classes/java/security/DomainCombiner.java

@@ -77,7 +77,13 @@
  * @see AccessController
  * @see AccessControlContext
  * @since 1.3
+ * @deprecated This class is only useful in conjunction with
+ *       {@linkplain SecurityManager the Security Manager}, which is deprecated
+ *       and subject to removal in a future release. Consequently, this class
+ *       is also deprecated and subject to removal. There is no replacement for
+ *       the Security Manager or this class.
  */
+@Deprecated(since="17", forRemoval=true)
 public interface DomainCombiner {
 
     /**

src/java.base/share/classes/java/security/Policy.java

@@ -83,8 +83,14 @@
  * @see java.security.ProtectionDomain
  * @see java.security.Permission
  * @see java.security.Security security properties
+ * @deprecated This class is only useful in conjunction with
+ *       {@linkplain SecurityManager the Security Manager}, which is deprecated
+ *       and subject to removal in a future release. Consequently, this class
+ *       is also deprecated and subject to removal. There is no replacement for
+ *       the Security Manager or this class.
  */
 
+@Deprecated(since="17", forRemoval=true)
 public abstract class Policy {
 
     /**
@@ -810,7 +816,13 @@ public void refresh() {
      * This represents a marker interface for Policy parameters.
      *
      * @since 1.6
+     * @deprecated This class is only useful in conjunction with
+     *       {@linkplain SecurityManager the Security Manager}, which is
+     *       deprecated and subject to removal in a future release.
+     *       Consequently, this class is also deprecated and subject to removal.
+     *       There is no replacement for the Security Manager or this class.
      */
+    @Deprecated(since="17", forRemoval=true)
     public static interface Parameters { }
 
     /**