8344149: Remove usage of Security Manager from java.rmi #22129
Conversation
|
👋 Welcome back smarks! A progress list of the required criteria for merging this PR into |
|
@stuart-marks This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 107 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
@stuart-marks The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
stuart-marks
changed the title
Webrevs
|
kevinjwalls
left a comment
kevinjwalls
left a comment
There was a problem hiding this comment.
Looks good to me. 8-)
AlekseiEfimov
left a comment
AlekseiEfimov
left a comment
There was a problem hiding this comment.
The changes look good to me, with two suggestions below.
|
|
||
| /** | ||
| * special child of the system thread group for running tasks that | ||
| * may execute user code, so that the security policy for threads in |
There was a problem hiding this comment.
Do we still want to mention security policy here?
There was a problem hiding this comment.
Yeah, I should probably edit that. I don't want to change the thread group behavior, so the justification for the thread group might mention the (historical) effect on security policy.
| .equalsIgnoreCase("false"); | ||
|
|
||
| /** table to hold sun classes to which access is explicitly permitted */ | ||
| protected static Map<String, Class<?>> permittedSunClasses |
There was a problem hiding this comment.
It looks like permittedSunClasses map can be removed alongside to checkSunClass(String, AccessControlException) method, since it is only called on line 198:
} catch (@SuppressWarnings("removal") AccessControlException e) {
return checkSunClass(className, e);
There was a problem hiding this comment.
Sorry, missed your comment in a PR description - ignore the comment above
RogerRiggs
left a comment
RogerRiggs
left a comment
There was a problem hiding this comment.
Looks ok, but some additional cleanup is recommended.
| * @author Peter Jones | ||
| **/ | ||
| public final class NewThreadAction implements PrivilegedAction<Thread> { | ||
| public final class NewThreadAction { |
There was a problem hiding this comment.
Suggest inlining the methods and getting rid of the class, moving non-trivial methods to an existing Util class.
Or at least renaming it to to drop the "Action" that is indicative of doPrivileged.
There was a problem hiding this comment.
Yes, further cleanup should be done here. I had started on it but I backed away since it felt like a distraction from the initial pass of removing direct SecurityManager and AccessController calls. I've filed JDK-8344461 to cover the followup work.
| public void startNewAcceptor() { | ||
| @SuppressWarnings("removal") | ||
| Thread t = AccessController.doPrivileged( | ||
| Thread t = |
|
/integrate |
|
Going to push as commit 6a5256e.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@stuart-marks Pushed as commit 6a5256e. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
|
|
||
| import java.security.AccessController; | ||
| import java.security.PrivilegedAction; | ||
| import sun.security.util.SecurityConstants; |
There was a problem hiding this comment.
Are there any remaining uses of sun.security.util.* in java.rmi? I suspect this is the last one, in which case you can update java.base's module-info to not export this package to java.rmi.
There was a problem hiding this comment.
I will check if it is the last one as part of JDK-8344299.
There was a problem hiding this comment.
Roger has filed JDK-8344867 to cover cleanup of the unneeded qualified export.
5 participants
First cut at removal of Security Manager stuff from RMI.
This covers just about every SM-related case in RMI, except for a bit of package checking in MarshalInputStream. This will be handled separately. It's covered by JDK-8344329.
Further simplifications could be done in RuntimeUtil and NewThreadAction. However, those changes started to become somewhat more intrusive than I'd like for this PR, which is focused on removing security-related stuff. EDIT: I've filed JDK-8344461 to cover this additional cleanup work.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/22129/head:pull/22129$ git checkout pull/22129Update a local copy of the PR:
$ git checkout pull/22129$ git pull https://git.openjdk.org/jdk.git pull/22129/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 22129View PR using the GUI difftool:
$ git pr show -t 22129Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/22129.diff
Using Webrev
Link to Webrev Comment