8344420: Remove Security Manager dependencies from javax.security package

[seanjmullan]

Now that JEP 486 has been integrated, the javax.security package implementation dependencies on System.getSecurityManager, AccessController.doPrivileged and AccessControlContext can be removed.

Most of the changes are straightforward: removal of code calling System.getSecurityManager() and unwrapping of code inside AccessController.doPrivileged. However, two changes involved slightly more complicated work:

1. javax.security.auth.login.Configuration and javax.security.auth.login.LoginContext do not need to capture the caller's access control context anymore.
2. The SecureSet implementation in javax.security.auth.Subject is greatly simplified because it does not do security checks anymore.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8344420: Remove Security Manager dependencies from javax.security package (Enhancement - P3)

Reviewers

• Alan Bateman (@AlanBateman - Reviewer)
• Roger Riggs (@RogerRiggs - Reviewer)
• Bradford Wetmore (@bradfordwetmore - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/22368/head:pull/22368
$ git checkout pull/22368

Update a local copy of the PR:
$ git checkout pull/22368
$ git pull https://git.openjdk.org/jdk.git pull/22368/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 22368

View PR using the GUI difftool:
$ git pr show -t 22368

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/22368.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back mullan! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@seanjmullan This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8344420: Remove Security Manager dependencies from javax.security package

Reviewed-by: alanb, rriggs, wetmore

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 15 new commits pushed to the master branch:

• ca81ab5: 8344994: Remove most uses of RuntimePermission checks in java.desktop
• 43603ac: 8344894: Obsolete reference to checking permissions in java.awt.Composite
• 4d4cef8: 8344337: SecurityManager cleanup in java.prefs module
• 1c7f34d: 8345000: Remove last mentions of sun.awt.AWTPermissions
• 5e0d42b: 8344916: RISC-V: Misaligned access in array fill stub
• 3326874: 8344857: Remove calls to SecurityManager and doPrivileged in SocketExceptions and URLJarFile in the sun.net package after JEP 486 integration
• 48e3b65: 8344275: tools/jpackage/windows/Win8301247Test.java fails on localized Windows platform
• 1623257: 8339524: Clean up a few ExtendedRobot tests
• 0276079: 8344667: Remove most uses of AWT Permissions from the desktop module
• 8de158a: 8339134: Callers of Exceptions::fthrow should ensure exception message lengths avoid the INT_MAX limits of os::vsnprintf
• ... and 5 more: https://git.openjdk.org/jdk/compare/a032de2904baf83143415858ed7191549c659035...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@seanjmullan The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 01: Full - Incremental (66c930e7)
• 00: Full (c3e2a5ed)

[AlanBateman]

I went through the changes and it looks a good cleanup. I think it would good to have a second reviewer, esp. for Subject and LoginContext, as there is a lot in this cleanup.

[RogerRiggs]

lgtm

[bradfordwetmore]

I only looked over javax.security.cert. That part LGTM.

[seanjmullan]

/integrate

[openjdk]

Going to push as commit 65c98e5.
Since your change was applied there have been 33 commits pushed to the master branch:

• 2465526: 8344821: Test CheckDefaultArchiveFile.java fails if classes_coh.jsa is not present
• d752f19: 8343427: Class file load hook crashes on archived classes from multi-release JARs
• f1b5a6e: 8344565: SM cleanup in jdk/internal and java/lang package private classes
• d8a2337: 8344895: SM cleanup of module java.xml
• c329f97: 8345015: Remove unused method lookup_time_t_function
• 86d527f: 8344949: javax.security.auth.Subject.SecureSet.writeObject does not do a security check anymore
• f0b72f7: 8342380: Implement JEP 498: Warn upon Use of Memory-Access Methods in sun.misc.Unsafe
• fc2da15: 8344419: Use StaticProperty in some JDK classes
• 3e509c8: 8344773: SM cleanup in ForkJoinPool
• 6da3ecd: 8344960: RISC-V: fix TestFloatConversionsVectorNaN for COH and AlignVector
• ... and 23 more: https://git.openjdk.org/jdk/compare/a032de2904baf83143415858ed7191549c659035...master

Your commit was automatically rebased without conflicts.

[openjdk]

@seanjmullan Pushed as commit 65c98e5.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.