Uploaded image for project: 'CCC Migration Project'
  1. CCC Migration Project
  2. CCC-8029886

Change SecurityManager checkTopLevelWindow, checkSystemClipboard, checkAccessAwtEventQueueAccess to check AllPermission

    XMLWordPrintable

    Details

    • Subcomponent:
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      Hide
      The proposed changes are unlikely to have any significant impact. Security policies that grant access to the clipboard, top-level window or AWT event queue will continue to work as they do now.

      Oracle's AWT implementation was changed in JDK 8 to use checkPermission directly and so doesn't have a dependency on these methods.

      The only potential concern is third party code (maybe UI toolkits) that are using the legacy checkXXX methods. If the code has not been changed to use checkPermission then it could potentially fail in JDK 9 when not granted AllPermission. One of the motives for getting this change in JDK 9 early is to give maximum time to identify any such cases.

      The change proposed in this CCC will of course need to be documented in the JDK 9 release/compatibility notes. The impending change and the deprecation of these methods is already in the JDK 8 release notes.
      Show
      The proposed changes are unlikely to have any significant impact. Security policies that grant access to the clipboard, top-level window or AWT event queue will continue to work as they do now. Oracle's AWT implementation was changed in JDK 8 to use checkPermission directly and so doesn't have a dependency on these methods. The only potential concern is third party code (maybe UI toolkits) that are using the legacy checkXXX methods. If the code has not been changed to use checkPermission then it could potentially fail in JDK 9 when not granted AllPermission. One of the motives for getting this change in JDK 9 early is to give maximum time to identify any such cases. The change proposed in this CCC will of course need to be documented in the JDK 9 release/compatibility notes. The impending change and the deprecation of these methods is already in the JDK 8 release notes.
    • Interface Kind:
      Java API
    • Scope:
      SE

      Description

      Summary

      Change SecurityManager checkTopLevelWindow, checkSystemClipboard, checkAccessAwtEventQueueAccess to check AllPermission.

      Problem

      This is a follow-up to CCC-8008981 where we deprecated the checkTopLevelWindow, checkSystemClipboard and checkAccessAwtEventQueueAccess methods defined by java.lang.SecurityManager. The methods were deprecated with a warning to make it clear that they would be changed in a future release to check AllPermission.

      The original CCC also adjusted the specification of java.awt.Toolkit and java.awt.Window so that they are specified to use the SecurityManager's checkPermission method directly, those obsoleting the 3 JDK 1.1-era checkXXX methods.

      This new CCC proposes to degrade the 3 checkXXX further to allow us to finally eliminate the dependency on AWTPermission from the base/core module.

      Solution

      Change the checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess to specify that they check AllPermission.

      Specification

      See attached specdiff or the following summary of the new descriptions proposed for these methods:

      checkTopLevelWindow:

      Deprecated. This method was originally used to check if the calling thread was trusted to bring up a top-level window. The method has been obsoleted and code should instead use checkPermission(java.security.Permission) to check AWTPermission("showWindowWithoutWarningBanner").

      checkSystemClipboardAccess:

      Deprecated. This method was originally used to check if the calling thread could access the system clipboard. The method has been obsoleted and code should instead use checkPermission(java.security.Permission) to check AWTPermission("accessClipboard").

      checkAwtEventQueueAccess:

      Deprecated. This method was originally used to check if the calling thread could access the AWT event queue. The method has been obsoleted and code should instead use checkPermission(java.security.Permission) to check AWTPermission("accessEventQueue").

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              alanb Alan Bateman
              Reporter:
              alanb Alan Bateman
              Reviewed By:
              Anthony Petrov (Inactive), Sergey Bylokhov
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: