Uploaded image for project: 'CCC Migration Project'
  1. CCC Migration Project
  2. CCC-8161506

Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true

    Details

    • Subcomponent:
    • Compatibility Risk:
      low
    • Compatibility Risk Description:
      Hide
      Only two classes in the JDK use one of the methods that are proposed to be removed: currentClassLoader(). The classes are SecurityManager subclasses in the deployment area. These usages are considered to be fairly easy to remove, and a bug has been filed to track it: https://bugs.openjdk.java.net/browse/JDK-8162416
      Show
      Only two classes in the JDK use one of the methods that are proposed to be removed: currentClassLoader(). The classes are SecurityManager subclasses in the deployment area. These usages are considered to be fairly easy to remove, and a bug has been filed to track it: https://bugs.openjdk.java.net/browse/JDK-8162416
    • Interface Kind:
      Java API
    • Scope:
      SE

      Description

      Summary

      Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true.

      Problem

      Several deprecated methods and fields in SecurityManager are only for use in SecurityManager implementations prior to JDK 1.2. Each of them have been deprecated since JDK 1.2 and should not be used in modern implementations. They should be marked with forRemoval=true to indicate they will be removed in a subsequent JDK major release. It is no longer necessary to retain support for pre-1.2 SecurityManager implementations and removing these methods will clean up the SecurityManager class and eliminate the potential for them to be used incorrectly or insecurely. A migration guide discussing how to replace the old methods has also been available since the JDK 1.2 timeframe: http://docs.oracle.com/javase/7/docs/technotes/guides/security/smPortGuide.html#HowToPort

      Solution

      Add forRemoval=true to the Deprecated annotation for the inCheck field, and the getInCheck, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, inClass, and inClassLoader methods.

      The checkMemberAccess method is also a pre-1.2 deprecated method, but it has already been marked with forRemoval=true as part of JDK-8145468.

      Specification

      --- old/src/java.base/share/classes/java/lang/SecurityManager.java      2016-07-25 08:07:55.504355118 -0400
      +++ new/src/java.base/share/classes/java/lang/SecurityManager.java      2016-07-25 08:07:55.208355126 -0400
      @@ -1,5 +1,5 @@
       /*
      - * Copyright (c) 1995, 2015, Oracle and/or its affiliates. All rights reserved.
      + * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
        * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
        *
        * This code is free software; you can redistribute it and/or modify it
      @@ -227,9 +227,10 @@
            *
            * @deprecated This type of security checking is not recommended.
            *  It is recommended that the <code>checkPermission</code>
      -     *  call be used instead.
      +     *  call be used instead. This field is subject to removal in a
      +     *  future version of Java SE.
            */
      -    @Deprecated(since="1.2")
      +    @Deprecated(since="1.2", forRemoval=true)
           protected boolean inCheck;
       
           /*
      @@ -260,9 +261,10 @@
            * @see     java.lang.SecurityManager#inCheck
            * @deprecated This type of security checking is not recommended.
            *  It is recommended that the <code>checkPermission</code>
      -     *  call be used instead.
      +     *  call be used instead. This method is subject to removal in a
      +     *  future version of Java SE.
            */
      -    @Deprecated(since="1.2")
      +    @Deprecated(since="1.2", forRemoval=true)
           public boolean getInCheck() {
               return inCheck;
           }
      @@ -340,12 +342,13 @@
            *
            * @deprecated This type of security checking is not recommended.
            *  It is recommended that the <code>checkPermission</code>
      -     *  call be used instead.
      +     *  call be used instead. This method is subject to removal in a
      +     *  future version of Java SE.
            *
            * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
            * @see  #checkPermission(java.security.Permission) checkPermission
            */
      -    @Deprecated(since="1.2")
      +    @Deprecated(since="1.2", forRemoval=true)
           protected ClassLoader currentClassLoader() {
               ClassLoader cl = currentClassLoader0();
               if ((cl != null) && hasAllPermission())
      @@ -386,12 +389,13 @@
            *
            * @deprecated This type of security checking is not recommended.
            *  It is recommended that the <code>checkPermission</code>
      -     *  call be used instead.
      +     *  call be used instead. This method is subject to removal in a
      +     *  future version of Java SE.
            *
            * @see  java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
            * @see  #checkPermission(java.security.Permission) checkPermission
            */
      -    @Deprecated(since="1.2")
      +    @Deprecated(since="1.2", forRemoval=true)
           protected Class<?> currentLoadedClass() {
               Class<?> c = currentLoadedClass0();
               if ((c != null) && hasAllPermission())
      @@ -408,10 +412,10 @@
            *          <code>-1</code> if such a frame cannot be found.
            * @deprecated This type of security checking is not recommended.
            *  It is recommended that the <code>checkPermission</code>
      -     *  call be used instead.
      -     *
      +     *  call be used instead. This method is subject to removal in a
      +     *  future version of Java SE.
            */
      -    @Deprecated(since="1.2")
      +    @Deprecated(since="1.2", forRemoval=true)
           protected native int classDepth(String name);
       
           /**
      @@ -444,12 +448,13 @@
            *
            * @deprecated This type of security checking is not recommended.
            *  It is recommended that the <code>checkPermission</code>
      -     *  call be used instead.
      +     *  call be used instead. This method is subject to removal in a
      +     *  future version of Java SE.
            *
            * @see   java.lang.ClassLoader#getSystemClassLoader() getSystemClassLoader
            * @see   #checkPermission(java.security.Permission) checkPermission
            */
      -    @Deprecated(since="1.2")
      +    @Deprecated(since="1.2", forRemoval=true)
           protected int classLoaderDepth() {
               int depth = classLoaderDepth0();
               if (depth != -1) {
      @@ -472,9 +477,10 @@
            *         name is on the execution stack; <code>false</code> otherwise.
            * @deprecated This type of security checking is not recommended.
            *  It is recommended that the <code>checkPermission</code>
      -     *  call be used instead.
      +     *  call be used instead. This method is subject to removal in a
      +     *  future version of Java SE.
            */
      -    @Deprecated(since="1.2")
      +    @Deprecated(since="1.2", forRemoval=true)
           protected boolean inClass(String name) {
               return classDepth(name) >= 0;
           }
      @@ -488,10 +494,11 @@
            *
            * @deprecated This type of security checking is not recommended.
            *  It is recommended that the <code>checkPermission</code>
      -     *  call be used instead.
      +     *  call be used instead. This method is subject to removal in a
      +     *  future version of Java SE.
            * @see        #currentClassLoader() currentClassLoader
            */
      -    @Deprecated(since="1.2")
      +    @Deprecated(since="1.2", forRemoval=true)
           protected boolean inClassLoader() {
               return currentClassLoader() != null;
           }

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mullan Sean Mullan
                Reporter:
                mullan Sean Mullan
                Reviewed By:
                Xue-Lei Fan
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: