Mercurial > hg > openjdk > aarch64-port > jdk
changeset 8029:336784cd60c3
8008981: Deprecate SecurityManager checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess
Reviewed-by: anthony, art, mchung
author | alanb |
---|---|
date | Wed, 04 Sep 2013 11:40:23 +0100 |
parents | d62c911aebbb |
children | ac6e99af2056 |
files | src/macosx/classes/sun/lwawt/LWToolkit.java src/share/classes/java/awt/TextComponent.java src/share/classes/java/awt/Toolkit.java src/share/classes/java/awt/Window.java src/share/classes/java/awt/event/InputEvent.java src/share/classes/java/lang/SecurityManager.java src/share/classes/sun/applet/AppletSecurity.java src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java src/share/classes/sun/swing/SwingUtilities2.java src/solaris/classes/sun/awt/X11/XToolkit.java src/windows/classes/sun/awt/windows/WToolkit.java test/java/awt/security/Permissions.java |
diffstat | 12 files changed, 181 insertions(+), 83 deletions(-) [+] |
line wrap: on
line diff
--- a/src/macosx/classes/sun/lwawt/LWToolkit.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/macosx/classes/sun/lwawt/LWToolkit.java Wed Sep 04 11:40:23 2013 +0100 @@ -38,6 +38,7 @@ import sun.awt.*; import sun.lwawt.macosx.*; import sun.print.*; +import sun.security.util.SecurityConstants; public abstract class LWToolkit extends SunToolkit implements Runnable { @@ -502,7 +503,7 @@ public Clipboard getSystemClipboard() { SecurityManager security = System.getSecurityManager(); if (security != null) { - security.checkSystemClipboardAccess(); + security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); } synchronized (this) {
--- a/src/share/classes/java/awt/TextComponent.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/share/classes/java/awt/TextComponent.java Wed Sep 04 11:40:23 2013 +0100 @@ -35,6 +35,7 @@ import javax.swing.text.AttributeSet; import javax.accessibility.*; import java.awt.im.InputMethodRequests; +import sun.security.util.SecurityConstants; /** * The <code>TextComponent</code> class is the superclass of @@ -728,7 +729,7 @@ SecurityManager sm = System.getSecurityManager(); if (sm == null) return true; try { - sm.checkSystemClipboardAccess(); + sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); return true; } catch (SecurityException e) {} return false;
--- a/src/share/classes/java/awt/Toolkit.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/share/classes/java/awt/Toolkit.java Wed Sep 04 11:40:23 2013 +0100 @@ -1270,12 +1270,8 @@ * <p> * Each actual implementation of this method should first check if there * is a security manager installed. If there is, the method should call - * the security manager's <code>checkSystemClipboardAccess</code> method - * to ensure it's ok to to access the system clipboard. If the default - * implementation of <code>checkSystemClipboardAccess</code> is used (that - * is, that method is not overriden), then this results in a call to the - * security manager's <code>checkPermission</code> method with an <code> - * AWTPermission("accessClipboard")</code> permission. + * the security manager's {@link SecurityManager#checkPermission + * checkPermission} method to check {@code AWTPermission("accessClipboard")}. * * @return the system Clipboard * @exception HeadlessException if GraphicsEnvironment.isHeadless() @@ -1318,14 +1314,9 @@ * system selection <code>Clipboard</code> as described above. * <p> * Each actual implementation of this method should first check if there - * is a <code>SecurityManager</code> installed. If there is, the method - * should call the <code>SecurityManager</code>'s - * <code>checkSystemClipboardAccess</code> method to ensure that client - * code has access the system selection. If the default implementation of - * <code>checkSystemClipboardAccess</code> is used (that is, if the method - * is not overridden), then this results in a call to the - * <code>SecurityManager</code>'s <code>checkPermission</code> method with - * an <code>AWTPermission("accessClipboard")</code> permission. + * is a security manager installed. If there is, the method should call + * the security manager's {@link SecurityManager#checkPermission + * checkPermission} method to check {@code AWTPermission("accessClipboard")}. * * @return the system selection as a <code>Clipboard</code>, or * <code>null</code> if the native platform does not support a @@ -1699,25 +1690,20 @@ * therefore not assume that the EventQueue instance returned * by this method will be shared by other applets or the system. * - * <p>First, if there is a security manager, its - * <code>checkAwtEventQueueAccess</code> - * method is called. - * If the default implementation of <code>checkAwtEventQueueAccess</code> - * is used (that is, that method is not overriden), then this results in - * a call to the security manager's <code>checkPermission</code> method - * with an <code>AWTPermission("accessEventQueue")</code> permission. + * <p> If there is a security manager then its + * {@link SecurityManager#checkPermission checkPermission} method + * is called to check {@code AWTPermission("accessEventQueue")}. * * @return the <code>EventQueue</code> object * @throws SecurityException - * if a security manager exists and its <code>{@link - * java.lang.SecurityManager#checkAwtEventQueueAccess}</code> - * method denies access to the <code>EventQueue</code> + * if a security manager is set and it denies access to + * the {@code EventQueue} * @see java.awt.AWTPermission */ public final EventQueue getSystemEventQueue() { SecurityManager security = System.getSecurityManager(); if (security != null) { - security.checkAwtEventQueueAccess(); + security.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION); } return getSystemEventQueueImpl(); }
--- a/src/share/classes/java/awt/Window.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/share/classes/java/awt/Window.java Wed Sep 04 11:40:23 2013 +0100 @@ -195,10 +195,9 @@ /** * This represents the warning message that is * to be displayed in a non secure window. ie : - * a window that has a security manager installed for - * which calling SecurityManager.checkTopLevelWindow() - * is false. This message can be displayed anywhere in - * the window. + * a window that has a security manager installed that denies + * {@code AWTPermission("showWindowWithoutWarningBanner")}. + * This message can be displayed anywhere in the window. * * @serial * @see #getWarningString @@ -417,11 +416,10 @@ * Constructs a new, initially invisible window in default size with the * specified {@code GraphicsConfiguration}. * <p> - * If there is a security manager, this method first calls - * the security manager's {@code checkTopLevelWindow} - * method with {@code this} - * as its argument to determine whether or not the window - * must be displayed with a warning banner. + * If there is a security manager, then it is invoked to check + * {@code AWTPermission("showWindowWithoutWarningBanner")} + * to determine whether or not the window must be displayed with + * a warning banner. * * @param gc the {@code GraphicsConfiguration} of the target screen * device. If {@code gc} is {@code null}, the system default @@ -432,7 +430,6 @@ * {@code GraphicsEnvironment.isHeadless()} returns {@code true} * * @see java.awt.GraphicsEnvironment#isHeadless - * @see java.lang.SecurityManager#checkTopLevelWindow */ Window(GraphicsConfiguration gc) { init(gc); @@ -511,25 +508,16 @@ /** * Constructs a new, initially invisible window in the default size. - * - * <p>First, if there is a security manager, its - * {@code checkTopLevelWindow} - * method is called with {@code this} - * as its argument - * to see if it's ok to display the window without a warning banner. - * If the default implementation of {@code checkTopLevelWindow} - * is used (that is, that method is not overriden), then this results in - * a call to the security manager's {@code checkPermission} method - * with an {@code AWTPermission("showWindowWithoutWarningBanner")} - * permission. It that method raises a SecurityException, - * {@code checkTopLevelWindow} returns false, otherwise it - * returns true. If it returns false, a warning banner is created. + * <p> + * If there is a security manager set, it is invoked to check + * {@code AWTPermission("showWindowWithoutWarningBanner")}. + * If that check fails with a {@code SecurityException} then a warning + * banner is created. * * @exception HeadlessException when * {@code GraphicsEnvironment.isHeadless()} returns {@code true} * * @see java.awt.GraphicsEnvironment#isHeadless - * @see java.lang.SecurityManager#checkTopLevelWindow */ Window() throws HeadlessException { GraphicsEnvironment.checkHeadless(); @@ -541,11 +529,10 @@ * {@code Frame} as its owner. The window will not be focusable * unless its owner is showing on the screen. * <p> - * If there is a security manager, this method first calls - * the security manager's {@code checkTopLevelWindow} - * method with {@code this} - * as its argument to determine whether or not the window - * must be displayed with a warning banner. + * If there is a security manager set, it is invoked to check + * {@code AWTPermission("showWindowWithoutWarningBanner")}. + * If that check fails with a {@code SecurityException} then a warning + * banner is created. * * @param owner the {@code Frame} to act as owner or {@code null} * if this window has no owner @@ -555,7 +542,6 @@ * {@code GraphicsEnvironment.isHeadless} returns {@code true} * * @see java.awt.GraphicsEnvironment#isHeadless - * @see java.lang.SecurityManager#checkTopLevelWindow * @see #isShowing */ public Window(Frame owner) { @@ -570,11 +556,10 @@ * unless its nearest owning {@code Frame} or {@code Dialog} * is showing on the screen. * <p> - * If there is a security manager, this method first calls - * the security manager's {@code checkTopLevelWindow} - * method with {@code this} - * as its argument to determine whether or not the window - * must be displayed with a warning banner. + * If there is a security manager set, it is invoked to check + * {@code AWTPermission("showWindowWithoutWarningBanner")}. + * If that check fails with a {@code SecurityException} then a + * warning banner is created. * * @param owner the {@code Window} to act as owner or * {@code null} if this window has no owner @@ -585,7 +570,6 @@ * {@code true} * * @see java.awt.GraphicsEnvironment#isHeadless - * @see java.lang.SecurityManager#checkTopLevelWindow * @see #isShowing * * @since 1.2 @@ -603,11 +587,10 @@ * its nearest owning {@code Frame} or {@code Dialog} * is showing on the screen. * <p> - * If there is a security manager, this method first calls - * the security manager's {@code checkTopLevelWindow} - * method with {@code this} - * as its argument to determine whether or not the window - * must be displayed with a warning banner. + * If there is a security manager set, it is invoked to check + * {@code AWTPermission("showWindowWithoutWarningBanner")}. If that + * check fails with a {@code SecurityException} then a warning banner + * is created. * * @param owner the window to act as owner or {@code null} * if this window has no owner @@ -621,7 +604,6 @@ * {@code true} * * @see java.awt.GraphicsEnvironment#isHeadless - * @see java.lang.SecurityManager#checkTopLevelWindow * @see GraphicsConfiguration#getBounds * @see #isShowing * @since 1.3 @@ -1362,10 +1344,9 @@ * Gets the warning string that is displayed with this window. * If this window is insecure, the warning string is displayed * somewhere in the visible area of the window. A window is - * insecure if there is a security manager, and the security - * manager's {@code checkTopLevelWindow} method returns - * {@code false} when this window is passed to it as an - * argument. + * insecure if there is a security manager and the security + * manager denies + * {@code AWTPermission("showWindowWithoutWarningBanner")}. * <p> * If the window is secure, then {@code getWarningString} * returns {@code null}. If the window is insecure, this @@ -1373,7 +1354,6 @@ * {@code awt.appletWarning} * and returns the string value of that property. * @return the warning string for this window. - * @see java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object) */ public final String getWarningString() { return warningString; @@ -1383,10 +1363,12 @@ warningString = null; SecurityManager sm = System.getSecurityManager(); if (sm != null) { - if (!sm.checkTopLevelWindow(this)) { + try { + sm.checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION); + } catch (SecurityException se) { // make sure the privileged action is only // for getting the property! We don't want the - // above checkTopLevelWindow call to always succeed! + // above checkPermission call to always succeed! warningString = AccessController.doPrivileged( new GetPropertyAction("awt.appletWarning", "Java Applet Window"));
--- a/src/share/classes/java/awt/event/InputEvent.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/share/classes/java/awt/event/InputEvent.java Wed Sep 04 11:40:23 2013 +0100 @@ -33,6 +33,7 @@ import sun.awt.AWTAccessor; import sun.util.logging.PlatformLogger; +import sun.security.util.SecurityConstants; /** * The root event class for all component-level input events. @@ -350,7 +351,7 @@ SecurityManager sm = System.getSecurityManager(); if (sm != null) { try { - sm.checkSystemClipboardAccess(); + sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); b = true; } catch (SecurityException se) { if (logger.isLoggable(PlatformLogger.Level.FINE)) {
--- a/src/share/classes/java/lang/SecurityManager.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/share/classes/java/lang/SecurityManager.java Wed Sep 04 11:40:23 2013 +0100 @@ -1336,9 +1336,16 @@ * top-level windows; <code>false</code> otherwise. * @exception NullPointerException if the <code>window</code> argument is * <code>null</code>. + * @deprecated The dependency on {@code AWTPermission} creates an + * impediment to future modularization of the Java platform. + * Users of this method should instead invoke + * {@link #checkPermission} directly. + * This method will be changed in a future release to check + * the permission {@code java.security.AllPermission}. * @see java.awt.Window * @see #checkPermission(java.security.Permission) checkPermission */ + @Deprecated public boolean checkTopLevelWindow(Object window) { if (window == null) { throw new NullPointerException("window can't be null"); @@ -1398,8 +1405,15 @@ * @since JDK1.1 * @exception SecurityException if the calling thread does not have * permission to access the system clipboard. + * @deprecated The dependency on {@code AWTPermission} creates an + * impediment to future modularization of the Java platform. + * Users of this method should instead invoke + * {@link #checkPermission} directly. + * This method will be changed in a future release to check + * the permission {@code java.security.AllPermission}. * @see #checkPermission(java.security.Permission) checkPermission */ + @Deprecated public void checkSystemClipboardAccess() { Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION; if (perm == null) { @@ -1427,8 +1441,15 @@ * @since JDK1.1 * @exception SecurityException if the calling thread does not have * permission to access the AWT event queue. + * @deprecated The dependency on {@code AWTPermission} creates an + * impediment to future modularization of the Java platform. + * Users of this method should instead invoke + * {@link #checkPermission} directly. + * This method will be changed in a future release to check + * the permission {@code java.security.AllPermission}. * @see #checkPermission(java.security.Permission) checkPermission */ + @Deprecated public void checkAwtEventQueueAccess() { Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION; if (perm == null) {
--- a/src/share/classes/sun/applet/AppletSecurity.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/share/classes/sun/applet/AppletSecurity.java Wed Sep 04 11:40:23 2013 +0100 @@ -314,7 +314,7 @@ // If we're about to allow access to the main EventQueue, // and anything untrusted is on the class context stack, // disallow access. - super.checkAwtEventQueueAccess(); + super.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION); } } // checkAwtEventQueueAccess()
--- a/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java Wed Sep 04 11:40:23 2013 +0100 @@ -57,6 +57,7 @@ import sun.awt.SunToolkit; import sun.awt.datatransfer.DataTransferer; import sun.awt.datatransfer.ToolkitThreadBlockedHandler; +import sun.security.util.SecurityConstants; /** * <p> @@ -225,7 +226,7 @@ SecurityManager sm = System.getSecurityManager(); try { if (!dropInProcess && sm != null) { - sm.checkSystemClipboardAccess(); + sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); } } catch (Exception e) { Thread currentThread = Thread.currentThread();
--- a/src/share/classes/sun/swing/SwingUtilities2.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/share/classes/sun/swing/SwingUtilities2.java Wed Sep 04 11:40:23 2013 +0100 @@ -1184,7 +1184,7 @@ canAccess = true; } else { try { - sm.checkSystemClipboardAccess(); + sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); canAccess = true; } catch (SecurityException e) { }
--- a/src/solaris/classes/sun/awt/X11/XToolkit.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/solaris/classes/sun/awt/X11/XToolkit.java Wed Sep 04 11:40:23 2013 +0100 @@ -54,6 +54,7 @@ import sun.security.action.GetPropertyAction; import sun.security.action.GetBooleanAction; import sun.util.logging.PlatformLogger; +import sun.security.util.SecurityConstants; public final class XToolkit extends UNIXToolkit implements Runnable { private static final PlatformLogger log = PlatformLogger.getLogger("sun.awt.X11.XToolkit"); @@ -1152,7 +1153,7 @@ public Clipboard getSystemClipboard() { SecurityManager security = System.getSecurityManager(); if (security != null) { - security.checkSystemClipboardAccess(); + security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); } synchronized (this) { if (clipboard == null) { @@ -1165,7 +1166,7 @@ public Clipboard getSystemSelection() { SecurityManager security = System.getSecurityManager(); if (security != null) { - security.checkSystemClipboardAccess(); + security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); } synchronized (this) { if (selection == null) {
--- a/src/windows/classes/sun/awt/windows/WToolkit.java Wed Sep 04 09:34:25 2013 +0200 +++ b/src/windows/classes/sun/awt/windows/WToolkit.java Wed Sep 04 11:40:23 2013 +0100 @@ -64,6 +64,7 @@ import sun.font.SunFontManager; import sun.misc.PerformanceLogger; import sun.util.logging.PlatformLogger; +import sun.security.util.SecurityConstants; public class WToolkit extends SunToolkit implements Runnable { @@ -681,7 +682,7 @@ public Clipboard getSystemClipboard() { SecurityManager security = System.getSecurityManager(); if (security != null) { - security.checkSystemClipboardAccess(); + security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION); } synchronized (this) { if (clipboard == null) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/java/awt/security/Permissions.java Wed Sep 04 11:40:23 2013 +0100 @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* @test + * @bug 8008981 + * @summary Test that selected Toolkit and Window methods/constructors do + * the appropriate permission check + * @run main/othervm Permissions + */ + +import java.awt.AWTPermission; +import java.awt.Frame; +import java.awt.GraphicsConfiguration; +import java.awt.Toolkit; +import java.awt.Window; +import java.util.ArrayList; +import java.util.List; +import java.security.Permission; + +public class Permissions { + + static class MySecurityManager extends SecurityManager { + private List<Permission> permissionsChecked = new ArrayList<>(); + + static MySecurityManager install() { + MySecurityManager sm = new MySecurityManager(); + System.setSecurityManager(sm); + return sm; + } + + @Override + public void checkPermission(Permission perm) { + permissionsChecked.add(perm); + } + + void prepare(String msg) { + System.out.println(msg); + permissionsChecked.clear(); + } + + /** + * Checks the security manager's checkPermission method was invoked + * to check the given permission and target name. + */ + void assertChecked(Class<? extends Permission> type, String name) { + for (Permission perm: permissionsChecked) { + if (type.isInstance(perm) && perm.getName().equals(name)) + return; + } + throw new RuntimeException(type.getName() + "(\"" + name + "\") not checked"); + } + } + + public static void main(String[] args) { + MySecurityManager sm = MySecurityManager.install(); + + Toolkit toolkit = Toolkit.getDefaultToolkit(); + + sm.prepare("Toolkit.getSystemClipboard()"); + toolkit.getSystemClipboard(); + sm.assertChecked(AWTPermission.class, "accessClipboard"); + + sm.prepare("Toolkit.getSystemEventQueue()"); + toolkit.getSystemEventQueue(); + sm.assertChecked(AWTPermission.class, "accessEventQueue"); + + sm.prepare("Toolkit.getSystemSelection()"); + toolkit.getSystemSelection(); + //sm.assertChecked(AWTPermission.class, "accessClipboard"); + + sm.prepare("Window(Frame)"); + new Window((Frame)null); + sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner"); + + sm.prepare("Window(Window)"); + new Window((Window)null); + sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner"); + + sm.prepare("Window(Window,GraphicsConfiguration)"); + new Window((Window)null, (GraphicsConfiguration)null); + sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner"); + } +}