> This is the implementation of JEP 486: Permanently Disable the Security
> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The
> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail the
> main changes in the JEP and also includes an apidiff of the specification
> changes.
>
> NOTE: the majority (~95%) of the changes in this PR are test updates
> (removal/modifications) and API specification changes, the latter mostly to
> remove `@throws SecurityException`. The remaining changes are primarily the
> removal of the `SecurityManager`, `Policy`, `AccessController` and other
> Security Manager API implementations. There is very little new code.
>
> The code changes can be broken down into roughly the following categories:
>
> 1. Degrading the behavior of Security Manager APIs to either throw Exceptions
> by default or provide an execution environment that disallows access to all
> resources by default.
> 2. Changing hundreds of methods and constructors to no longer throw a
> `SecurityException` if a Security Manager was enabled. They will operate as
> they did in JDK 23 with no Security Manager enabled.
> 3. Changing the `java` command to exit with a fatal error if a Security
> Manager is enabled.
> 4. Removing the hotspot native code for the privileged stack walk and the
> inherited access control context. The remaining hotspot code and tests
> related to the Security Manager will be removed immediately after integration
> - see [JDK-8341916](https://bugs.openjdk.org/browse/JDK-8341916).
> 5. Removing or modifying hundreds of tests. Many tests that tested Security
> Manager behavior are no longer relevant and thus have been removed or
> modified.
>
> There are a handful of Security Manager related tests that are failing and
> are at the end of the `test/jdk/ProblemList.txt`,
> `test/langtools/ProblemList.txt` and `test/hotspot/jtreg/ProblemList.txt`
> files - these will be removed or separate bugs will be filed before
> integrating this PR.
>
> Inside the JDK, we have retained calls to
> `SecurityManager::getSecurityManager` and `AccessController::doPrivileged`
> for now, as these methods have been degraded to behave the same as they did
> in JDK 23 with no Security Manager enabled. After we integrate this JEP,
> those calls will be removed in each area (client-libs, core-libs, security,
> etc).
>
> I don't expect each reviewer to review all the code changes in this JEP.
> Rather, I advise that you only focus on the changes for the area
> (client-libs, core-libs, net, security, etc) that you are most f...
Sean Mullan has updated the pull request with a new target base due to a merge
or a rebase. The pull request now contains 200 commits:
- Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411
- Modify three RMI tests to work without the security manager:
- test/jdk/java/rmi/registry/classPathCodebase/ClassPathCodebase.java
- test/jdk/java/rmi/registry/readTest/CodebaseTest.java
-
test/jdk/java/rmi/server/RMIClassLoader/useCodebaseOnly/UseCodebaseOnly.java
Also remove them from the problem list.
- Remove two obsolete RMI tests:
- test/jdk/java/rmi/server/RMIClassLoader/spi/ContextInsulation.java
-
test/jdk/sun/rmi/transport/tcp/disableMultiplexing/DisableMultiplexing.java
Adjust two tests to run without the Security Manager:
-
test/jdk/java/rmi/server/RMIClassLoader/loadProxyClasses/LoadProxyClasses.java
- test/jdk/java/rmi/server/RMIClassLoader/spi/DefaultProperty.java
Remove all of these tests from the problem list.
- In staticPermissionsOnly(), change "current policy binding" to "current
policy" so wording is consistent with the API note that follows.
- Added API Notes to ProtectionDomain clarifying that the current policy always
grants no permissions. A few other small changes to Policy and PD.
- Merge branch 'master' into jep486
- JAXP tests: organize imports of a few tests
- Improve description of Executors.privilegedThreadFactory
- rename TestAppletLoggerContext.java as suggested in util test review
- clientlibs: Javadoc cleanup
- ... and 190 more: https://git.openjdk.org/jdk/compare/158ae51b...7958ee2b
-------------
Changes: https://git.openjdk.org/jdk/pull/21498/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=21498&range=05
Stats: 68829 lines in 1886 files changed: 2485 ins; 62501 del; 3843 mod
Patch: https://git.openjdk.org/jdk/pull/21498.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/21498/head:pull/21498
PR: https://git.openjdk.org/jdk/pull/21498
