6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile

Reviewed-by: mchung

6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile
Reviewed-by: mchung
0c110a1e · mullan · d33bc88e · 0c110a1e · 0c110a1e
2 changed file
--- a/src/share/classes/javax/security/auth/Policy.java
+++ b/src/share/classes/javax/security/auth/Policy.java
@@ -25,6 +25,9 @@

 package javax.security.auth;

+import java.security.Security;
+import sun.security.util.Debug;
+
 /**
 * <p> This is an abstract class for representing the system policy for
 * Subject-based authorization.  A subclass implementation
@@ -159,6 +162,10 @@ public abstract class Policy {
    private static Policy policy;
    private static ClassLoader contextClassLoader;

+    // true if a custom (not com.sun.security.auth.PolicyFile) system-wide
+    // policy object is set
+    private static boolean isCustomPolicy;
+
    static {
        contextClassLoader = java.security.AccessController.doPrivileged
                (new java.security.PrivilegedAction<ClassLoader>() {
@@ -234,6 +241,8 @@ public abstract class Policy {
                                        contextClassLoader).newInstance();
                            }
                        });
+                        isCustomPolicy =
+                            !finalClass.equals("com.sun.security.auth.PolicyFile");
                    } catch (Exception e) {
                        throw new SecurityException
                                (sun.security.util.ResourcesMgr.getString
@@ -265,6 +274,46 @@ public abstract class Policy {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
        Policy.policy = policy;
+        // all non-null policy objects are assumed to be custom
+        isCustomPolicy = policy != null ? true : false;
+    }
+
+    /**
+     * Returns true if a custom (not com.sun.security.auth.PolicyFile)
+     * system-wide policy object has been set or installed. This method is
+     * called by SubjectDomainCombiner to provide backwards compatibility for
+     * developers that provide their own javax.security.auth.Policy
+     * implementations.
+     *
+     * @return true if a custom (not com.sun.security.auth.PolicyFile)
+     * system-wide policy object has been set; false otherwise
+     */
+    static boolean isCustomPolicySet(Debug debug) {
+        if (policy != null) {
+            if (debug != null && isCustomPolicy) {
+                debug.println("Providing backwards compatibility for " +
+                              "javax.security.auth.policy implementation: " +
+                              policy.toString());
+            }
+            return isCustomPolicy;
+        }
+        // check if custom policy has been set using auth.policy.provider prop
+        String policyClass = java.security.AccessController.doPrivileged
+            (new java.security.PrivilegedAction<String>() {
+                public String run() {
+                    return Security.getProperty("auth.policy.provider");
+                }
+        });
+        if (policyClass != null
+            && !policyClass.equals("com.sun.security.auth.PolicyFile")) {
+            if (debug != null) {
+                debug.println("Providing backwards compatibility for " +
+                              "javax.security.auth.policy implementation: " +
+                              policyClass);
+            }
+            return true;
+        }
+        return false;
    }

    /**

--- a/src/share/classes/javax/security/auth/SubjectDomainCombiner.java
+++ b/src/share/classes/javax/security/auth/SubjectDomainCombiner.java
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -26,8 +26,6 @@
 package javax.security.auth;

 import java.security.AccessController;
-import java.security.AccessControlContext;
-import java.security.AllPermission;
 import java.security.Permission;
 import java.security.Permissions;
 import java.security.PermissionCollection;
@@ -35,10 +33,8 @@ import java.security.Policy;
 import java.security.Principal;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
-import java.lang.ClassLoader;
 import java.security.Security;
 import java.util.Set;
-import java.util.Iterator;
 import java.util.WeakHashMap;
 import java.lang.ref.WeakReference;

@@ -61,7 +57,8 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
                                        "\t[SubjectDomainCombiner]");

    // Note: check only at classloading time, not dynamically during combine()
-    private static final boolean useJavaxPolicy = compatPolicy();
+    private static final boolean useJavaxPolicy =
+        javax.security.auth.Policy.isCustomPolicySet(debug);

    // Relevant only when useJavaxPolicy is true
    private static final boolean allowCaching =
@@ -202,8 +199,8 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
            return null;
        }

-        // maintain backwards compatibility for people who provide
-        // their own javax.security.auth.Policy implementations
+        // maintain backwards compatibility for developers who provide
+        // their own custom javax.security.auth.Policy implementations
        if (useJavaxPolicy) {
            return combineJavaxPolicy(currentDomains, assignedDomains);
        }
@@ -476,8 +473,7 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
        String s = AccessController.doPrivileged
            (new PrivilegedAction<String>() {
            public String run() {
-                return java.security.Security.getProperty
-                                        ("cache.auth.policy");
+                return Security.getProperty("cache.auth.policy");
            }
        });
        if (s != null) {
@@ -488,29 +484,6 @@ public class SubjectDomainCombiner implements java.security.DomainCombiner {
        return true;
    }

-    // maintain backwards compatibility for people who provide
-    // their own javax.security.auth.Policy implementations
-    private static boolean compatPolicy() {
-        javax.security.auth.Policy javaxPolicy = AccessController.doPrivileged
-            (new PrivilegedAction<javax.security.auth.Policy>() {
-            public javax.security.auth.Policy run() {
-                return javax.security.auth.Policy.getPolicy();
-            }
-        });
-
-        if (!(javaxPolicy instanceof com.sun.security.auth.PolicyFile)) {
-            if (debug != null) {
-                debug.println("Providing backwards compatibility for " +
-                        "javax.security.auth.policy implementation: " +
-                        javaxPolicy.toString());
-            }
-
-            return true;
-        } else {
-            return false;
-        }
-    }
-
    private static void printInputDomains(ProtectionDomain[] currentDomains,
                                ProtectionDomain[] assignedDomains) {
        if (currentDomains == null || currentDomains.length == 0) {