8008981: Deprecate SecurityManager checkTopLevelWindow,...

8008981: Deprecate SecurityManager checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess
Reviewed-by: anthony, art, mchung

src/macosx/classes/sun/lwawt/LWToolkit.java

@@ -38,6 +38,7 @@ import java.util.*;
 import sun.awt.*;
 import sun.lwawt.macosx.*;
 import sun.print.*;
+import sun.security.util.SecurityConstants;
 
 public abstract class LWToolkit extends SunToolkit implements Runnable {
 
@@ -502,7 +503,7 @@ public abstract class LWToolkit extends SunToolkit implements Runnable {
     public Clipboard getSystemClipboard() {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-            security.checkSystemClipboardAccess();
+            security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
         }
 
         synchronized (this) {

src/share/classes/java/awt/TextComponent.java

@@ -35,6 +35,7 @@ import java.text.BreakIterator;
 import javax.swing.text.AttributeSet;
 import javax.accessibility.*;
 import java.awt.im.InputMethodRequests;
+import sun.security.util.SecurityConstants;
 
 /**
  * The <code>TextComponent</code> class is the superclass of
@@ -728,7 +729,7 @@ public class TextComponent extends Component implements Accessible {
         SecurityManager sm = System.getSecurityManager();
         if (sm == null) return true;
         try {
-            sm.checkSystemClipboardAccess();
+            sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
             return true;
         } catch (SecurityException e) {}
         return false;

src/share/classes/java/awt/Toolkit.java

@@ -1270,12 +1270,8 @@ public abstract class Toolkit {
      * <p>
      * Each actual implementation of this method should first check if there
      * is a security manager installed. If there is, the method should call
-     * the security manager's <code>checkSystemClipboardAccess</code> method
-     * to ensure it's ok to to access the system clipboard. If the default
-     * implementation of <code>checkSystemClipboardAccess</code> is used (that
-     * is, that method is not overriden), then this results in a call to the
-     * security manager's <code>checkPermission</code> method with an <code>
-     * AWTPermission("accessClipboard")</code> permission.
+     * the security manager's {@link SecurityManager#checkPermission
+     * checkPermission} method to check {@code AWTPermission("accessClipboard")}.
      *
      * @return    the system Clipboard
      * @exception HeadlessException if GraphicsEnvironment.isHeadless()
@@ -1318,14 +1314,9 @@ public abstract class Toolkit {
      * system selection <code>Clipboard</code> as described above.
      * <p>
      * Each actual implementation of this method should first check if there
-     * is a <code>SecurityManager</code> installed. If there is, the method
-     * should call the <code>SecurityManager</code>'s
-     * <code>checkSystemClipboardAccess</code> method to ensure that client
-     * code has access the system selection. If the default implementation of
-     * <code>checkSystemClipboardAccess</code> is used (that is, if the method
-     * is not overridden), then this results in a call to the
-     * <code>SecurityManager</code>'s <code>checkPermission</code> method with
-     * an <code>AWTPermission("accessClipboard")</code> permission.
+     * is a security manager installed. If there is, the method should call
+     * the security manager's {@link SecurityManager#checkPermission
+     * checkPermission} method to check {@code AWTPermission("accessClipboard")}.
      *
      * @return the system selection as a <code>Clipboard</code>, or
      *         <code>null</code> if the native platform does not support a
@@ -1699,25 +1690,20 @@ public abstract class Toolkit {
      * therefore not assume that the EventQueue instance returned
      * by this method will be shared by other applets or the system.
      *
-     * <p>First, if there is a security manager, its
-     * <code>checkAwtEventQueueAccess</code>
-     * method is called.
-     * If  the default implementation of <code>checkAwtEventQueueAccess</code>
-     * is used (that is, that method is not overriden), then this results in
-     * a call to the security manager's <code>checkPermission</code> method
-     * with an <code>AWTPermission("accessEventQueue")</code> permission.
+     * <p> If there is a security manager then its
+     * {@link SecurityManager#checkPermission checkPermission} method
+     * is called to check {@code AWTPermission("accessEventQueue")}.
      *
      * @return    the <code>EventQueue</code> object
      * @throws  SecurityException
-     *          if a security manager exists and its <code>{@link
-     *          java.lang.SecurityManager#checkAwtEventQueueAccess}</code>
-     *          method denies access to the <code>EventQueue</code>
+     *          if a security manager is set and it denies access to
+     *          the {@code EventQueue}
      * @see     java.awt.AWTPermission
     */
     public final EventQueue getSystemEventQueue() {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-          security.checkAwtEventQueueAccess();
+            security.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
         }
         return getSystemEventQueueImpl();
     }

src/share/classes/java/awt/Window.java

@@ -195,10 +195,9 @@ public class Window extends Container implements Accessible {
     /**
      * This represents the warning message that is
      * to be displayed in a non secure window. ie :
-     * a window that has a security manager installed for
-     * which calling SecurityManager.checkTopLevelWindow()
-     * is false.  This message can be displayed anywhere in
-     * the window.
+     * a window that has a security manager installed that denies
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
+     * This message can be displayed anywhere in the window.
      *
      * @serial
      * @see #getWarningString
@@ -417,11 +416,10 @@ public class Window extends Container implements Accessible {
      * Constructs a new, initially invisible window in default size with the
      * specified {@code GraphicsConfiguration}.
      * <p>
-     * If there is a security manager, this method first calls
-     * the security manager's {@code checkTopLevelWindow}
-     * method with {@code this}
-     * as its argument to determine whether or not the window
-     * must be displayed with a warning banner.
+     * If there is a security manager, then it is invoked to check
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}
+     * to determine whether or not the window must be displayed with
+     * a warning banner.
      *
      * @param gc the {@code GraphicsConfiguration} of the target screen
      *     device. If {@code gc} is {@code null}, the system default
@@ -432,7 +430,6 @@ public class Window extends Container implements Accessible {
      *     {@code GraphicsEnvironment.isHeadless()} returns {@code true}
      *
      * @see java.awt.GraphicsEnvironment#isHeadless
-     * @see java.lang.SecurityManager#checkTopLevelWindow
      */
     Window(GraphicsConfiguration gc) {
         init(gc);
@@ -511,25 +508,16 @@ public class Window extends Container implements Accessible {
 
     /**
      * Constructs a new, initially invisible window in the default size.
-     *
-     * <p>First, if there is a security manager, its
-     * {@code checkTopLevelWindow}
-     * method is called with {@code this}
-     * as its argument
-     * to see if it's ok to display the window without a warning banner.
-     * If the default implementation of {@code checkTopLevelWindow}
-     * is used (that is, that method is not overriden), then this results in
-     * a call to the security manager's {@code checkPermission} method
-     * with an {@code AWTPermission("showWindowWithoutWarningBanner")}
-     * permission. It that method raises a SecurityException,
-     * {@code checkTopLevelWindow} returns false, otherwise it
-     * returns true. If it returns false, a warning banner is created.
+     * <p>
+     * If there is a security manager set, it is invoked to check
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
+     * If that check fails with a {@code SecurityException} then a warning
+     * banner is created.
      *
      * @exception HeadlessException when
      *     {@code GraphicsEnvironment.isHeadless()} returns {@code true}
      *
      * @see java.awt.GraphicsEnvironment#isHeadless
-     * @see java.lang.SecurityManager#checkTopLevelWindow
      */
     Window() throws HeadlessException {
         GraphicsEnvironment.checkHeadless();
@@ -541,11 +529,10 @@ public class Window extends Container implements Accessible {
      * {@code Frame} as its owner. The window will not be focusable
      * unless its owner is showing on the screen.
      * <p>
-     * If there is a security manager, this method first calls
-     * the security manager's {@code checkTopLevelWindow}
-     * method with {@code this}
-     * as its argument to determine whether or not the window
-     * must be displayed with a warning banner.
+     * If there is a security manager set, it is invoked to check
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
+     * If that check fails with a {@code SecurityException} then a warning
+     * banner is created.
      *
      * @param owner the {@code Frame} to act as owner or {@code null}
      *    if this window has no owner
@@ -555,7 +542,6 @@ public class Window extends Container implements Accessible {
      *    {@code GraphicsEnvironment.isHeadless} returns {@code true}
      *
      * @see java.awt.GraphicsEnvironment#isHeadless
-     * @see java.lang.SecurityManager#checkTopLevelWindow
      * @see #isShowing
      */
     public Window(Frame owner) {
@@ -570,11 +556,10 @@ public class Window extends Container implements Accessible {
      * unless its nearest owning {@code Frame} or {@code Dialog}
      * is showing on the screen.
      * <p>
-     * If there is a security manager, this method first calls
-     * the security manager's {@code checkTopLevelWindow}
-     * method with {@code this}
-     * as its argument to determine whether or not the window
-     * must be displayed with a warning banner.
+     * If there is a security manager set, it is invoked to check
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
+     * If that check fails with a {@code SecurityException} then a
+     * warning banner is created.
      *
      * @param owner the {@code Window} to act as owner or
      *     {@code null} if this window has no owner
@@ -585,7 +570,6 @@ public class Window extends Container implements Accessible {
      *     {@code true}
      *
      * @see       java.awt.GraphicsEnvironment#isHeadless
-     * @see       java.lang.SecurityManager#checkTopLevelWindow
      * @see       #isShowing
      *
      * @since     1.2
@@ -603,11 +587,10 @@ public class Window extends Container implements Accessible {
      * its nearest owning {@code Frame} or {@code Dialog}
      * is showing on the screen.
      * <p>
-     * If there is a security manager, this method first calls
-     * the security manager's {@code checkTopLevelWindow}
-     * method with {@code this}
-     * as its argument to determine whether or not the window
-     * must be displayed with a warning banner.
+     * If there is a security manager set, it is invoked to check
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}. If that
+     * check fails with a {@code SecurityException} then a warning banner
+     * is created.
      *
      * @param owner the window to act as owner or {@code null}
      *     if this window has no owner
@@ -621,7 +604,6 @@ public class Window extends Container implements Accessible {
      *     {@code true}
      *
      * @see       java.awt.GraphicsEnvironment#isHeadless
-     * @see       java.lang.SecurityManager#checkTopLevelWindow
      * @see       GraphicsConfiguration#getBounds
      * @see       #isShowing
      * @since     1.3
@@ -1362,10 +1344,9 @@ public class Window extends Container implements Accessible {
      * Gets the warning string that is displayed with this window.
      * If this window is insecure, the warning string is displayed
      * somewhere in the visible area of the window. A window is
-     * insecure if there is a security manager, and the security
-     * manager's {@code checkTopLevelWindow} method returns
-     * {@code false} when this window is passed to it as an
-     * argument.
+     * insecure if there is a security manager and the security
+     * manager denies
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
      * <p>
      * If the window is secure, then {@code getWarningString}
      * returns {@code null}. If the window is insecure, this
@@ -1373,7 +1354,6 @@ public class Window extends Container implements Accessible {
      * {@code awt.appletWarning}
      * and returns the string value of that property.
      * @return    the warning string for this window.
-     * @see       java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
      */
     public final String getWarningString() {
         return warningString;
@@ -1383,10 +1363,12 @@ public class Window extends Container implements Accessible {
         warningString = null;
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
-            if (!sm.checkTopLevelWindow(this)) {
+            try {
+                sm.checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION);
+            } catch (SecurityException se) {
                 // make sure the privileged action is only
                 // for getting the property! We don't want the
-                // above checkTopLevelWindow call to always succeed!
+                // above checkPermission call to always succeed!
                 warningString = AccessController.doPrivileged(
                       new GetPropertyAction("awt.appletWarning",
                                             "Java Applet Window"));

src/share/classes/java/awt/event/InputEvent.java

@@ -33,6 +33,7 @@ import java.util.Arrays;
 
 import sun.awt.AWTAccessor;
 import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
 
 /**
  * The root event class for all component-level input events.
@@ -350,7 +351,7 @@ public abstract class InputEvent extends ComponentEvent {
             SecurityManager sm = System.getSecurityManager();
             if (sm != null) {
                 try {
-                    sm.checkSystemClipboardAccess();
+                    sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
                     b = true;
                 } catch (SecurityException se) {
                     if (logger.isLoggable(PlatformLogger.Level.FINE)) {

src/share/classes/java/lang/SecurityManager.java

@@ -1336,9 +1336,16 @@ class SecurityManager {
      *             top-level windows; <code>false</code> otherwise.
      * @exception  NullPointerException if the <code>window</code> argument is
      *             <code>null</code>.
+     * @deprecated The dependency on {@code AWTPermission} creates an
+     *             impediment to future modularization of the Java platform.
+     *             Users of this method should instead invoke
+     *             {@link #checkPermission} directly.
+     *             This method will be changed in a future release to check
+     *             the permission {@code java.security.AllPermission}.
      * @see        java.awt.Window
      * @see        #checkPermission(java.security.Permission) checkPermission
      */
+    @Deprecated
     public boolean checkTopLevelWindow(Object window) {
         if (window == null) {
             throw new NullPointerException("window can't be null");
@@ -1398,8 +1405,15 @@ class SecurityManager {
      * @since   JDK1.1
      * @exception  SecurityException  if the calling thread does not have
      *             permission to access the system clipboard.
+     * @deprecated The dependency on {@code AWTPermission} creates an
+     *             impediment to future modularization of the Java platform.
+     *             Users of this method should instead invoke
+     *             {@link #checkPermission} directly.
+     *             This method will be changed in a future release to check
+     *             the permission {@code java.security.AllPermission}.
      * @see        #checkPermission(java.security.Permission) checkPermission
      */
+    @Deprecated
     public void checkSystemClipboardAccess() {
         Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION;
         if (perm == null) {
@@ -1427,8 +1441,15 @@ class SecurityManager {
      * @since   JDK1.1
      * @exception  SecurityException  if the calling thread does not have
      *             permission to access the AWT event queue.
+     * @deprecated The dependency on {@code AWTPermission} creates an
+     *             impediment to future modularization of the Java platform.
+     *             Users of this method should instead invoke
+     *             {@link #checkPermission} directly.
+     *             This method will be changed in a future release to check
+     *             the permission {@code java.security.AllPermission}.
      * @see        #checkPermission(java.security.Permission) checkPermission
      */
+    @Deprecated
     public void checkAwtEventQueueAccess() {
         Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION;
         if (perm == null) {

src/share/classes/sun/applet/AppletSecurity.java

@@ -314,7 +314,7 @@ class AppletSecurity extends AWTSecurityManager {
             // If we're about to allow access to the main EventQueue,
             // and anything untrusted is on the class context stack,
             // disallow access.
-            super.checkAwtEventQueueAccess();
+            super.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
         }
     } // checkAwtEventQueueAccess()
 

src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java

@@ -57,6 +57,7 @@ import sun.awt.AppContext;
 import sun.awt.SunToolkit;
 import sun.awt.datatransfer.DataTransferer;
 import sun.awt.datatransfer.ToolkitThreadBlockedHandler;
+import sun.security.util.SecurityConstants;
 
 /**
  * <p>
@@ -225,7 +226,7 @@ public abstract class SunDropTargetContextPeer implements DropTargetContextPeer,
         SecurityManager sm = System.getSecurityManager();
         try {
             if (!dropInProcess && sm != null) {
-                sm.checkSystemClipboardAccess();
+                sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
             }
         } catch (Exception e) {
             Thread currentThread = Thread.currentThread();

src/share/classes/sun/swing/SwingUtilities2.java

@@ -1184,7 +1184,7 @@ public class SwingUtilities2 {
                canAccess = true;
            } else {
                try {
-                   sm.checkSystemClipboardAccess();
+                   sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
                    canAccess = true;
                } catch (SecurityException e) {
                }

src/solaris/classes/sun/awt/X11/XToolkit.java

@@ -54,6 +54,7 @@ import sun.print.PrintJob2D;
 import sun.security.action.GetPropertyAction;
 import sun.security.action.GetBooleanAction;
 import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
 
 public final class XToolkit extends UNIXToolkit implements Runnable {
     private static final PlatformLogger log = PlatformLogger.getLogger("sun.awt.X11.XToolkit");
@@ -1152,7 +1153,7 @@ public final class XToolkit extends UNIXToolkit implements Runnable {
     public  Clipboard getSystemClipboard() {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-            security.checkSystemClipboardAccess();
+            security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
         }
         synchronized (this) {
             if (clipboard == null) {
@@ -1165,7 +1166,7 @@ public final class XToolkit extends UNIXToolkit implements Runnable {
     public Clipboard getSystemSelection() {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-            security.checkSystemClipboardAccess();
+            security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
         }
         synchronized (this) {
             if (selection == null) {

src/windows/classes/sun/awt/windows/WToolkit.java

@@ -64,6 +64,7 @@ import sun.font.FontManagerFactory;
 import sun.font.SunFontManager;
 import sun.misc.PerformanceLogger;
 import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
 
 public class WToolkit extends SunToolkit implements Runnable {
 
@@ -681,7 +682,7 @@ public class WToolkit extends SunToolkit implements Runnable {
     public Clipboard getSystemClipboard() {
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
-          security.checkSystemClipboardAccess();
+            security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
         }
         synchronized (this) {
             if (clipboard == null) {

test/java/awt/security/Permissions.java

+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @bug 8008981
+ * @summary Test that selected Toolkit and Window methods/constructors do
+ *   the appropriate permission check
+ * @run main/othervm Permissions
+ */
+
+import java.awt.AWTPermission;
+import java.awt.Frame;
+import java.awt.GraphicsConfiguration;
+import java.awt.Toolkit;
+import java.awt.Window;
+import java.util.ArrayList;
+import java.util.List;
+import java.security.Permission;
+
+public class Permissions {
+
+    static class MySecurityManager extends SecurityManager {
+        private List<Permission> permissionsChecked = new ArrayList<>();
+
+        static MySecurityManager install() {
+            MySecurityManager sm = new MySecurityManager();
+            System.setSecurityManager(sm);
+            return sm;
+        }
+
+        @Override
+        public void checkPermission(Permission perm) {
+            permissionsChecked.add(perm);
+        }
+
+        void prepare(String msg) {
+            System.out.println(msg);
+            permissionsChecked.clear();
+        }
+
+        /**
+         * Checks the security manager's checkPermission method was invoked
+         * to check the given permission and target name.
+         */
+        void assertChecked(Class<? extends Permission> type, String name) {
+            for (Permission perm: permissionsChecked) {
+                if (type.isInstance(perm) && perm.getName().equals(name))
+                    return;
+            }
+            throw new RuntimeException(type.getName() + "(\"" + name + "\") not checked");
+        }
+    }
+
+    public static void main(String[] args) {
+        MySecurityManager sm = MySecurityManager.install();
+
+        Toolkit toolkit = Toolkit.getDefaultToolkit();
+
+        sm.prepare("Toolkit.getSystemClipboard()");
+        toolkit.getSystemClipboard();
+        sm.assertChecked(AWTPermission.class, "accessClipboard");
+
+        sm.prepare("Toolkit.getSystemEventQueue()");
+        toolkit.getSystemEventQueue();
+        sm.assertChecked(AWTPermission.class, "accessEventQueue");
+
+        sm.prepare("Toolkit.getSystemSelection()");
+        toolkit.getSystemSelection();
+        //sm.assertChecked(AWTPermission.class, "accessClipboard");
+
+        sm.prepare("Window(Frame)");
+        new Window((Frame)null);
+        sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+
+        sm.prepare("Window(Window)");
+        new Window((Window)null);
+        sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+
+        sm.prepare("Window(Window,GraphicsConfiguration)");
+        new Window((Window)null, (GraphicsConfiguration)null);
+        sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+    }
+}