8008981: Deprecate SecurityManager checkTopLevelWindow,...

8008981: Deprecate SecurityManager checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess Reviewed-by: anthony, art, mchung

8008981: Deprecate SecurityManager checkTopLevelWindow,...
8008981: Deprecate SecurityManager checkTopLevelWindow, checkSystemClipboardAccess, checkAwtEventQueueAccess Reviewed-by: anthony, art, mchung
eb24bc67 · alanb · e57821b6 · eb24bc67 · eb24bc67 · eb24bc67
12 changed file
--- a/src/macosx/classes/sun/lwawt/LWToolkit.java
+++ b/src/macosx/classes/sun/lwawt/LWToolkit.java
@@ -38,6 +38,7 @@ import java.util.*;
 import sun.awt.*;
 import sun.lwawt.macosx.*;
 import sun.print.*;
+import sun.security.util.SecurityConstants;
 public abstract class LWToolkit extends SunToolkit implements Runnable {
@@ -502,7 +503,7 @@ public abstract class LWToolkit extends SunToolkit implements Runnable {
    public Clipboard getSystemClipboard() {
        SecurityManager security = System.getSecurityManager();
        if (security != null) {
-            security.checkSystemClipboardAccess();
+            security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
        }
        synchronized (this) {

--- a/src/share/classes/java/awt/TextComponent.java
+++ b/src/share/classes/java/awt/TextComponent.java
@@ -35,6 +35,7 @@ import java.text.BreakIterator;
 import javax.swing.text.AttributeSet;
 import javax.accessibility.*;
 import java.awt.im.InputMethodRequests;
+import sun.security.util.SecurityConstants;
 /**
 * The <code>TextComponent</code> class is the superclass of
@@ -728,7 +729,7 @@ public class TextComponent extends Component implements Accessible {
        SecurityManager sm = System.getSecurityManager();
        if (sm == null) return true;
        try {
-            sm.checkSystemClipboardAccess();
+            sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
            return true;
        } catch (SecurityException e) {}
        return false;

--- a/src/share/classes/java/awt/Toolkit.java
+++ b/src/share/classes/java/awt/Toolkit.java
@@ -1270,12 +1270,8 @@ public abstract class Toolkit {
     * <p>
     * Each actual implementation of this method should first check if there
     * is a security manager installed. If there is, the method should call
-     * the security manager's <code>checkSystemClipboardAccess</code> method
+     * the security manager's {@link SecurityManager#checkPermission
-     * to ensure it's ok to to access the system clipboard. If the default
+     * checkPermission} method to check {@code AWTPermission("accessClipboard")}.
-     * implementation of <code>checkSystemClipboardAccess</code> is used (that
-     * is, that method is not overriden), then this results in a call to the
-     * security manager's <code>checkPermission</code> method with an <code>
-     * AWTPermission("accessClipboard")</code> permission.
     *
     * @return    the system Clipboard
     * @exception HeadlessException if GraphicsEnvironment.isHeadless()
@@ -1318,14 +1314,9 @@ public abstract class Toolkit {
     * system selection <code>Clipboard</code> as described above.
     * <p>
     * Each actual implementation of this method should first check if there
-     * is a <code>SecurityManager</code> installed. If there is, the method
+     * is a security manager installed. If there is, the method should call
-     * should call the <code>SecurityManager</code>'s
+     * the security manager's {@link SecurityManager#checkPermission
-     * <code>checkSystemClipboardAccess</code> method to ensure that client
+     * checkPermission} method to check {@code AWTPermission("accessClipboard")}.
-     * code has access the system selection. If the default implementation of
-     * <code>checkSystemClipboardAccess</code> is used (that is, if the method
-     * is not overridden), then this results in a call to the
-     * <code>SecurityManager</code>'s <code>checkPermission</code> method with
-     * an <code>AWTPermission("accessClipboard")</code> permission.
     *
     * @return the system selection as a <code>Clipboard</code>, or
     *         <code>null</code> if the native platform does not support a
@@ -1699,25 +1690,20 @@ public abstract class Toolkit {
     * therefore not assume that the EventQueue instance returned
     * by this method will be shared by other applets or the system.
     *
-     * <p>First, if there is a security manager, its
+     * <p> If there is a security manager then its
-     * <code>checkAwtEventQueueAccess</code>
+     * {@link SecurityManager#checkPermission checkPermission} method
-     * method is called.
+     * is called to check {@code AWTPermission("accessEventQueue")}.
-     * If  the default implementation of <code>checkAwtEventQueueAccess</code>
-     * is used (that is, that method is not overriden), then this results in
-     * a call to the security manager's <code>checkPermission</code> method
-     * with an <code>AWTPermission("accessEventQueue")</code> permission.
     *
     * @return    the <code>EventQueue</code> object
     * @throws  SecurityException
-     *          if a security manager exists and its <code>{@link
+     *          if a security manager is set and it denies access to
-     *          java.lang.SecurityManager#checkAwtEventQueueAccess}</code>
+     *          the {@code EventQueue}
-     *          method denies access to the <code>EventQueue</code>
     * @see     java.awt.AWTPermission
    */
    public final EventQueue getSystemEventQueue() {
        SecurityManager security = System.getSecurityManager();
        if (security != null) {
-          security.checkAwtEventQueueAccess();
+            security.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
        }
        return getSystemEventQueueImpl();
    }

--- a/src/share/classes/java/awt/Window.java
+++ b/src/share/classes/java/awt/Window.java
@@ -195,10 +195,9 @@ public class Window extends Container implements Accessible {
    /**
     * This represents the warning message that is
     * to be displayed in a non secure window. ie :
-     * a window that has a security manager installed for
+     * a window that has a security manager installed that denies
-     * which calling SecurityManager.checkTopLevelWindow()
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
-     * is false.  This message can be displayed anywhere in
+     * This message can be displayed anywhere in the window.
-     * the window.
     *
     * @serial
     * @see #getWarningString
@@ -417,11 +416,10 @@ public class Window extends Container implements Accessible {
     * Constructs a new, initially invisible window in default size with the
     * specified {@code GraphicsConfiguration}.
     * <p>
-     * If there is a security manager, this method first calls
+     * If there is a security manager, then it is invoked to check
-     * the security manager's {@code checkTopLevelWindow}
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}
-     * method with {@code this}
+     * to determine whether or not the window must be displayed with
-     * as its argument to determine whether or not the window
+     * a warning banner.
-     * must be displayed with a warning banner.
     *
     * @param gc the {@code GraphicsConfiguration} of the target screen
     *     device. If {@code gc} is {@code null}, the system default
@@ -432,7 +430,6 @@ public class Window extends Container implements Accessible {
     *     {@code GraphicsEnvironment.isHeadless()} returns {@code true}
     *
     * @see java.awt.GraphicsEnvironment#isHeadless
-     * @see java.lang.SecurityManager#checkTopLevelWindow
     */
    Window(GraphicsConfiguration gc) {
        init(gc);
@@ -511,25 +508,16 @@ public class Window extends Container implements Accessible {
    /**
     * Constructs a new, initially invisible window in the default size.
-     *
+     * <p>
-     * <p>First, if there is a security manager, its
+     * If there is a security manager set, it is invoked to check
-     * {@code checkTopLevelWindow}
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
-     * method is called with {@code this}
+     * If that check fails with a {@code SecurityException} then a warning
-     * as its argument
+     * banner is created.
-     * to see if it's ok to display the window without a warning banner.
-     * If the default implementation of {@code checkTopLevelWindow}
-     * is used (that is, that method is not overriden), then this results in
-     * a call to the security manager's {@code checkPermission} method
-     * with an {@code AWTPermission("showWindowWithoutWarningBanner")}
-     * permission. It that method raises a SecurityException,
-     * {@code checkTopLevelWindow} returns false, otherwise it
-     * returns true. If it returns false, a warning banner is created.
     *
     * @exception HeadlessException when
     *     {@code GraphicsEnvironment.isHeadless()} returns {@code true}
     *
     * @see java.awt.GraphicsEnvironment#isHeadless
-     * @see java.lang.SecurityManager#checkTopLevelWindow
     */
    Window() throws HeadlessException {
        GraphicsEnvironment.checkHeadless();
@@ -541,11 +529,10 @@ public class Window extends Container implements Accessible {
     * {@code Frame} as its owner. The window will not be focusable
     * unless its owner is showing on the screen.
     * <p>
-     * If there is a security manager, this method first calls
+     * If there is a security manager set, it is invoked to check
-     * the security manager's {@code checkTopLevelWindow}
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
-     * method with {@code this}
+     * If that check fails with a {@code SecurityException} then a warning
-     * as its argument to determine whether or not the window
+     * banner is created.
-     * must be displayed with a warning banner.
     *
     * @param owner the {@code Frame} to act as owner or {@code null}
     *    if this window has no owner
@@ -555,7 +542,6 @@ public class Window extends Container implements Accessible {
     *    {@code GraphicsEnvironment.isHeadless} returns {@code true}
     *
     * @see java.awt.GraphicsEnvironment#isHeadless
-     * @see java.lang.SecurityManager#checkTopLevelWindow
     * @see #isShowing
     */
    public Window(Frame owner) {
@@ -570,11 +556,10 @@ public class Window extends Container implements Accessible {
     * unless its nearest owning {@code Frame} or {@code Dialog}
     * is showing on the screen.
     * <p>
-     * If there is a security manager, this method first calls
+     * If there is a security manager set, it is invoked to check
-     * the security manager's {@code checkTopLevelWindow}
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
-     * method with {@code this}
+     * If that check fails with a {@code SecurityException} then a
-     * as its argument to determine whether or not the window
+     * warning banner is created.
-     * must be displayed with a warning banner.
     *
     * @param owner the {@code Window} to act as owner or
     *     {@code null} if this window has no owner
@@ -585,7 +570,6 @@ public class Window extends Container implements Accessible {
     *     {@code true}
     *
     * @see       java.awt.GraphicsEnvironment#isHeadless
-     * @see       java.lang.SecurityManager#checkTopLevelWindow
     * @see       #isShowing
     *
     * @since     1.2
@@ -603,11 +587,10 @@ public class Window extends Container implements Accessible {
     * its nearest owning {@code Frame} or {@code Dialog}
     * is showing on the screen.
     * <p>
-     * If there is a security manager, this method first calls
+     * If there is a security manager set, it is invoked to check
-     * the security manager's {@code checkTopLevelWindow}
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}. If that
-     * method with {@code this}
+     * check fails with a {@code SecurityException} then a warning banner
-     * as its argument to determine whether or not the window
+     * is created.
-     * must be displayed with a warning banner.
     *
     * @param owner the window to act as owner or {@code null}
     *     if this window has no owner
@@ -621,7 +604,6 @@ public class Window extends Container implements Accessible {
     *     {@code true}
     *
     * @see       java.awt.GraphicsEnvironment#isHeadless
-     * @see       java.lang.SecurityManager#checkTopLevelWindow
     * @see       GraphicsConfiguration#getBounds
     * @see       #isShowing
     * @since     1.3
@@ -1362,10 +1344,9 @@ public class Window extends Container implements Accessible {
     * Gets the warning string that is displayed with this window.
     * If this window is insecure, the warning string is displayed
     * somewhere in the visible area of the window. A window is
-     * insecure if there is a security manager, and the security
+     * insecure if there is a security manager and the security
-     * manager's {@code checkTopLevelWindow} method returns
+     * manager denies
-     * {@code false} when this window is passed to it as an
+     * {@code AWTPermission("showWindowWithoutWarningBanner")}.
-     * argument.
     * <p>
     * If the window is secure, then {@code getWarningString}
     * returns {@code null}. If the window is insecure, this
@@ -1373,7 +1354,6 @@ public class Window extends Container implements Accessible {
     * {@code awt.appletWarning}
     * and returns the string value of that property.
     * @return    the warning string for this window.
-     * @see       java.lang.SecurityManager#checkTopLevelWindow(java.lang.Object)
     */
    public final String getWarningString() {
        return warningString;
@@ -1383,10 +1363,12 @@ public class Window extends Container implements Accessible {
        warningString = null;
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
-            if (!sm.checkTopLevelWindow(this)) {
+            try {
+                sm.checkPermission(SecurityConstants.AWT.TOPLEVEL_WINDOW_PERMISSION);
+            } catch (SecurityException se) {
                // make sure the privileged action is only
                // for getting the property! We don't want the
-                // above checkTopLevelWindow call to always succeed!
+                // above checkPermission call to always succeed!
                warningString = AccessController.doPrivileged(
                      new GetPropertyAction("awt.appletWarning",
                                            "Java Applet Window"));

--- a/src/share/classes/java/awt/event/InputEvent.java
+++ b/src/share/classes/java/awt/event/InputEvent.java
@@ -33,6 +33,7 @@ import java.util.Arrays;
 import sun.awt.AWTAccessor;
 import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
 /**
 * The root event class for all component-level input events.
@@ -350,7 +351,7 @@ public abstract class InputEvent extends ComponentEvent {
            SecurityManager sm = System.getSecurityManager();
            if (sm != null) {
                try {
-                    sm.checkSystemClipboardAccess();
+                    sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
                    b = true;
                } catch (SecurityException se) {
                    if (logger.isLoggable(PlatformLogger.Level.FINE)) {

--- a/src/share/classes/java/lang/SecurityManager.java
+++ b/src/share/classes/java/lang/SecurityManager.java
@@ -1336,9 +1336,16 @@ class SecurityManager {
     *             top-level windows; <code>false</code> otherwise.
     * @exception  NullPointerException if the <code>window</code> argument is
     *             <code>null</code>.
+     * @deprecated The dependency on {@code AWTPermission} creates an
+     *             impediment to future modularization of the Java platform.
+     *             Users of this method should instead invoke
+     *             {@link #checkPermission} directly.
+     *             This method will be changed in a future release to check
+     *             the permission {@code java.security.AllPermission}.
     * @see        java.awt.Window
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
+    @Deprecated
    public boolean checkTopLevelWindow(Object window) {
        if (window == null) {
            throw new NullPointerException("window can't be null");
@@ -1398,8 +1405,15 @@ class SecurityManager {
     * @since   JDK1.1
     * @exception  SecurityException  if the calling thread does not have
     *             permission to access the system clipboard.
+     * @deprecated The dependency on {@code AWTPermission} creates an
+     *             impediment to future modularization of the Java platform.
+     *             Users of this method should instead invoke
+     *             {@link #checkPermission} directly.
+     *             This method will be changed in a future release to check
+     *             the permission {@code java.security.AllPermission}.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
+    @Deprecated
    public void checkSystemClipboardAccess() {
        Permission perm = SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION;
        if (perm == null) {
@@ -1427,8 +1441,15 @@ class SecurityManager {
     * @since   JDK1.1
     * @exception  SecurityException  if the calling thread does not have
     *             permission to access the AWT event queue.
+     * @deprecated The dependency on {@code AWTPermission} creates an
+     *             impediment to future modularization of the Java platform.
+     *             Users of this method should instead invoke
+     *             {@link #checkPermission} directly.
+     *             This method will be changed in a future release to check
+     *             the permission {@code java.security.AllPermission}.
     * @see        #checkPermission(java.security.Permission) checkPermission
     */
+    @Deprecated
    public void checkAwtEventQueueAccess() {
        Permission perm = SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION;
        if (perm == null) {

--- a/src/share/classes/sun/applet/AppletSecurity.java
+++ b/src/share/classes/sun/applet/AppletSecurity.java
@@ -314,7 +314,7 @@ class AppletSecurity extends AWTSecurityManager {
            // If we're about to allow access to the main EventQueue,
            // and anything untrusted is on the class context stack,
            // disallow access.
-            super.checkAwtEventQueueAccess();
+            super.checkPermission(SecurityConstants.AWT.CHECK_AWT_EVENTQUEUE_PERMISSION);
        }
    } // checkAwtEventQueueAccess()

--- a/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java
+++ b/src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java
@@ -57,6 +57,7 @@ import sun.awt.AppContext;
 import sun.awt.SunToolkit;
 import sun.awt.datatransfer.DataTransferer;
 import sun.awt.datatransfer.ToolkitThreadBlockedHandler;
+import sun.security.util.SecurityConstants;
 /**
 * <p>
@@ -225,7 +226,7 @@ public abstract class SunDropTargetContextPeer implements DropTargetContextPeer,
        SecurityManager sm = System.getSecurityManager();
        try {
            if (!dropInProcess && sm != null) {
-                sm.checkSystemClipboardAccess();
+                sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
            }
        } catch (Exception e) {
            Thread currentThread = Thread.currentThread();

--- a/src/share/classes/sun/swing/SwingUtilities2.java
+++ b/src/share/classes/sun/swing/SwingUtilities2.java
@@ -1184,7 +1184,7 @@ public class SwingUtilities2 {
               canAccess = true;
           } else {
               try {
-                   sm.checkSystemClipboardAccess();
+                   sm.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
                   canAccess = true;
               } catch (SecurityException e) {
               }

--- a/src/solaris/classes/sun/awt/X11/XToolkit.java
+++ b/src/solaris/classes/sun/awt/X11/XToolkit.java
@@ -54,6 +54,7 @@ import sun.print.PrintJob2D;
 import sun.security.action.GetPropertyAction;
 import sun.security.action.GetBooleanAction;
 import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
 public final class XToolkit extends UNIXToolkit implements Runnable {
    private static final PlatformLogger log = PlatformLogger.getLogger("sun.awt.X11.XToolkit");
@@ -1152,7 +1153,7 @@ public final class XToolkit extends UNIXToolkit implements Runnable {
    public  Clipboard getSystemClipboard() {
        SecurityManager security = System.getSecurityManager();
        if (security != null) {
-            security.checkSystemClipboardAccess();
+            security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
        }
        synchronized (this) {
            if (clipboard == null) {
@@ -1165,7 +1166,7 @@ public final class XToolkit extends UNIXToolkit implements Runnable {
    public Clipboard getSystemSelection() {
        SecurityManager security = System.getSecurityManager();
        if (security != null) {
-            security.checkSystemClipboardAccess();
+            security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
        }
        synchronized (this) {
            if (selection == null) {

--- a/src/windows/classes/sun/awt/windows/WToolkit.java
+++ b/src/windows/classes/sun/awt/windows/WToolkit.java
@@ -64,6 +64,7 @@ import sun.font.FontManagerFactory;
 import sun.font.SunFontManager;
 import sun.misc.PerformanceLogger;
 import sun.util.logging.PlatformLogger;
+import sun.security.util.SecurityConstants;
 public class WToolkit extends SunToolkit implements Runnable {
@@ -681,7 +682,7 @@ public class WToolkit extends SunToolkit implements Runnable {
    public Clipboard getSystemClipboard() {
        SecurityManager security = System.getSecurityManager();
        if (security != null) {
-          security.checkSystemClipboardAccess();
+            security.checkPermission(SecurityConstants.AWT.ACCESS_CLIPBOARD_PERMISSION);
        }
        synchronized (this) {
            if (clipboard == null) {

--- a/test/java/awt/security/Permissions.java
+++ b/test/java/awt/security/Permissions.java
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+/* @test
+ * @bug 8008981
+ * @summary Test that selected Toolkit and Window methods/constructors do
+ *   the appropriate permission check
+ * @run main/othervm Permissions
+ */
+import java.awt.AWTPermission;
+import java.awt.Frame;
+import java.awt.GraphicsConfiguration;
+import java.awt.Toolkit;
+import java.awt.Window;
+import java.util.ArrayList;
+import java.util.List;
+import java.security.Permission;
+public class Permissions {
+    static class MySecurityManager extends SecurityManager {
+        private List<Permission> permissionsChecked = new ArrayList<>();
+        static MySecurityManager install() {
+            MySecurityManager sm = new MySecurityManager();
+            System.setSecurityManager(sm);
+            return sm;
+        }
+        @Override
+        public void checkPermission(Permission perm) {
+            permissionsChecked.add(perm);
+        }
+        void prepare(String msg) {
+            System.out.println(msg);
+            permissionsChecked.clear();
+        }
+        /**
+         * Checks the security manager's checkPermission method was invoked
+         * to check the given permission and target name.
+         */
+        void assertChecked(Class<? extends Permission> type, String name) {
+            for (Permission perm: permissionsChecked) {
+                if (type.isInstance(perm) && perm.getName().equals(name))
+                    return;
+            }
+            throw new RuntimeException(type.getName() + "(\"" + name + "\") not checked");
+        }
+    }
+    public static void main(String[] args) {
+        MySecurityManager sm = MySecurityManager.install();
+        Toolkit toolkit = Toolkit.getDefaultToolkit();
+        sm.prepare("Toolkit.getSystemClipboard()");
+        toolkit.getSystemClipboard();
+        sm.assertChecked(AWTPermission.class, "accessClipboard");
+        sm.prepare("Toolkit.getSystemEventQueue()");
+        toolkit.getSystemEventQueue();
+        sm.assertChecked(AWTPermission.class, "accessEventQueue");
+        sm.prepare("Toolkit.getSystemSelection()");
+        toolkit.getSystemSelection();
+        //sm.assertChecked(AWTPermission.class, "accessClipboard");
+        sm.prepare("Window(Frame)");
+        new Window((Frame)null);
+        sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+        sm.prepare("Window(Window)");
+        new Window((Window)null);
+        sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+        sm.prepare("Window(Window,GraphicsConfiguration)");
+        new Window((Window)null, (GraphicsConfiguration)null);
+        sm.assertChecked(AWTPermission.class, "showWindowWithoutWarningBanner");
+    }
+}