Skip to content

Commit

Permalink
Merge pull request quarkusio#40117 from Sanne/KillSecurityManager
Browse files Browse the repository at this point in the history
Remove support for the SecurityManager
  • Loading branch information
gastaldi authored Apr 18, 2024
2 parents 572f286 + 8df6fcb commit 7497fef
Show file tree
Hide file tree
Showing 7 changed files with 19 additions and 95 deletions.
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
package io.quarkus.elytron.security.ldap;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Hashtable;

import javax.naming.Binding;
Expand All @@ -26,7 +24,6 @@

import org.wildfly.common.Assert;
import org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory;
import org.wildfly.security.manager.action.SetContextClassLoaderAction;

class DelegatingLdapContext implements LdapContext {

Expand All @@ -46,7 +43,7 @@ interface CloseHandler {
}

// for needs of newInstance()
private DelegatingLdapContext(DirContext delegating, SocketFactory socketFactory) throws NamingException {
private DelegatingLdapContext(DirContext delegating, SocketFactory socketFactory) {
this.delegating = delegating;
this.closeHandler = null; // close handler should not be applied to copy
this.socketFactory = socketFactory;
Expand Down Expand Up @@ -488,10 +485,10 @@ private ClassLoader getSocketFactoryClassLoader() {
}

private ClassLoader setClassLoaderTo(final ClassLoader targetClassLoader) {
return doPrivileged(new SetContextClassLoaderAction(targetClassLoader));
final Thread currentThread = Thread.currentThread();
final ClassLoader original = currentThread.getContextClassLoader();
currentThread.setContextClassLoader(targetClassLoader);
return original;
}

private static <T> T doPrivileged(final PrivilegedAction<T> action) {
return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run();
}
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
package io.quarkus.elytron.security.ldap;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.time.Duration;
import java.util.Hashtable;

Expand All @@ -15,7 +13,6 @@
import javax.security.auth.callback.PasswordCallback;

import org.wildfly.security.auth.realm.ldap.DirContextFactory;
import org.wildfly.security.manager.action.SetContextClassLoaderAction;

public class QuarkusDirContextFactory implements DirContextFactory {
// private static final ElytronMessages log = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security");
Expand Down Expand Up @@ -142,10 +139,10 @@ public void returnContext(DirContext context) {
}

private ClassLoader setClassLoaderTo(final ClassLoader targetClassLoader) {
return doPrivileged(new SetContextClassLoaderAction(targetClassLoader));
final Thread currentThread = Thread.currentThread();
final ClassLoader original = currentThread.getContextClassLoader();
currentThread.setContextClassLoader(targetClassLoader);
return original;
}

private static <T> T doPrivileged(final PrivilegedAction<T> action) {
return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run();
}
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
package io.quarkus.hibernate.validator.runtime;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.IdentityHashMap;
import java.util.Map;

Expand Down Expand Up @@ -34,7 +32,7 @@ public class ArcConstraintValidatorFactoryImpl implements ConstraintValidatorFac
}
return instance;
}
return run(NewInstance.action(key, "ConstraintValidator"));
return NewInstance.action(key, "ConstraintValidator").run();
}

@Override
Expand All @@ -45,13 +43,4 @@ public void releaseInstance(ConstraintValidator<?, ?> instance) {
}
}

/**
* Runs the given privileged action, using a privileged block if required.
* <p>
* <b>NOTE:</b> This must never be changed into a publicly available method to avoid execution of arbitrary
* privileged actions within HV's protection domain.
*/
private <T> T run(PrivilegedAction<T> action) {
return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,9 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
Expand Down Expand Up @@ -397,7 +395,7 @@ public <T> T build(Class<T> aClass) throws IllegalStateException, RestClientDefi
* @return list of proxy hosts
*/
private List<String> getProxyHostsAsRegex() {
String noProxyHostsSysProps = getSystemProperty("http.nonProxyHosts", null);
String noProxyHostsSysProps = System.getProperty("http.nonProxyHosts", null);
if (noProxyHostsSysProps == null) {
noProxyHostsSysProps = "localhost|127.*|[::1]";
} else {
Expand All @@ -414,7 +412,7 @@ private List<String> getProxyHostsAsRegex() {
*/
private boolean useURLConnection() {
if (useURLConnection == null) {
String defaultToURLConnection = getSystemProperty(
String defaultToURLConnection = System.getProperty(
"org.jboss.resteasy.microprofile.defaultToURLConnectionHttpClient", "false");
useURLConnection = defaultToURLConnection.equalsIgnoreCase("true");
}
Expand Down Expand Up @@ -820,13 +818,6 @@ private static BeanManager getBeanManager() {
}
}

private String getSystemProperty(String key, String def) {
if (System.getSecurityManager() == null) {
return System.getProperty(key, def);
}
return AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty(key, def));
}

private final MpClientBuilderImpl builderDelegate;

private final ConfigurationWrapper configurationWrapper;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,5 @@
package io.quarkus.smallrye.graphql.runtime.spi;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;

import graphql.schema.PropertyDataFetcherHelper;
import io.smallrye.graphql.execution.Classes;
import io.smallrye.graphql.spi.ClassloadingService;
Expand Down Expand Up @@ -38,12 +34,10 @@ public Class<?> loadClass(String className) {
if (Classes.isPrimitive(className)) {
return Classes.getPrimativeClassType(className);
} else {
return AccessController.doPrivileged((PrivilegedExceptionAction<Class<?>>) () -> {
ClassLoader cl = classLoader == null ? Thread.currentThread().getContextClassLoader() : classLoader;
return loadClass(className, cl);
});
ClassLoader cl = classLoader == null ? Thread.currentThread().getContextClassLoader() : classLoader;
return loadClass(className, cl);
}
} catch (PrivilegedActionException | ClassNotFoundException pae) {
} catch (ClassNotFoundException pae) {
throw new RuntimeException("Can not load class [" + className + "]", pae);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
import java.io.Writer;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
Expand Down Expand Up @@ -40,32 +38,12 @@ public static String getUserHome() {

public static String getProperty(final String name, String defValue) {
assert name != null : "name is null";
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(name, defValue);
}
});
} else {
return System.getProperty(name, defValue);
}
return System.getProperty(name, defValue);
}

public static String getProperty(final String name) {
assert name != null : "name is null";
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(name);
}
});
} else {
return System.getProperty(name);
}
return System.getProperty(name);
}

public static final Boolean getBooleanOrNull(String name) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
package io.quarkus.registry.config;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Locale;

public class PropertiesUtil {
Expand All @@ -26,32 +24,12 @@ public static String getUserHome() {

public static String getProperty(final String name, String defValue) {
assert name != null : "name is null";
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(name, defValue);
}
});
} else {
return System.getProperty(name, defValue);
}
return System.getProperty(name, defValue);
}

public static String getProperty(final String name) {
assert name != null : "name is null";
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
@Override
public String run() {
return System.getProperty(name);
}
});
} else {
return System.getProperty(name);
}
return System.getProperty(name);
}

public static final Boolean getBooleanOrNull(String name) {
Expand Down

0 comments on commit 7497fef

Please sign in to comment.