Fixes #6184 - JEP-411 will deprecate/remove the SecurityManager from … #9616
Conversation
…the JVM. Removed usages of `SecurityManager` and `AccessControlller.doPrivileged()`. In places where they are still necessary, now using reflection. Signed-off-by: Simone Bordet <[email protected]>
Signed-off-by: Simone Bordet <[email protected]>
|
|
||
| // TODO: maybe we should re-construct providers created from classname. | ||
| } | ||
|
|
||
| private static void checkPermission(String permission) |
There was a problem hiding this comment.
Can we have a util class or method that does this as this is used in a few places.
There was a problem hiding this comment.
I thought about this and there are only 2 places, which are quite unrelated: here and ContextHandler.
Given that JASPI is not the most common specification, I thought that the less dependencies the better, so a utility class was not worth the effort.
Note also that all JASPI permissions are AuthPermissions, while a generic utility class would need a more generic signature, making this class a little more verbose.
There was a problem hiding this comment.
I'm pretty sure this is no more complex than changing the method signature to checkPermission(Permission). So my preference is still for a utility class/method.
| { | ||
| Properties properties = new Properties(); | ||
| properties.putAll(System.getProperties()); | ||
| Properties properties = new Properties(); |
There was a problem hiding this comment.
If we're running in < jdk18, why don't we continue to do the privileged action?
There was a problem hiding this comment.
Because the usage of privileged actions was done in very few places, leaving without many other places that would have required it.
Given that the few ones we had were definitely not enough, I think it's better to have none.
| return System.getProperty("org.eclipse.jetty.util.cacheLineBytes", String.valueOf(defaultValue)); | ||
| } | ||
| })); | ||
| value = Integer.parseInt(System.getProperty("org.eclipse.jetty.util.cacheLineBytes", String.valueOf(defaultValue))); |
There was a problem hiding this comment.
If running in < jdk 18 don't we still want to do the privileged action?
|
|
||
| // TODO: maybe we should re-construct providers created from classname. | ||
| } | ||
|
|
||
| private static void checkPermission(String permission) |
There was a problem hiding this comment.
I'm pretty sure this is no more complex than changing the method signature to checkPermission(Permission). So my preference is still for a utility class/method.
What would this getter return? |
… JEP 411 changes. Signed-off-by: Simone Bordet <[email protected]>
Signed-off-by: Simone Bordet <[email protected]>
…the JVM.
Removed usages of
SecurityManagerandAccessControlller.doPrivileged(). In places where they are still necessary, now using reflection.