Skip to content

Commit

Permalink
8344855: Remove calls to SecurityManager and doPrivileged in HTTP rel…
Browse files Browse the repository at this point in the history 
…ated implementation classes in the sun.net and sun.net.www.http packages after JEP 486 integration
  • Loading branch information
@dfuch
dfuch committed Nov 22, 2024
1 parent a07b72b commit ac6ecb1
Show file tree
Hide file tree
Showing 7 changed files with 48 additions and 160 deletions.
22 changes: 2 additions & 20 deletions src/java.base/share/classes/sun/net/NetProperties.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2004, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -27,8 +27,6 @@
import jdk.internal.util.StaticProperty;

import java.io.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Properties;

/*
Expand All @@ -39,17 +37,10 @@
* @author Jean-Christophe Collet
*
*/

@SuppressWarnings("removal")
public class NetProperties {
private static Properties props = new Properties();
static {
AccessController.doPrivileged(
new PrivilegedAction<Void>() {
public Void run() {
loadDefaultProperties();
return null;
}});
loadDefaultProperties();
}

private NetProperties() { };
Expand Down Expand Up @@ -82,9 +73,6 @@ private static void loadDefaultProperties() {
* returns the default value, if it exists, otherwise returns
* <code>null</code>.
* @param key the property name.
* @throws SecurityException if a security manager exists and its
* <code>checkPropertiesAccess</code> method doesn't allow access
* to the system properties.
* @return the <code>String</code> value for the property,
* or <code>null</code>
*/
Expand All @@ -103,9 +91,6 @@ public static String get(String key) {
* <code>null</code>.
* @param key the property name.
* @param defval the default value to use if the property is not found
* @throws SecurityException if a security manager exists and its
* <code>checkPropertiesAccess</code> method doesn't allow access
* to the system properties.
* @return the <code>Integer</code> value for the property,
* or <code>null</code>
*/
Expand All @@ -131,9 +116,6 @@ public static Integer getInteger(String key, int defval) {
* defined returns the default value, if it exists, otherwise returns
* <code>null</code>.
* @param key the property name.
* @throws SecurityException if a security manager exists and its
* <code>checkPropertiesAccess</code> method doesn't allow access
* to the system properties.
* @return the <code>Boolean</code> value for the property,
* or <code>null</code>
*/
Expand Down
49 changes: 13 additions & 36 deletions src/java.base/share/classes/sun/net/NetworkClient.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1994, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1994, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -28,18 +28,14 @@
import java.net.Socket;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.net.Proxy;
import java.util.Arrays;
import java.security.AccessController;
import java.security.PrivilegedAction;

/**
* This is the base class for network clients.
*
* @author Jonathan Payne
*/
@SuppressWarnings("removal")
public class NetworkClient {
/* Default value of read timeout, if not specified (infinity) */
public static final int DEFAULT_READ_TIMEOUT = -1;
Expand All @@ -66,26 +62,17 @@ public class NetworkClient {
protected static String encoding;

static {
final int vals[] = {0, 0};
final String encs[] = { null };

AccessController.doPrivileged(
new PrivilegedAction<>() {
public Void run() {
vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 0).intValue();
vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0).intValue();
encs[0] = System.getProperty("file.encoding", "ISO8859_1");
return null;
}
});
if (vals[0] != 0) {
defaultSoTimeout = vals[0];
int soTimeout = Integer.getInteger("sun.net.client.defaultReadTimeout", 0);
if (soTimeout != 0) {
defaultSoTimeout = soTimeout;
}
if (vals[1] != 0) {
defaultConnectTimeout = vals[1];

int connTimeout = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0);
if (connTimeout != 0) {
defaultConnectTimeout = connTimeout;
}

encoding = encs[0];
encoding = System.getProperty("file.encoding", "ISO8859_1");
try {
if (!isASCIISuperset (encoding)) {
encoding = "ISO8859_1";
Expand Down Expand Up @@ -131,7 +118,7 @@ private static boolean isASCIISuperset (String encoding) throws Exception {

/** Open a connection to the server. */
public void openServer(String server, int port)
throws IOException, UnknownHostException {
throws IOException {
if (serverSocket != null)
closeServer();
serverSocket = doConnect (server, port);
Expand All @@ -150,15 +137,11 @@ public void openServer(String server, int port)
* appropriate options pre-established
*/
protected Socket doConnect (String server, int port)
throws IOException, UnknownHostException {
throws IOException {
Socket s;
if (proxy != null) {
if (proxy.type() == Proxy.Type.SOCKS) {
s = AccessController.doPrivileged(
new PrivilegedAction<>() {
public Socket run() {
return new Socket(proxy);
}});
s = new Socket(proxy);
} else if (proxy.type() == Proxy.Type.DIRECT) {
s = createSocket();
} else {
Expand Down Expand Up @@ -203,13 +186,7 @@ protected Socket createSocket() throws IOException {
protected InetAddress getLocalAddress() throws IOException {
if (serverSocket == null)
throw new IOException("not connected");
return AccessController.doPrivileged(
new PrivilegedAction<>() {
public InetAddress run() {
return serverSocket.getLocalAddress();

}
});
return serverSocket.getLocalAddress();
}

/** Close an open connection to the server. */
Expand Down
11 changes: 3 additions & 8 deletions src/java.base/share/classes/sun/net/www/http/HttpCapture.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2009, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -65,13 +65,8 @@ public class HttpCapture {

private static synchronized void init() {
initialized = true;
@SuppressWarnings("removal")
String rulesFile = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public String run() {
return NetProperties.get("sun.net.http.captureRules");
}
});

String rulesFile = NetProperties.get("sun.net.http.captureRules");
if (rulesFile != null && !rulesFile.isEmpty()) {
BufferedReader in;
try {
Expand Down
58 changes: 13 additions & 45 deletions src/java.base/share/classes/sun/net/www/http/HttpClient.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1994, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1994, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -42,7 +42,6 @@
import sun.net.www.protocol.http.HttpURLConnection;
import sun.util.logging.PlatformLogger;
import static sun.net.www.protocol.http.HttpURLConnection.TunnelState.*;
import sun.security.action.GetPropertyAction;

/**
* @author Herb Jellinek
Expand Down Expand Up @@ -70,10 +69,10 @@ public class HttpClient extends NetworkClient {

/** Response code for CONTINUE */
private boolean ignoreContinue = true;
private static final int HTTP_CONTINUE = 100;
private static final int HTTP_CONTINUE = 100;

/** Default port number for http daemons. REMIND: make these private */
static final int httpPortNumber = 80;
static final int httpPortNumber = 80;

/** return default port number (subclasses may override) */
protected int getDefaultPort () { return httpPortNumber; }
Expand Down Expand Up @@ -194,7 +193,7 @@ static String normalizeCBT(String s) {
}

static {
Properties props = GetPropertyAction.privilegedGetProperties();
Properties props = System.getProperties();
String keepAlive = props.getProperty("http.keepAlive");
String retryPost = props.getProperty("sun.net.http.retryPost");
String cacheNTLM = props.getProperty("jdk.ntlm.cache");
Expand Down Expand Up @@ -243,11 +242,6 @@ public String getSpnegoCBT() {
protected HttpClient() {
}

private HttpClient(URL url)
throws IOException {
this(url, (String)null, -1, false);
}

protected HttpClient(URL url,
boolean proxyDisabled) throws IOException {
this(url, null, -1, proxyDisabled);
Expand Down Expand Up @@ -388,15 +382,6 @@ public static HttpClient New(URL url, Proxy p, int to, boolean useCache,
ret.authcache = httpuc.getAuthCache();
}
} else {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
if (ret.proxy == Proxy.NO_PROXY || ret.proxy == null) {
security.checkConnect(InetAddress.getByName(url.getHost()).getHostAddress(), url.getPort());
} else {
security.checkConnect(url.getHost(), url.getPort());
}
}
ret.url = url;
}
return ret;
Expand Down Expand Up @@ -571,37 +556,26 @@ public boolean isCachedConnection() {
* be done; for proxy tunneling, the socket needs to be converted
* into an SSL socket before ssl handshake can take place.
*/
public void afterConnect() throws IOException, UnknownHostException {
public void afterConnect() throws IOException {
// NO-OP. Needs to be overwritten by HttpsClient
}

/*
* call openServer in a privileged block
* call openServer
*/
@SuppressWarnings("removal")
private void privilegedOpenServer(final InetSocketAddress server)
private void openServer(final InetSocketAddress server)
throws IOException
{
assert clientLock.isHeldByCurrentThread();
try {
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<>() {
public Void run() throws IOException {
openServer(server.getHostString(), server.getPort());
return null;
}
});
} catch (java.security.PrivilegedActionException pae) {
throw (IOException) pae.getException();
}
openServer(server.getHostString(), server.getPort());
}

/*
* call super.openServer
*/
private void superOpenServer(final String proxyHost,
final int proxyPort)
throws IOException, UnknownHostException
throws IOException
{
super.openServer(proxyHost, proxyPort);
}
Expand All @@ -610,14 +584,8 @@ private void superOpenServer(final String proxyHost,
*/
protected void openServer() throws IOException {

@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();

lock();
try {
if (security != null) {
security.checkConnect(host, port);
}

if (keepingAlive) { // already opened
return;
Expand All @@ -628,7 +596,7 @@ protected void openServer() throws IOException {

if ((proxy != null) && (proxy.type() == Proxy.Type.HTTP)) {
sun.net.www.URLConnection.setProxiedHost(host);
privilegedOpenServer((InetSocketAddress) proxy.address());
openServer((InetSocketAddress) proxy.address());
usingProxy = true;
return;
} else {
Expand All @@ -644,7 +612,7 @@ protected void openServer() throws IOException {
*/
if ((proxy != null) && (proxy.type() == Proxy.Type.HTTP)) {
sun.net.www.URLConnection.setProxiedHost(host);
privilegedOpenServer((InetSocketAddress) proxy.address());
openServer((InetSocketAddress) proxy.address());
usingProxy = true;
return;
} else {
Expand All @@ -663,7 +631,7 @@ public String getURLFile() throws IOException {

String fileName;

/**
/*
* proxyDisabled is set by subclass HttpsClient!
*/
if (usingProxy && !proxyDisabled) {
Expand Down Expand Up @@ -817,7 +785,7 @@ private boolean parseHTTPHeader(MessageHeader responses, HttpURLConnection httpu
keepAliveConnections = -1;
keepAliveTimeout = 0;

boolean ret = false;
boolean ret;
byte[] b = new byte[8];

try {
Expand Down
Loading

0 comments on commit ac6ecb1

Please sign in to comment.