Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove SecurityManager related code from API #745

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Remove SecurityManager related code from API #745

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion api/src/main/java/jakarta/mail/EventQueue.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ synchronized void terminateQueue() {
* Application scoping is based on the thread's context class loader.
*/
static synchronized EventQueue getApplicationEventQueue(Executor ex) {
ClassLoader cl = Session.getContextClassLoader();
ClassLoader cl = Thread.currentThread().getContextClassLoader();
if (appq == null)
appq = new WeakHashMap<>();
EventQueue q = appq.get(cl);
Expand Down
208 changes: 61 additions & 147 deletions api/src/main/java/jakarta/mail/Session.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,6 @@
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
Expand Down Expand Up @@ -230,20 +226,11 @@ public final class Session {
static {
String dir = null;
try {
dir = AccessController.doPrivileged(
new PrivilegedAction<String>() {
@Override
public String run() {
String home = System.getProperty("java.home");
String newdir = home + File.separator + "conf";
File conf = new File(newdir);
if (conf.exists())
return newdir + File.separator;
else
return home + File.separator +
"lib" + File.separator;
}
});
String home = System.getProperty("java.home");
String newdir = home + File.separator + "conf";
File conf = new File(newdir);
dir = conf.exists() ? (newdir + File.separator) : (home + File.separator +
"lib" + File.separator);
} catch (Exception ex) {
// ignore any exceptions
}
Expand Down Expand Up @@ -354,13 +341,6 @@ public static Session getInstance(Properties props) {
* <code>getInstance</code> method to get a new Session object every
* time the method is called. <p>
*
* Additional security Permission objects may be used to
* control access to the default session. <p>
*
* In the current implementation, if a SecurityManager is set, the
* caller must have the <code>RuntimePermission("setFactory")</code>
* permission.
*
* @param props Properties object. Used only if a new Session
* object is created.<br>
* It is expected that the client supplies values
Expand All @@ -377,9 +357,6 @@ public static Session getInstance(Properties props) {
*/
public static synchronized Session getDefaultInstance(Properties props, Authenticator authenticator) {
if (defaultSession == null) {
SecurityManager security = System.getSecurityManager();
if (security != null)
security.checkSetFactory();
defaultSession = new Session(props, authenticator);
} else {
// have to check whether caller is allowed to see default session
Expand Down Expand Up @@ -980,7 +957,7 @@ public void load(InputStream is) throws IOException {
if (loaders.length != 0) {
gcl = loaders[0];
} else {
gcl = getContextClassLoader(); //Fail safe
gcl = Thread.currentThread().getContextClassLoader(); //Fail safe
}

// next, add all the non-default services
Expand Down Expand Up @@ -1234,7 +1211,7 @@ private void loadAllResources(String name, Class<?> cl, StreamLoader loader) {
URL[] urls;
ClassLoader cld = null;
// First try the "application's" class loader.
cld = getContextClassLoader();
cld = Thread.currentThread().getContextClassLoader();
if (cld == null)
cld = cl.getClassLoader();
if (cld != null)
Expand All @@ -1247,7 +1224,7 @@ private void loadAllResources(String name, Class<?> cl, StreamLoader loader) {
InputStream clis = null;
logger.log(Level.CONFIG, "URL {0}", url);
try {
clis = openStream(url);
clis = url.openStream();
if (clis != null) {
loader.load(clis);
anyLoaded = true;
Expand Down Expand Up @@ -1284,139 +1261,76 @@ private void loadAllResources(String name, Class<?> cl, StreamLoader loader) {
}
}

/*
* Following are security related methods that work on JDK 1.2 or newer.
*/

static ClassLoader getContextClassLoader() {
return AccessController.doPrivileged(
new PrivilegedAction<ClassLoader>() {
@Override
public ClassLoader run() {
ClassLoader cl = null;
try {
cl = Thread.currentThread().getContextClassLoader();
} catch (SecurityException ex) {
}
return cl;
}
private static ClassLoader[] getClassLoaders(final Class<?>... classes) {
ClassLoader[] loaders = new ClassLoader[classes.length];
int w = 0;
for (Class<?> k : classes) {
ClassLoader cl = null;
if (k == Thread.class) {
try {
cl = Thread.currentThread().getContextClassLoader();
} catch (SecurityException ex) {
}
);
}
} else if (k == System.class) {
try {
cl = ClassLoader.getSystemClassLoader();
} catch (SecurityException ex) {
}
} else {
try {
cl = k.getClassLoader();
} catch (SecurityException ex) {
}
}

private static ClassLoader[] getClassLoaders(final Class<?>... classes) {
return AccessController.doPrivileged(
new PrivilegedAction<ClassLoader[]>() {
@Override
public ClassLoader[] run() {
ClassLoader[] loaders = new ClassLoader[classes.length];
int w = 0;
for (Class<?> k : classes) {
ClassLoader cl = null;
if (k == Thread.class) {
try {
cl = Thread.currentThread().getContextClassLoader();
} catch (SecurityException ex) {
}
} else if (k == System.class) {
try {
cl = ClassLoader.getSystemClassLoader();
} catch (SecurityException ex) {
}
} else {
try {
cl = k.getClassLoader();
} catch (SecurityException ex) {
}
}

if (cl != null) {
loaders[w++] = cl;
}
}
if (cl != null) {
loaders[w++] = cl;
}
}

if (loaders.length != w) {
loaders = Arrays.copyOf(loaders, w);
}
return loaders;
}
}
);
if (loaders.length != w) {
loaders = Arrays.copyOf(loaders, w);
}
return loaders;
}

private static InputStream getResourceAsStream(final Class<?> c, final String name) throws IOException {
try {
return AccessController.doPrivileged(
new PrivilegedExceptionAction<InputStream>() {
@Override
public InputStream run() throws IOException {
try {
return c.getResourceAsStream(name);
} catch (RuntimeException e) {
// gracefully handle ClassLoader bugs (Tomcat)
IOException ioex = new IOException(
"ClassLoader.getResourceAsStream failed");
ioex.initCause(e);
throw ioex;
}
}
}
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
return c.getResourceAsStream(name);
} catch (RuntimeException e) {
// gracefully handle ClassLoader bugs (Tomcat)
IOException ioex = new IOException(
"ClassLoader.getResourceAsStream failed");
ioex.initCause(e);
throw ioex;
}
}

private static URL[] getResources(final ClassLoader cl, final String name) {
return AccessController.doPrivileged(new PrivilegedAction<URL[]>() {
@Override
public URL[] run() {
URL[] ret = null;
try {
List<URL> v = Collections.list(cl.getResources(name));
if (!v.isEmpty()) {
ret = new URL[v.size()];
v.toArray(ret);
}
} catch (IOException | SecurityException ioex) {
}
return ret;
URL[] ret = null;
try {
List<URL> v = Collections.list(cl.getResources(name));
if (!v.isEmpty()) {
ret = new URL[v.size()];
v.toArray(ret);
}
});
} catch (IOException | SecurityException ioex) {
}
return ret;
}

private static URL[] getSystemResources(final String name) {
return AccessController.doPrivileged(new PrivilegedAction<URL[]>() {
@Override
public URL[] run() {
URL[] ret = null;
try {
List<URL> v = Collections.list(
ClassLoader.getSystemResources(name));
if (!v.isEmpty()) {
ret = new URL[v.size()];
v.toArray(ret);
}
} catch (IOException | SecurityException ioex) {
}
return ret;
}
});
}

private static InputStream openStream(final URL url) throws IOException {
URL[] ret = null;
try {
return AccessController.doPrivileged(
new PrivilegedExceptionAction<InputStream>() {
@Override
public InputStream run() throws IOException {
return url.openStream();
}
}
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
List<URL> v = Collections.list(
ClassLoader.getSystemResources(name));
if (!v.isEmpty()) {
ret = new URL[v.size()];
v.toArray(ret);
}
} catch (IOException | SecurityException ioex) {
}
return ret;
}

EventQueue getEventQueue() {
Expand Down
24 changes: 1 addition & 23 deletions api/src/main/java/jakarta/mail/internet/MimeUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@
package jakarta.mail.internet;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;

/**
* General MIME-related utility methods.
Expand All @@ -35,7 +33,7 @@ class MimeUtil {
try {
String cth = System.getProperty("mail.mime.contenttypehandler");
if (cth != null) {
ClassLoader cl = getContextClassLoader();
ClassLoader cl = Thread.currentThread().getContextClassLoader();
Class<?> clsHandler = null;
if (cl != null) {
try {
Expand Down Expand Up @@ -78,24 +76,4 @@ public static String cleanContentType(MimePart mp, String contentType) {
} else
return contentType;
}

/**
* Convenience method to get our context class loader.
* Assert any privileges we might have and then call the
* Thread.getContextClassLoader method.
*/
private static ClassLoader getContextClassLoader() {
return
AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
@Override
public ClassLoader run() {
ClassLoader cl = null;
try {
cl = Thread.currentThread().getContextClassLoader();
} catch (SecurityException ex) {
}
return cl;
}
});
}
}
12 changes: 0 additions & 12 deletions api/src/main/java/jakarta/mail/util/FactoryFinder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@ private static <T> T find(Class<T> factoryClass, ClassLoader loader) throws Runt
}

private static <T> T newInstance(String className, Class<T> factoryClass, ClassLoader classLoader) throws RuntimeException {
checkPackageAccess(className);
try {
Class<?> clazz;
if (classLoader == null) { //Match behavior of ServiceLoader
Expand Down Expand Up @@ -170,16 +169,5 @@ private static <T> T factoryFromServiceLoader(Class<T> factory, ClassLoader load
throw new IllegalStateException("Cannot load " + factory + " as ServiceLoader", t);
}
}

private static void checkPackageAccess(String className) {
// make sure that the current thread has an access to the package of the given name.
SecurityManager s = System.getSecurityManager();
if (s != null) {
int i = className.lastIndexOf('.');
if (i != -1) {
s.checkPackageAccess(className.substring(0, i));
}
}
}
}

12 changes: 1 addition & 11 deletions api/src/main/java/jakarta/mail/util/StreamProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@

import java.io.InputStream;
import java.io.OutputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ServiceLoader;

/**
Expand Down Expand Up @@ -189,14 +187,6 @@ public String getEncoder() {
* @return a stream provider
*/
static StreamProvider provider() {
if (System.getSecurityManager() != null) {
return AccessController.doPrivileged(new PrivilegedAction<StreamProvider>() {
public StreamProvider run() {
return FactoryFinder.find(StreamProvider.class);
}
});
} else {
return FactoryFinder.find(StreamProvider.class);
}
return FactoryFinder.find(StreamProvider.class);
}
}