8007035: deprecate public void SecurityManager.checkMemberAccess(Class<?> clazz, int which)
Reviewed-by: jrose, alanb, dfuchs
diff --git a/jdk/src/share/classes/java/lang/Class.java b/jdk/src/share/classes/java/lang/Class.java
index df4d457..05cfa88 100644
--- a/jdk/src/share/classes/java/lang/Class.java
+++ b/jdk/src/share/classes/java/lang/Class.java
@@ -360,36 +360,24 @@
* any exception thrown by the constructor in a (checked) {@link
* java.lang.reflect.InvocationTargetException}.
*
- * @return a newly allocated instance of the class represented by this
- * object.
- * @exception IllegalAccessException if the class or its nullary
- * constructor is not accessible.
- * @exception InstantiationException
- * if this {@code Class} represents an abstract class,
- * an interface, an array class, a primitive type, or void;
- * or if the class has no nullary constructor;
- * or if the instantiation fails for some other reason.
- * @exception ExceptionInInitializerError if the initialization
- * provoked by this method fails.
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
- *
- * <ul>
- *
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.PUBLIC)} denies
- * creation of new instances of this class
- *
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
- *
- * </ul>
- *
+ * @return a newly allocated instance of the class represented by this
+ * object.
+ * @throws IllegalAccessException if the class or its nullary
+ * constructor is not accessible.
+ * @throws InstantiationException
+ * if this {@code Class} represents an abstract class,
+ * an interface, an array class, a primitive type, or void;
+ * or if the class has no nullary constructor;
+ * or if the instantiation fails for some other reason.
+ * @throws ExceptionInInitializerError if the initialization
+ * provoked by this method fails.
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and
+ * the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class.
*/
@CallerSensitive
public T newInstance()
@@ -981,24 +969,27 @@
*
* @return the immediately enclosing method of the underlying class, if
* that class is a local or anonymous class; otherwise {@code null}.
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
*
- * <ul>
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(enclosingClass, Member.DECLARED)} denies
- * access to the methods within the enclosing class
+ * <ul>
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the enclosing class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of the enclosing class
+ * <li> the caller's class loader is not the same as the
+ * class loader of the enclosing class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the methods within the enclosing class
*
- * </ul>
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the enclosing class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of the enclosing class
+ *
+ * </ul>
* @since 1.5
*/
@CallerSensitive
@@ -1025,11 +1016,6 @@
// Perform access check
Class<?> enclosingCandidate = enclosingInfo.getEnclosingClass();
- // be very careful not to change the stack depth of this
- // checkMemberAccess call for security reasons
- // see java.lang.SecurityManager.checkMemberAccess
- //
- // Note that we need to do this on the enclosing class
enclosingCandidate.checkMemberAccess(Member.DECLARED,
Reflection.getCallerClass(), true);
/*
@@ -1137,24 +1123,26 @@
*
* @return the immediately enclosing constructor of the underlying class, if
* that class is a local or anonymous class; otherwise {@code null}.
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <ul>
+ * <ul>
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(enclosingClass, Member.DECLARED)} denies
- * access to the constructors within the enclosing class
+ * <li> the caller's class loader is not the same as the
+ * class loader of the enclosing class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the constructors within the enclosing class
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the enclosing class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of the enclosing class
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the enclosing class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of the enclosing class
*
- * </ul>
+ * </ul>
* @since 1.5
*/
@CallerSensitive
@@ -1180,11 +1168,6 @@
// Perform access check
Class<?> enclosingCandidate = enclosingInfo.getEnclosingClass();
- // be very careful not to change the stack depth of this
- // checkMemberAccess call for security reasons
- // see java.lang.SecurityManager.checkMemberAccess
- //
- // Note that we need to do this on the enclosing class
enclosingCandidate.checkMemberAccess(Member.DECLARED,
Reflection.getCallerClass(), true);
/*
@@ -1457,25 +1440,14 @@
* class, or void.
*
* @return the array of {@code Class} objects representing the public
- * members of this class
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
- *
- * <ul>
- *
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.PUBLIC)} method
- * denies access to the classes within this class
- *
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
- *
- * </ul>
+ * members of this class
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and
+ * the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class.
*
* @since JDK1.1
*/
@@ -1530,25 +1502,14 @@
* <p> See <em>The Java Language Specification</em>, sections 8.2 and 8.3.
*
* @return the array of {@code Field} objects representing the
- * public fields
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
- *
- * <ul>
- *
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.PUBLIC)} denies
- * access to the fields within this class
- *
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
- *
- * </ul>
+ * public fields
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and
+ * the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class.
*
* @since JDK1.1
*/
@@ -1579,25 +1540,14 @@
* <p> See <em>The Java Language Specification</em>, sections 8.2 and 8.4.
*
* @return the array of {@code Method} objects representing the
- * public methods of this class
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
- *
- * <ul>
- *
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.PUBLIC)} denies
- * access to the methods within this class
- *
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
- *
- * </ul>
+ * public methods of this class
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and
+ * the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class.
*
* @since JDK1.1
*/
@@ -1626,25 +1576,14 @@
* {@code Constructor<T>[]}.
*
* @return the array of {@code Constructor} objects representing the
- * public constructors of this class
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
- *
- * <ul>
- *
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.PUBLIC)} denies
- * access to the constructors within this class
- *
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
- *
- * </ul>
+ * public constructors of this class
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and
+ * the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class.
*
* @since JDK1.1
*/
@@ -1678,29 +1617,18 @@
* <p> See <em>The Java Language Specification</em>, sections 8.2 and 8.3.
*
* @param name the field name
- * @return the {@code Field} object of this class specified by
- * {@code name}
- * @exception NoSuchFieldException if a field with the specified name is
- * not found.
- * @exception NullPointerException if {@code name} is {@code null}
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
- *
- * <ul>
- *
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.PUBLIC)} denies
- * access to the field
- *
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
- *
- * </ul>
+ * @return the {@code Field} object of this class specified by
+ * {@code name}
+ * @throws NoSuchFieldException if a field with the specified name is
+ * not found.
+ * @throws NullPointerException if {@code name} is {@code null}
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and
+ * the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class.
*
* @since JDK1.1
*/
@@ -1762,28 +1690,17 @@
* @param name the name of the method
* @param parameterTypes the list of parameters
* @return the {@code Method} object that matches the specified
- * {@code name} and {@code parameterTypes}
- * @exception NoSuchMethodException if a matching method is not found
- * or if the name is "<init>"or "<clinit>".
- * @exception NullPointerException if {@code name} is {@code null}
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
- *
- * <ul>
- *
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.PUBLIC)} denies
- * access to the method
- *
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
- *
- * </ul>
+ * {@code name} and {@code parameterTypes}
+ * @throws NoSuchMethodException if a matching method is not found
+ * or if the name is "<init>"or "<clinit>".
+ * @throws NullPointerException if {@code name} is {@code null}
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and
+ * the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class.
*
* @since JDK1.1
*/
@@ -1816,26 +1733,15 @@
*
* @param parameterTypes the parameter array
* @return the {@code Constructor} object of the public constructor that
- * matches the specified {@code parameterTypes}
- * @exception NoSuchMethodException if a matching method is not found.
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
- *
- * <ul>
- *
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.PUBLIC)} denies
- * access to the constructor
- *
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
- *
- * </ul>
+ * matches the specified {@code parameterTypes}
+ * @throws NoSuchMethodException if a matching method is not found.
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and
+ * the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class.
*
* @since JDK1.1
*/
@@ -1858,25 +1764,27 @@
* primitive type, an array class, or void.
*
* @return the array of {@code Class} objects representing all the
- * declared members of this class
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
+ * declared members of this class
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <ul>
+ * <ul>
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.DECLARED)} denies
- * access to the declared classes within this class
+ * <li> the caller's class loader is not the same as the
+ * class loader of this class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the declared classes within this class
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class
*
- * </ul>
+ * </ul>
*
* @since JDK1.1
*/
@@ -1899,26 +1807,28 @@
*
* <p> See <em>The Java Language Specification</em>, sections 8.2 and 8.3.
*
- * @return the array of {@code Field} objects representing all the
- * declared fields of this class
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
+ * @return the array of {@code Field} objects representing all the
+ * declared fields of this class
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <ul>
+ * <ul>
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.DECLARED)} denies
- * access to the declared fields within this class
+ * <li> the caller's class loader is not the same as the
+ * class loader of this class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the declared fields within this class
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class
*
- * </ul>
+ * </ul>
*
* @since JDK1.1
*/
@@ -1945,26 +1855,28 @@
*
* <p> See <em>The Java Language Specification</em>, section 8.2.
*
- * @return the array of {@code Method} objects representing all the
- * declared methods of this class
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
+ * @return the array of {@code Method} objects representing all the
+ * declared methods of this class
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <ul>
+ * <ul>
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.DECLARED)} denies
- * access to the declared methods within this class
+ * <li> the caller's class loader is not the same as the
+ * class loader of this class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the declared methods within this class
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class
*
- * </ul>
+ * </ul>
*
* @since JDK1.1
*/
@@ -1988,26 +1900,28 @@
*
* <p> See <em>The Java Language Specification</em>, section 8.2.
*
- * @return the array of {@code Constructor} objects representing all the
- * declared constructors of this class
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
+ * @return the array of {@code Constructor} objects representing all the
+ * declared constructors of this class
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <ul>
+ * <ul>
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.DECLARED)} denies
- * access to the declared constructors within this class
+ * <li> the caller's class loader is not the same as the
+ * class loader of this class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the declared constructors within this class
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class
*
- * </ul>
+ * </ul>
*
* @since JDK1.1
*/
@@ -2026,29 +1940,31 @@
* will not reflect the {@code length} field of an array class.
*
* @param name the name of the field
- * @return the {@code Field} object for the specified field in this
- * class
- * @exception NoSuchFieldException if a field with the specified name is
- * not found.
- * @exception NullPointerException if {@code name} is {@code null}
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
+ * @return the {@code Field} object for the specified field in this
+ * class
+ * @throws NoSuchFieldException if a field with the specified name is
+ * not found.
+ * @throws NullPointerException if {@code name} is {@code null}
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <ul>
+ * <ul>
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.DECLARED)} denies
- * access to the declared field
+ * <li> the caller's class loader is not the same as the
+ * class loader of this class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the declared field
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class
*
- * </ul>
+ * </ul>
*
* @since JDK1.1
*/
@@ -2080,28 +1996,30 @@
*
* @param name the name of the method
* @param parameterTypes the parameter array
- * @return the {@code Method} object for the method of this class
- * matching the specified name and parameters
- * @exception NoSuchMethodException if a matching method is not found.
- * @exception NullPointerException if {@code name} is {@code null}
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
+ * @return the {@code Method} object for the method of this class
+ * matching the specified name and parameters
+ * @throws NoSuchMethodException if a matching method is not found.
+ * @throws NullPointerException if {@code name} is {@code null}
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <ul>
+ * <ul>
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.DECLARED)} denies
- * access to the declared method
+ * <li> the caller's class loader is not the same as the
+ * class loader of this class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the declared method
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class
*
- * </ul>
+ * </ul>
*
* @since JDK1.1
*/
@@ -2129,27 +2047,29 @@
* include the explicit enclosing instance as the first parameter.
*
* @param parameterTypes the parameter array
- * @return The {@code Constructor} object for the constructor with the
- * specified parameter list
- * @exception NoSuchMethodException if a matching method is not found.
- * @exception SecurityException
- * If a security manager, <i>s</i>, is present and any of the
- * following conditions is met:
+ * @return The {@code Constructor} object for the constructor with the
+ * specified parameter list
+ * @throws NoSuchMethodException if a matching method is not found.
+ * @throws SecurityException
+ * If a security manager, <i>s</i>, is present and any of the
+ * following conditions is met:
*
- * <ul>
+ * <ul>
*
- * <li> invocation of
- * {@link SecurityManager#checkMemberAccess
- * s.checkMemberAccess(this, Member.DECLARED)} denies
- * access to the declared constructor
+ * <li> the caller's class loader is not the same as the
+ * class loader of this class and invocation of
+ * {@link SecurityManager#checkPermission
+ * s.checkPermission} method with
+ * {@code RuntimePermission("accessDeclaredMembers")}
+ * denies access to the declared constructor
*
- * <li> the caller's class loader is not the same as or an
- * ancestor of the class loader for the current class and
- * invocation of {@link SecurityManager#checkPackageAccess
- * s.checkPackageAccess()} denies access to the package
- * of this class
+ * <li> the caller's class loader is not the same as or an
+ * ancestor of the class loader for the current class and
+ * invocation of {@link SecurityManager#checkPackageAccess
+ * s.checkPackageAccess()} denies access to the package
+ * of this class
*
- * </ul>
+ * </ul>
*
* @since JDK1.1
*/
@@ -2306,14 +2226,6 @@
*/
static native Class<?> getPrimitiveClass(String name);
- private static boolean isCheckMemberAccessOverridden(SecurityManager smgr) {
- if (smgr.getClass() == SecurityManager.class) return false;
-
- Class<?>[] paramTypes = new Class<?>[] {Class.class, int.class};
- return smgr.getClass().getMethod0("checkMemberAccess", paramTypes).
- getDeclaringClass() != SecurityManager.class;
- }
-
/*
* Check if client is allowed to access members. If access is denied,
* throw a SecurityException.
@@ -2326,19 +2238,17 @@
private void checkMemberAccess(int which, Class<?> caller, boolean checkProxyInterfaces) {
final SecurityManager s = System.getSecurityManager();
if (s != null) {
+ /* Default policy allows access to all {@link Member#PUBLIC} members,
+ * as well as access to classes that have the same class loader as the caller.
+ * In all other cases, it requires RuntimePermission("accessDeclaredMembers")
+ * permission.
+ */
final ClassLoader ccl = ClassLoader.getClassLoader(caller);
final ClassLoader cl = getClassLoader0();
- if (!isCheckMemberAccessOverridden(s)) {
- // Inlined SecurityManager.checkMemberAccess
- if (which != Member.PUBLIC) {
- if (ccl != cl) {
- s.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
- }
+ if (which != Member.PUBLIC) {
+ if (ccl != cl) {
+ s.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
- } else {
- // Don't refactor; otherwise break the stack depth for
- // checkMemberAccess of subclasses of SecurityManager as specified.
- s.checkMemberAccess(this, which);
}
this.checkPackageAccess(ccl, checkProxyInterfaces);
}
diff --git a/jdk/src/share/classes/java/lang/SecurityManager.java b/jdk/src/share/classes/java/lang/SecurityManager.java
index ca18763..34be905 100644
--- a/jdk/src/share/classes/java/lang/SecurityManager.java
+++ b/jdk/src/share/classes/java/lang/SecurityManager.java
@@ -1675,10 +1675,18 @@
* permission to access members.
* @exception NullPointerException if the <code>clazz</code> argument is
* <code>null</code>.
+ *
+ * @deprecated This method relies on the caller being at a stack depth
+ * of 4 which is error-prone and cannot be enforced by the runtime.
+ * Users of this method should instead invoke {@link #checkPermission}
+ * directly. This method will be changed in a future release
+ * to check the permission {@code java.security.AllPermission}.
+ *
* @see java.lang.reflect.Member
* @since JDK1.1
* @see #checkPermission(java.security.Permission) checkPermission
*/
+ @Deprecated
@CallerSensitive
public void checkMemberAccess(Class<?> clazz, int which) {
if (clazz == null) {
diff --git a/jdk/src/share/classes/java/lang/invoke/MethodHandles.java b/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
index 3bf24bc..78b0121 100644
--- a/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
+++ b/jdk/src/share/classes/java/lang/invoke/MethodHandles.java
@@ -41,6 +41,7 @@
import sun.security.util.SecurityConstants;
import static java.lang.invoke.MethodHandleStatics.*;
import static java.lang.invoke.MethodHandleNatives.Constants.*;
+import sun.security.util.SecurityConstants;
/**
* This class consists exclusively of static methods that operate on or return
@@ -305,36 +306,30 @@
* <a name="secmgr"></a>
* If a security manager is present, member lookups are subject to
* additional checks.
- * From one to four calls are made to the security manager.
+ * From one to three calls are made to the security manager.
* Any of these calls can refuse access by throwing a
* {@link java.lang.SecurityException SecurityException}.
* Define {@code smgr} as the security manager,
+ * {@code lookc} as the lookup class of the current lookup object,
* {@code refc} as the containing class in which the member
* is being sought, and {@code defc} as the class in which the
* member is actually defined.
+ * The value {@code lookc} is defined as <em>not present</em>
+ * if the current lookup object does not have
+ * {@linkplain java.lang.invoke.MethodHandles.Lookup#PRIVATE private access}.
* The calls are made according to the following rules:
* <ul>
- * <li>In all cases, {@link SecurityManager#checkMemberAccess
- * smgr.checkMemberAccess(refc, Member.PUBLIC)} is called.
- * <li>If the class loader of the lookup class is not
+ * <li>If {@code lookc} is not present, or if its class loader is not
* the same as or an ancestor of the class loader of {@code refc},
* then {@link SecurityManager#checkPackageAccess
* smgr.checkPackageAccess(refcPkg)} is called,
* where {@code refcPkg} is the package of {@code refc}.
+ * <li>If the retrieved member is not public and
+ * {@code lookc} is not present, then
+ * {@link SecurityManager#checkPermission smgr.checkPermission}
+ * with {@code RuntimePermission("accessDeclaredMembers")} is called.
* <li>If the retrieved member is not public,
- * {@link SecurityManager#checkMemberAccess
- * smgr.checkMemberAccess(defc, Member.DECLARED)} is called.
- * (Note that {@code defc} might be the same as {@code refc}.)
- * The default implementation of this security manager method
- * inspects the stack to determine the original caller of
- * the reflective request (such as {@code findStatic}),
- * and performs additional permission checks if the
- * class loader of {@code defc} differs from the class
- * loader of the class from which the reflective request came.
- * <li>If the retrieved member is not public,
- * and if {@code defc} and {@code refc} are in different class loaders,
- * and if the class loader of the lookup class is not
- * the same as or an ancestor of the class loader of {@code defc},
+ * and if {@code defc} and {@code refc} are different,
* then {@link SecurityManager#checkPackageAccess
* smgr.checkPackageAccess(defcPkg)} is called,
* where {@code defcPkg} is the package of {@code defc}.
@@ -1054,22 +1049,6 @@
}
/**
- * Determine whether a security manager has an overridden
- * SecurityManager.checkMemberAccess method.
- */
- private boolean isCheckMemberAccessOverridden(SecurityManager sm) {
- final Class<? extends SecurityManager> cls = sm.getClass();
- if (cls == SecurityManager.class) return false;
-
- try {
- return cls.getMethod("checkMemberAccess", Class.class, int.class).
- getDeclaringClass() != SecurityManager.class;
- } catch (NoSuchMethodException e) {
- throw new InternalError("should not reach here");
- }
- }
-
- /**
* Perform necessary <a href="MethodHandles.Lookup.html#secmgr">access checks</a>.
* Determines a trustable caller class to compare with refc, the symbolic reference class.
* If this lookup object has private access, then the caller class is the lookupClass.
@@ -1079,45 +1058,22 @@
if (smgr == null) return;
if (allowedModes == TRUSTED) return;
- final boolean overridden = isCheckMemberAccessOverridden(smgr);
// Step 1:
- {
- // Default policy is to allow Member.PUBLIC; no need to check
- // permission if SecurityManager is the default implementation
- final int which = Member.PUBLIC;
- final Class<?> clazz = refc;
- if (overridden) {
- // Don't refactor; otherwise break the stack depth for
- // checkMemberAccess of subclasses of SecurityManager as specified.
- smgr.checkMemberAccess(clazz, which);
- }
- }
-
- // Step 2:
if (!isFullPowerLookup() ||
!VerifyAccess.classLoaderIsAncestor(lookupClass, refc)) {
ReflectUtil.checkPackageAccess(refc);
}
- // Step 3:
+ // Step 2:
if (m.isPublic()) return;
Class<?> defc = m.getDeclaringClass();
{
- // Inline SecurityManager.checkMemberAccess
- final int which = Member.DECLARED;
- final Class<?> clazz = defc;
- if (!overridden) {
- if (!isFullPowerLookup()) {
- smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
- }
- } else {
- // Don't refactor; otherwise break the stack depth for
- // checkMemberAccess of subclasses of SecurityManager as specified.
- smgr.checkMemberAccess(clazz, which);
+ if (!isFullPowerLookup()) {
+ smgr.checkPermission(SecurityConstants.CHECK_MEMBER_ACCESS_PERMISSION);
}
}
- // Step 4:
+ // Step 3:
if (defc != refc) {
ReflectUtil.checkPackageAccess(defc);
}
diff --git a/jdk/src/share/classes/java/lang/reflect/Member.java b/jdk/src/share/classes/java/lang/reflect/Member.java
index 5d3ab3d..a539cb5 100644
--- a/jdk/src/share/classes/java/lang/reflect/Member.java
+++ b/jdk/src/share/classes/java/lang/reflect/Member.java
@@ -42,14 +42,12 @@
/**
* Identifies the set of all public members of a class or interface,
* including inherited members.
- * @see java.lang.SecurityManager#checkMemberAccess
*/
public static final int PUBLIC = 0;
/**
* Identifies the set of declared members of a class or interface.
* Inherited members are not included.
- * @see java.lang.SecurityManager#checkMemberAccess
*/
public static final int DECLARED = 1;
diff --git a/jdk/test/java/lang/invoke/InvokeDynamicPrintArgs.java b/jdk/test/java/lang/invoke/InvokeDynamicPrintArgs.java
index a318676..a3f3cd2 100644
--- a/jdk/test/java/lang/invoke/InvokeDynamicPrintArgs.java
+++ b/jdk/test/java/lang/invoke/InvokeDynamicPrintArgs.java
@@ -22,6 +22,7 @@
*/
/* @test
+ * @bug 7050328 8007035
* @summary smoke test for invokedynamic instructions
* @build indify.Indify
* @compile InvokeDynamicPrintArgs.java
@@ -42,6 +43,7 @@
import java.io.*;
import java.lang.invoke.*;
+import java.security.*;
import static java.lang.invoke.MethodHandles.*;
import static java.lang.invoke.MethodType.*;
@@ -62,17 +64,10 @@
}
private static void checkConstantRefs() throws Throwable {
- // check some constant references:
+ // check some constant references to its self class
assertEquals(MT_bsm(), MH_bsm().type());
assertEquals(MT_bsm2(), MH_bsm2().type());
- try {
- assertEquals(MT_bsm(), non_MH_bsm().type());
- // if SM is installed, must throw before this point
- assertEquals(false, System.getSecurityManager() != null);
- } catch (SecurityException ex) {
- // if SM is installed, must throw to this point
- assertEquals(true, System.getSecurityManager() != null);
- }
+ assertEquals(MT_bsm(), non_MH_bsm().type());
}
private static void assertEquals(Object exp, Object act) {
if (exp == act || (exp != null && exp.equals(act))) return;
@@ -80,21 +75,8 @@
}
private static void setSM() {
- // Test for severe security manager interactions (7050328).
- class SM extends SecurityManager {
- public void checkPackageAccess(String pkg) {
- if (pkg.startsWith("test."))
- throw new SecurityException("checkPackageAccess "+pkg);
- }
- public void checkMemberAccess(Class<?> clazz, int which) {
- if (clazz == InvokeDynamicPrintArgs.class)
- throw new SecurityException("checkMemberAccess "+clazz.getName()+" #"+which);
- }
- // allow these others:
- public void checkPermission(java.security.Permission perm) {
- }
- }
- System.setSecurityManager(new SM());
+ Policy.setPolicy(new TestPolicy());
+ System.setSecurityManager(new SecurityManager());
}
private static PrintStream oldOut;
@@ -250,4 +232,22 @@
if (System.getProperty("InvokeDynamicPrintArgs.allow-untransformed") != null) return;
throw new AssertionError("this code should be statically transformed away by Indify");
}
+
+ static class TestPolicy extends Policy {
+ final PermissionCollection permissions = new Permissions();
+ TestPolicy() {
+ permissions.add(new java.io.FilePermission("<<ALL FILES>>", "read"));
+ }
+ public PermissionCollection getPermissions(ProtectionDomain domain) {
+ return permissions;
+ }
+
+ public PermissionCollection getPermissions(CodeSource codesource) {
+ return permissions;
+ }
+
+ public boolean implies(ProtectionDomain domain, Permission perm) {
+ return permissions.implies(perm);
+ }
+ }
}
diff --git a/jdk/test/java/lang/invoke/TestPrivateMember.java b/jdk/test/java/lang/invoke/TestPrivateMember.java
new file mode 100644
index 0000000..f2c0bc1
--- /dev/null
+++ b/jdk/test/java/lang/invoke/TestPrivateMember.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.MethodType;
+
+/**
+ * @test
+ * @bug 8007035
+ * @summary Test MethodHandle of a private member
+ *
+ * @run main TestPrivateMember
+ */
+
+public class TestPrivateMember {
+ public static void main(String... args) throws Throwable {
+ System.setSecurityManager(new SecurityManager());
+ TestPrivateMember t = new TestPrivateMember();
+ t.test();
+ }
+
+ public TestPrivateMember() {
+ }
+
+ public void test() throws Throwable {
+ MethodHandles.Lookup lookup = MethodHandles.lookup();
+ MethodType mt = MethodType.methodType(void.class);
+ try {
+ MethodHandle mh = lookup.findStatic(Class.class, "checkInitted", mt);
+ throw new RuntimeException("IllegalAccessException not thrown");
+ } catch (IllegalAccessException e) {
+ // okay
+ System.out.println("Expected exception: " + e.getMessage());
+ }
+ }
+}
