This is an automated email from the ASF dual-hosted git repository.
sunlan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/groovy.git
The following commit(s) were added to refs/heads/master by this push:
new 8dd72cdac5 GROOVY-10581: Prepare for deprecation of security manager
(JEP-411) (#2404)
8dd72cdac5 is described below
commit 8dd72cdac51537750a98c689f97edb82427dfd47
Author: Paul King <[email protected]>
AuthorDate: Sat Mar 28 03:03:34 2026 +1100
GROOVY-10581: Prepare for deprecation of security manager (JEP-411) (#2404)
---
security/groovy.policy | 271 -----------------
src/main/java/groovy/lang/GroovyClassLoader.java | 99 +++----
src/main/java/groovy/lang/GroovyCodeSource.java | 42 +--
src/main/java/groovy/lang/GroovyShell.java | 57 +---
src/main/java/groovy/lang/MetaClassImpl.java | 15 +-
src/main/java/groovy/ui/GroovyMain.java | 7 +-
src/main/java/groovy/util/GroovyScriptEngine.java | 22 +-
.../internal/util/ReevaluatingReference.java | 13 +-
.../codehaus/groovy/control/ProcessingUnit.java | 11 +-
.../org/codehaus/groovy/control/SourceUnit.java | 3 +-
.../codehaus/groovy/reflection/CachedClass.java | 36 +--
.../org/codehaus/groovy/reflection/ClassInfo.java | 4 +-
.../reflection/ClassLoaderForClassArtifacts.java | 4 +-
.../groovy/reflection/ReflectionUtils.java | 4 +-
.../reflection/stdclasses/CachedSAMClass.java | 10 +-
.../groovy/runtime/ProxyGeneratorAdapter.java | 3 +-
.../groovy/runtime/callsite/CallSiteArray.java | 19 +-
.../org/codehaus/groovy/tools/GroovyStarter.java | 3 +-
.../groovy/tools/javac/JavacJavaCompiler.java | 5 +-
.../org/codehaus/groovy/vmplugin/VMPlugin.java | 22 --
.../codehaus/groovy/vmplugin/VMPluginFactory.java | 35 +--
.../org/codehaus/groovy/vmplugin/v8/Java8.java | 18 +-
.../groovy/gls/innerClass/InnerClassTest.groovy | 27 +-
src/test/groovy/groovy/security/SecurityTest.java | 111 -------
.../groovy/security/SecurityTestSupport.java | 310 -------------------
.../groovy/groovy/security/forbiddenCodeBase.gvy | 22 --
.../apache/groovy/parser/antlr4/TestUtils.groovy | 10 +-
.../codehaus/groovy/reflection/SecurityTest.java | 329 ---------------------
.../org/codehaus/groovy/classgen/TestSupport.java | 19 +-
.../codehaus/groovy/ant/CompileTaskSupport.java | 7 +-
.../main/java/org/codehaus/groovy/ant/Groovy.java | 5 +-
.../main/java/org/codehaus/groovy/ant/Groovyc.java | 5 +-
.../org/codehaus/groovy/ant/RootLoaderRef.java | 6 +-
.../groovy/jsr223/GroovyScriptEngineImpl.java | 9 +-
.../groovy-sql/src/main/java/groovy/sql/Sql.java | 21 +-
.../swing/binding/ClosureTriggerBinding.java | 63 ++--
.../groovy/groovy/text/GStringTemplateEngine.java | 4 +-
.../groovy/text/StreamingTemplateEngine.java | 4 +-
.../groovy/text/markup/MarkupTemplateEngine.java | 18 +-
.../src/main/java/groovy/test/AllTestSuite.java | 7 +-
.../src/main/java/groovy/test/GroovyTestSuite.java | 7 +-
.../src/main/java/groovy/xml/FactorySupport.java | 14 +-
42 files changed, 193 insertions(+), 1508 deletions(-)
diff --git a/security/groovy.policy b/security/groovy.policy
deleted file mode 100644
index 9633189e00..0000000000
--- a/security/groovy.policy
+++ /dev/null
@@ -1,271 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/* Notes on the contents of this policy file:
- *
- * The following methods in groovy have privileged operations wrapping
- * setAccessible. If these wrappers are not provided, most codebases below
- * must have the following grant:
- * permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- * MetaMethod.createMetaMethod
- * MetaMethod.invoke(Object Object[])
- * ReflectionMetaMethod.invoke(Object Object[])
- * DefaultGroovyMethods.dump(Object)
- */
-
-/*
- * This keystore contains the public key of the pair used to sign
GroovyTestJar.jar
- * See SecurityTest.testReadSignedJar()
- */
-// NOT CURRENTLY USED!
-//keystore "file:${user.dir}/security/groovykeys";
-
-/*
- * ================= Codebases requiring java.security.AllPermission
===============
- * The following codebases require java.security.AllPermission. They are
considered trusted
- * for purposes of groovy security enforcement. In a deployed groovy
environment, these classes
- * would all be in a set of jars. If these jars are signed, the grants could
be strengthened to
- * by adding a signedBy clause to the grant.
- */
-
-// Eclipse default output directory to allow running security tests in that IDE
-grant codeBase "file:${user.dir}/bin/-" {
- permission java.security.AllPermission;
-};
-
-// IntelliJ IDEA default output directory to allow running security tests in
that IDE
-grant codeBase "file:${user.dir}/out/-" {
- permission java.security.AllPermission;
-};
-
-// Gradle build output directory
-grant codeBase "file:${user.dir}/build/-" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "file:${user.dir}/subprojects/groovy-test/build/-" {
- permission java.security.AllPermission;
-};
-
-// Gradle dependency cache
-grant codeBase "file:${user.home}/.gradle/-" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "file:${groovy.lib}/-" {
- permission java.security.AllPermission;
-};
-
-/*
- * When running from maven, this codebase is required.
- * If not running from maven, the codesource will not be found, but will not
cause an error.
- */
-grant codeBase "file:${maven.home}/-" {
- permission java.security.AllPermission;
-};
-
-/*
- * When running from Gradle, this codebase is required.
- * If not running from Gradle, the codesource will not be found, but will not
cause an error.
- */
-grant codeBase "file:${gradle.home}/-" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "file:${gradle.junit}" {
- permission java.security.AllPermission;
-};
-
-/*
- * When running the junit plugin from within eclipse, this codebase is
required.
- * If not running from eclipse, the codesource will not be found, but will not
cause an error.
- */
-grant codeBase "file:${user.dir}/../../plugins/-" {
- permission java.security.AllPermission;
-};
-
-/*
- * ================= Default codebases created by groovy. ===============
- * The following codebases are assigned when groovy parses a groovy script
- */
-
-/*
- * GroovyShell.parse(InputStream,...) is given a codebase of "groovy.shell"
because no actual
- * codebase can be determined. The other forms of parse(File) and
parse(GroovyCodeSource) allow
- * for more control. These permission should be set to control scripts that
are passed into
- * the shell in the form of a string or other groovy code of unknown
provenance.
- */
-grant codeBase "file:/groovy/shell" {
- permission java.lang.RuntimePermission "accessDeclaredMembers";
-
- // For StreamClassloaderInScriptTest.groovy test
- permission java.io.FilePermission "${user.dir}${/}blahblah.dat",
"read,write,delete";
-};
-
-/*
- * Similar to "file:/groovy/shell", but implying a direct call to
GroovyClassLoader.parse() without
- * passing through GroovyShell.
- */
-grant codeBase "file:/groovy/script" {
- permission java.lang.RuntimePermission "accessDeclaredMembers";
-};
-
-/*
- * The TestSupport class has a loadClass method that takes a ClassNode and
runs it
- * through defineClass() of the class loader. The codebase for this operation
is
- * set to "/groovy/testSupport".
- */
-grant codeBase "file:/groovy/testSupport" {
- permission java.lang.RuntimePermission "accessDeclaredMembers";
-};
-
-/*
- * ================= SecurityTest codebases ===============
- * The following grants are for individual security test cases where the
- * codebase is explicitly specified (e.g. the script is a raw string rather
- * than read from a file). Note that even though the codebases conform to
- * the file URL syntax, they are not physical files: they represent virtual
- * codebases.
- * The permission grant that is commented out is the permission that is
- * expected to be missing by the test case. It is here as a comment for
- * information.
- */
-
-//Since a codebase is a URL, we can make use of the natural hierarchy
permission implications
-//to grant a 'global' accessDeclaredPermission here.
-grant codeBase "file:/groovy/security/-" {
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.RuntimePermission "getClassLoader";
-};
-
-grant codeBase "file:/groovy/security/testForbiddenPackage" {
- //permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
-};
-
-grant codeBase "file:/groovy/security/javax/print/deny" {
- //permission java.lang.RuntimePermission
"accessClassInPackage.javax.print";
-};
-
-grant codeBase "file:/groovy/security/javax/print/allow" {
- permission java.lang.RuntimePermission "accessClassInPackage.javax.print";
-};
-
-/*
- * ================= .groovy script file codebases ===============
- * The following grants are for individual security test cases.
- * The permission grant that is commented out is the permission that is
- * expected to be missing by the test case. It is here as a comment for
- * information.
- */
-grant codeBase "file:${user.dir}/src/test/groovy/-" {
- // Required by most groovy scripts during execution because of the heavy
use of reflection/
- // introspection. The groovy code could potentially be changed to
eliminate this requirement
- // by adding privileged operations in many places.
- permission java.lang.RuntimePermission "accessDeclaredMembers";
-};
-
-grant codeBase
"file:${user.dir}/src/test/groovy/groovy/security/forbiddenCodeBase.gvy" {
- //The following grant is commented out so that the test case will throw an
AccessControlException
- //permission groovy.security.GroovyCodeSourcePermission
"/groovy/security/forbiddenCodeBase";
-};
-
-// Grant permission to .groovy files extracted from a signed jar that has been
signedBy "Groovy"
-grant signedBy "Groovy" {
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.util.PropertyPermission "user.home", "read";
-};
-
-grant codeBase "file:${user.dir}/src/test/groovy/bugs/BadScriptNameBug.groovy"
{
- permission java.lang.RuntimePermission "createClassLoader";
- permission java.util.PropertyPermission "groovy.compiler.strictNames",
"read";
-};
-
-grant codeBase
"file:${user.dir}/src/test/groovy/groovy/ClosureMethodTest.groovy" {
- permission java.lang.RuntimePermission "getClassLoader";
-};
-
-grant codeBase
"file:${user.dir}/src/test/groovy/groovy/ClosureWithDefaultParamTest.groovy" {
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.io.FilePermission "src${/}test${/}-", "read";
-
- // Required because test calls File.eachLine which eventually invokes
- // groovy.util.CharsetToolkit#getDefaultSystemCharset which does not wrap
- // the property access in a privileged block.
- permission java.util.PropertyPermission "file.encoding", "read";
-};
-
-grant codeBase "file:${user.dir}/src/test/groovy/bugs/ConstructorBug.groovy" {
- permission java.lang.RuntimePermission "createClassLoader";
-
- // Required because GroovyCodeSource calls to File#getCanonicalPath (at
least on the Windows FileSystem)
- permission java.util.PropertyPermission "user.dir", "read";
- permission java.util.PropertyPermission "groovy.compiler.strictNames",
"read";
-
- permission java.io.FilePermission
"src${/}test${/}groovy${/}bugs${/}TestBase.groovy", "read";
- permission java.io.FilePermission
"src${/}test${/}groovy${/}bugs${/}TestDerived.groovy", "read";
- permission java.io.FilePermission
"${user.dir}${/}target${/}classes${/}test${/}groovy${/}bugs${/}TestBase.class",
"read";
- permission java.io.FilePermission
"${user.dir}${/}target${/}classes${/}test${/}groovy${/}bugs${/}TestDerived.class",
"read";
-};
-
-grant codeBase
"file:${user.dir}/src/test/groovy/groovy/script/ScriptTest.groovy" {
- permission java.io.FilePermission "src${/}test${/}groovy${/}-", "read";
- permission groovy.security.GroovyCodeSourcePermission "/groovy/shell";
-
- // Required because GroovyCodeSource calls to File#getCanonicalPath (at
least on the Windows FileSystem)
- permission java.util.PropertyPermission "user.dir", "read";
-
- // Required by MethodTestScript.groovy run as a script
- permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
-
- // Required by StreamClassloaderInScriptTest.groovy run as a script
- permission java.io.FilePermission "${user.dir}${/}blahblah.dat",
"read,write,delete";
-
- // Required for JUnit to report errors for scripts that are junit test
cases
- permission java.util.PropertyPermission "user.home", "read";
- permission java.io.FilePermission "${user.home}${/}junit.properties",
"read";
-
- // Required for Gradle 4.7+ printing a line triggered by running the script
- permission java.util.PropertyPermission "line.separator", "read";
-};
-
-grant codeBase
"file:${user.dir}/src/test/groovy/groovy/script/EvalInScript.groovy" {
- permission java.io.FilePermission
"src${/}test${/}groovy${/}script${/}HelloWorld.groovy", "read";
- permission groovy.security.GroovyCodeSourcePermission "/groovy/shell";
-
- // Required because GroovyCodeSource calls to File#getCanonicalPath (at
least on the Windows FileSystem)
- permission java.util.PropertyPermission "user.dir", "read";
-};
-
-grant codeBase
"file:${user.dir}/src/test/groovy/groovy/script/MethodTestScript.groovy" {
- permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
-};
-
-grant codeBase
"file:${user.dir}/src/test/groovy/groovy/script/StreamClassloaderInScriptTest.groovy"
{
- permission groovy.security.GroovyCodeSourcePermission "/groovy/shell";
- permission java.io.FilePermission "${user.dir}${/}blahblah.dat",
"read,write,delete";
-};
-
-grant {
- // Required to load Global AST Transforms
- permission java.io.FilePermission
"${user.dir}${/}target${/}resources${/}main${/}META-INF${/}services${/}-",
"read";
- permission java.io.FilePermission "${user.dir}${/}target${/}libs${/}-",
"read";
-
- // Required for StreamClassloaderInScriptTest
- permission java.io.FilePermission "${java.home}${/}-", "read";
-};
diff --git a/src/main/java/groovy/lang/GroovyClassLoader.java
b/src/main/java/groovy/lang/GroovyClassLoader.java
index 45a9417e36..97aa0f0add 100644
--- a/src/main/java/groovy/lang/GroovyClassLoader.java
+++ b/src/main/java/groovy/lang/GroovyClassLoader.java
@@ -175,24 +175,17 @@ public class GroovyClassLoader extends URLClassLoader {
//--------------------------------------------------------------------------
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(java.security.PrivilegedAction<T>
action) {
- return java.security.AccessController.doPrivileged(action);
- }
-
private GroovyResourceLoader resourceLoader = new GroovyResourceLoader() {
@Override
public URL loadGroovySource(final String filename) {
- return doPrivileged(() -> {
- for (String extension : config.getScriptExtensions()) {
- try {
- URL url = getSourceFile(filename, extension);
- if (url != null) return url;
- } catch (Throwable ignore) {
- }
+ for (String extension : config.getScriptExtensions()) {
+ try {
+ URL url = getSourceFile(filename, extension);
+ if (url != null) return url;
+ } catch (Throwable ignore) {
}
- return null;
- });
+ }
+ return null;
}
};
@@ -298,7 +291,7 @@ public class GroovyClassLoader extends URLClassLoader {
* @return the main class defined in the given script
*/
public Class parseClass(final String text, final String fileName) throws
CompilationFailedException {
- GroovyCodeSource gcs = doPrivileged(() -> new GroovyCodeSource(text,
fileName, "/groovy/script"));
+ GroovyCodeSource gcs = new GroovyCodeSource(text, fileName,
"/groovy/script");
gcs.setCachable(false);
return parseClass(gcs);
}
@@ -314,14 +307,13 @@ public class GroovyClassLoader extends URLClassLoader {
}
public Class parseClass(final Reader reader, final String fileName) throws
CompilationFailedException {
- GroovyCodeSource gcs = doPrivileged(() -> {
- try {
- String scriptText = IOGroovyMethods.getText(reader);
- return new GroovyCodeSource(scriptText, fileName,
"/groovy/script");
- } catch (IOException e) {
- throw new RuntimeException("Impossible to read the content of
the reader for file named: " + fileName, e);
- }
- });
+ GroovyCodeSource gcs;
+ try {
+ String scriptText = IOGroovyMethods.getText(reader);
+ gcs = new GroovyCodeSource(scriptText, fileName, "/groovy/script");
+ } catch (IOException e) {
+ throw new RuntimeException("Impossible to read the content of the
reader for file named: " + fileName, e);
+ }
return parseClass(gcs);
}
@@ -473,7 +465,7 @@ public class GroovyClassLoader extends URLClassLoader {
}
private ProtectionDomain getProtectionDomain() {
- return doPrivileged(() -> getClass().getProtectionDomain());
+ return getClass().getProtectionDomain();
}
/**
@@ -502,7 +494,7 @@ public class GroovyClassLoader extends URLClassLoader {
}
private InnerLoader createLoader() {
- return doPrivileged(() -> new InnerLoader(GroovyClassLoader.this));
+ return new InnerLoader(GroovyClassLoader.this);
}
/**
@@ -877,40 +869,37 @@ public class GroovyClassLoader extends URLClassLoader {
* @see #addURL(URL)
*/
public void addClasspath(final String path) {
- doPrivileged(() -> {
- URI newURI;
- try {
- newURI = new URI(path);
- // check if we can create a URL from that URI
- newURI.toURL();
- } catch (URISyntaxException | IllegalArgumentException |
MalformedURLException e) {
- // the URI has a false format, so lets try it with files ...
- newURI = new File(path).toURI();
- }
+ URI newURI;
+ try {
+ newURI = new URI(path);
+ // check if we can create a URL from that URI
+ newURI.toURL();
+ } catch (URISyntaxException | IllegalArgumentException |
MalformedURLException e) {
+ // the URI has a false format, so lets try it with files ...
+ newURI = new File(path).toURI();
+ }
- URL[] urls = getURLs();
- for (URL url : urls) {
- // Do not use URL.equals. It uses the network to resolve
names and compares ip addresses!
- // That is a violation of RFC and just plain evil.
- //
http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html
- //
http://docs.oracle.com/javase/7/docs/api/java/net/URL.html#equals(java.lang.Object)
- // "Since hosts comparison requires name resolution, this
operation is a blocking operation.
- // Note: The defined behavior for equals is known to be
inconsistent with virtual hosting in HTTP."
- try {
- if (newURI.equals(url.toURI())) return null;
- } catch (URISyntaxException e) {
- // fail fast! if we got a malformed URI the Classloader
has to tell it
- throw new RuntimeException(e);
- }
- }
+ URL[] urls = getURLs();
+ for (URL url : urls) {
+ // Do not use URL.equals. It uses the network to resolve names
and compares ip addresses!
+ // That is a violation of RFC and just plain evil.
+ //
http://michaelscharf.blogspot.com/2006/11/javaneturlequals-and-hashcode-make.html
+ //
http://docs.oracle.com/javase/7/docs/api/java/net/URL.html#equals(java.lang.Object)
+ // "Since hosts comparison requires name resolution, this
operation is a blocking operation.
+ // Note: The defined behavior for equals is known to be
inconsistent with virtual hosting in HTTP."
try {
- addURL(newURI.toURL());
- } catch (MalformedURLException e) {
- // fail fast! if we got a malformed URL the Classloader has to
tell it
+ if (newURI.equals(url.toURI())) return;
+ } catch (URISyntaxException e) {
+ // fail fast! if we got a malformed URI the Classloader has to
tell it
throw new RuntimeException(e);
}
- return null;
- });
+ }
+ try {
+ addURL(newURI.toURL());
+ } catch (MalformedURLException e) {
+ // fail fast! if we got a malformed URL the Classloader has to
tell it
+ throw new RuntimeException(e);
+ }
}
/**
diff --git a/src/main/java/groovy/lang/GroovyCodeSource.java
b/src/main/java/groovy/lang/GroovyCodeSource.java
index 063227251a..c46d2e9cb9 100644
--- a/src/main/java/groovy/lang/GroovyCodeSource.java
+++ b/src/main/java/groovy/lang/GroovyCodeSource.java
@@ -32,8 +32,6 @@ import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.security.CodeSource;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.util.Objects;
@@ -122,38 +120,28 @@ public class GroovyCodeSource {
//The calls below require access to user.dir - allow here since
getName() and getCodeSource() are
//package private and used only by the GroovyClassLoader.
try {
- Object[] info = doPrivileged((PrivilegedExceptionAction<Object[]>)
() -> {
- // retrieve the content of the file using the provided encoding
- if (encoding != null) {
- scriptText = ResourceGroovyMethods.getText(infile,
encoding);
- } else {
- scriptText = ResourceGroovyMethods.getText(infile);
- }
+ // retrieve the content of the file using the provided encoding
+ if (encoding != null) {
+ scriptText = ResourceGroovyMethods.getText(infile, encoding);
+ } else {
+ scriptText = ResourceGroovyMethods.getText(infile);
+ }
- Object[] info1 = new Object[2];
- URL url = file.toURI().toURL();
- info1[0] = url.toExternalForm();
- //toURI().toURL() will encode, but toURL() will not.
- info1[1] = new CodeSource(url, (Certificate[]) null);
- return info1;
- });
+ Object[] info = new Object[2];
+ URL url = file.toURI().toURL();
+ info[0] = url.toExternalForm();
+ //toURI().toURL() will encode, but toURL() will not.
+ info[1] = new CodeSource(url, (Certificate[]) null);
this.name = (String) info[0];
this.codeSource = (CodeSource) info[1];
- } catch (PrivilegedActionException pae) {
- Throwable cause = pae.getCause();
- if (cause instanceof IOException) {
- throw (IOException) cause;
- }
- throw new RuntimeException("Could not construct CodeSource for
file: " + file, cause);
+ } catch (IOException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException("Could not construct CodeSource for
file: " + file, e);
}
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws
PrivilegedActionException {
- return java.security.AccessController.doPrivileged(action);
- }
-
/**
* @param infile the file to create a GroovyCodeSource for.
* @throws IOException if an issue arises opening and reading the file.
diff --git a/src/main/java/groovy/lang/GroovyShell.java
b/src/main/java/groovy/lang/GroovyShell.java
index 59484a8152..f2000a6aba 100644
--- a/src/main/java/groovy/lang/GroovyShell.java
+++ b/src/main/java/groovy/lang/GroovyShell.java
@@ -35,9 +35,6 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.net.URI;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
@@ -121,22 +118,12 @@ public class GroovyShell extends GroovyObjectSupport {
&& ((GroovyClassLoader)
parentLoader).hasCompatibleConfiguration(config)) {
this.loader = (GroovyClassLoader) parentLoader;
} else {
- this.loader = doPrivileged((PrivilegedAction<GroovyClassLoader>) ()
-> new GroovyClassLoader(parentLoader, config));
+ this.loader = new GroovyClassLoader(parentLoader, config);
}
this.context = binding;
this.config = config;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private <T> T doPrivileged(PrivilegedAction<T> action) {
- return java.security.AccessController.doPrivileged(action);
- }
-
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws
PrivilegedActionException {
- return java.security.AccessController.doPrivileged(action);
- }
-
public void resetLoadedClasses() {
loader.clearCache();
}
@@ -220,42 +207,22 @@ public class GroovyShell extends GroovyObjectSupport {
final Thread thread = Thread.currentThread();
//ClassLoader currentClassLoader = thread.getContextClassLoader();
- class DoSetContext implements PrivilegedAction {
- final ClassLoader classLoader;
-
- DoSetContext(ClassLoader loader) {
- classLoader = loader;
- }
-
- @Override
- public Object run() {
- thread.setContextClassLoader(classLoader);
- return null;
- }
- }
-
- doPrivileged(new DoSetContext(loader));
+ thread.setContextClassLoader(loader);
// Parse the script, generate the class, and invoke the main method.
This is a little looser than
// if you are compiling the script because the JVM isn't executing the
main method.
Class scriptClass;
try {
- scriptClass = doPrivileged((PrivilegedExceptionAction<Class>) ()
-> loader.parseClass(scriptFile));
- } catch (PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof CompilationFailedException) {
- throw (CompilationFailedException) e;
- } else if (e instanceof IOException) {
- throw (IOException) e;
- } else {
- throw (RuntimeException) pae.getException();
- }
+ scriptClass = loader.parseClass(scriptFile);
+ } catch (CompilationFailedException e) {
+ throw e;
+ } catch (IOException e) {
+ throw e;
}
return runScriptOrMainOrTestOrRunnable(scriptClass, args);
- // Set the context classloader back to what it was.
- //AccessController.doPrivileged(new DoSetContext(currentClassLoader));
+ // TODO do we need to set the context classloader back to what it was.
}
/**
@@ -397,7 +364,7 @@ public class GroovyShell extends GroovyObjectSupport {
* @param args the command line arguments to pass in
*/
public Object run(final String scriptText, final String fileName, String[]
args) throws CompilationFailedException {
- GroovyCodeSource gcs =
doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new
GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
+ GroovyCodeSource gcs = new GroovyCodeSource(scriptText, fileName,
DEFAULT_CODE_BASE);
return run(gcs, args);
}
@@ -461,7 +428,7 @@ public class GroovyShell extends GroovyObjectSupport {
* @param args the command line arguments to pass in
*/
public Object run(final Reader in, final String fileName, String[] args)
throws CompilationFailedException {
- GroovyCodeSource gcs =
doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new
GroovyCodeSource(in, fileName, DEFAULT_CODE_BASE));
+ GroovyCodeSource gcs = new GroovyCodeSource(in, fileName,
DEFAULT_CODE_BASE);
Class scriptClass = parseClass(gcs);
return runScriptOrMainOrTestOrRunnable(scriptClass, args);
}
@@ -519,7 +486,7 @@ public class GroovyShell extends GroovyObjectSupport {
sm.checkPermission(new GroovyCodeSourcePermission(codeBase));
}
- GroovyCodeSource gcs =
doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new
GroovyCodeSource(scriptText, fileName, codeBase));
+ GroovyCodeSource gcs = new GroovyCodeSource(scriptText, fileName,
codeBase);
return evaluate(gcs);
}
@@ -664,7 +631,7 @@ public class GroovyShell extends GroovyObjectSupport {
}
public Script parse(final String scriptText, final String fileName,
Binding binding) throws CompilationFailedException {
- GroovyCodeSource gcs =
doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new
GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
+ GroovyCodeSource gcs = new GroovyCodeSource(scriptText, fileName,
DEFAULT_CODE_BASE);
return parse(gcs, binding);
}
diff --git a/src/main/java/groovy/lang/MetaClassImpl.java
b/src/main/java/groovy/lang/MetaClassImpl.java
index e67e0a8bda..0a2853ef97 100644
--- a/src/main/java/groovy/lang/MetaClassImpl.java
+++ b/src/main/java/groovy/lang/MetaClassImpl.java
@@ -90,8 +90,6 @@ import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.URL;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -3404,12 +3402,12 @@ public class MetaClassImpl implements MetaClass,
MutableMetaClass {
BeanInfo info;
try {
if (isBeanDerivative(theClass)) {
- info = doPrivileged(() -> Introspector.getBeanInfo(theClass,
Introspector.IGNORE_ALL_BEANINFO));
+ info = Introspector.getBeanInfo(theClass,
Introspector.IGNORE_ALL_BEANINFO);
} else {
- info = doPrivileged(() -> Introspector.getBeanInfo(theClass));
+ info = Introspector.getBeanInfo(theClass);
}
- } catch (PrivilegedActionException pae) {
- throw new GroovyRuntimeException("exception during bean
introspection", pae.getException());
+ } catch (Exception e) {
+ throw new GroovyRuntimeException("exception during bean
introspection", e);
}
PropertyDescriptor[] descriptors = info.getPropertyDescriptors();
// build up the metaproperties based on the public fields, property
descriptors,
@@ -3456,11 +3454,6 @@ public class MetaClassImpl implements MetaClass,
MutableMetaClass {
}
}
- @SuppressWarnings("removal") // TODO: a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(final PrivilegedExceptionAction<T>
action) throws PrivilegedActionException {
- return java.security.AccessController.doPrivileged(action);
- }
-
private static boolean isBeanDerivative(Class theClass) {
Class next = theClass;
while (next != null) {
diff --git a/src/main/java/groovy/ui/GroovyMain.java
b/src/main/java/groovy/ui/GroovyMain.java
index d042a12ada..66b2d9c539 100644
--- a/src/main/java/groovy/ui/GroovyMain.java
+++ b/src/main/java/groovy/ui/GroovyMain.java
@@ -525,12 +525,7 @@ public class GroovyMain {
}
}
- doPrivileged(new DoSetContext(shell.getClassLoader()));
- }
-
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(PrivilegedAction<T> action) {
- return java.security.AccessController.doPrivileged(action);
+ new DoSetContext(shell.getClassLoader()).run();
}
/**
diff --git a/src/main/java/groovy/util/GroovyScriptEngine.java
b/src/main/java/groovy/util/GroovyScriptEngine.java
index 15775d8752..a7e6d06c56 100644
--- a/src/main/java/groovy/util/GroovyScriptEngine.java
+++ b/src/main/java/groovy/util/GroovyScriptEngine.java
@@ -48,7 +48,6 @@ import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.CodeSource;
-import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -60,7 +59,7 @@ import java.util.concurrent.ConcurrentHashMap;
* with dependent scripts.
*/
public class GroovyScriptEngine implements ResourceConnector {
- private static final ClassLoader CL_STUB =
doPrivileged((PrivilegedAction<ClassLoader>) () -> new ClassLoader() {});
+ private static final ClassLoader CL_STUB = new ClassLoader() {};
private static final URL[] EMPTY_URL_ARRAY = new URL[0];
@@ -337,23 +336,16 @@ public class GroovyScriptEngine implements
ResourceConnector {
* @return the parent classloader used to load scripts
*/
private GroovyClassLoader initGroovyLoader() {
- GroovyClassLoader groovyClassLoader =
- doPrivileged((PrivilegedAction<ScriptClassLoader>) () -> {
- if (parentLoader instanceof GroovyClassLoader) {
- return new ScriptClassLoader((GroovyClassLoader)
parentLoader);
- } else {
- return new ScriptClassLoader(parentLoader, config);
- }
- });
+ GroovyClassLoader groovyClassLoader;
+ if (parentLoader instanceof GroovyClassLoader) {
+ groovyClassLoader = new ScriptClassLoader((GroovyClassLoader)
parentLoader);
+ } else {
+ groovyClassLoader = new ScriptClassLoader(parentLoader, config);
+ }
for (URL root : roots) groovyClassLoader.addURL(root);
return groovyClassLoader;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(PrivilegedAction<T> action) {
- return java.security.AccessController.doPrivileged(action);
- }
-
/**
* Get a resource connection as a <code>URLConnection</code> to retrieve a
script
* from the <code>ResourceConnector</code>.
diff --git
a/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java
b/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java
index 91e476cfef..4711cd0d52 100644
--- a/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java
+++ b/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java
@@ -27,8 +27,6 @@ import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.invoke.SwitchPoint;
import java.lang.ref.WeakReference;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
/**
* This class represents a reference to the most actual incarnation of a
Metaclass.
@@ -40,20 +38,15 @@ public class ReevaluatingReference<T> {
static {
try {
//TODO Jochen: move the findSpecial to a central place together
with others to easy security configuration
- FALLBACK_HANDLE =
doPrivileged((PrivilegedExceptionAction<MethodHandle>) () ->
MethodHandles.lookup().findSpecial(
+ FALLBACK_HANDLE = MethodHandles.lookup().findSpecial(
ReevaluatingReference.class, "replacePayLoad",
MethodType.methodType(Object.class),
- ReevaluatingReference.class));
- } catch (PrivilegedActionException e) {
+ ReevaluatingReference.class);
+ } catch (Exception e) {
throw new GroovyBugError(e);
}
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(PrivilegedExceptionAction<T> action)
throws PrivilegedActionException {
- return java.security.AccessController.doPrivileged(action);
- }
-
private final Supplier<T> valueSupplier;
private final Function<T, SwitchPoint> validationSupplier;
private final WeakReference<Class<T>> clazzRef;
diff --git a/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java
b/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java
index 4cec35e950..02e711a279 100644
--- a/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java
+++ b/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java
@@ -95,18 +95,13 @@ public abstract class ProcessingUnit {
* Sets the class loader for use by this ProcessingUnit.
*/
public void setClassLoader(final GroovyClassLoader loader) {
- // ClassLoaders should only be created inside a doPrivileged block in
case
- // this method is invoked by code that does not have security
permissions.
this.classLoader = loader != null ? loader : createClassLoader();
}
- @SuppressWarnings("removal") // TODO a future Groovy version should create
the loader not as a privileged action
private GroovyClassLoader createClassLoader() {
- return
java.security.AccessController.doPrivileged((java.security.PrivilegedAction<GroovyClassLoader>)
() -> {
- ClassLoader parent =
Thread.currentThread().getContextClassLoader();
- if (parent == null) parent = ProcessingUnit.class.getClassLoader();
- return new GroovyClassLoader(parent, getConfiguration());
- });
+ ClassLoader parent = Thread.currentThread().getContextClassLoader();
+ if (parent == null) parent = ProcessingUnit.class.getClassLoader();
+ return new GroovyClassLoader(parent, getConfiguration());
}
/**
diff --git a/src/main/java/org/codehaus/groovy/control/SourceUnit.java
b/src/main/java/org/codehaus/groovy/control/SourceUnit.java
index adf42345d4..0704c689f1 100644
--- a/src/main/java/org/codehaus/groovy/control/SourceUnit.java
+++ b/src/main/java/org/codehaus/groovy/control/SourceUnit.java
@@ -242,9 +242,8 @@ public class SourceUnit extends ProcessingUnit {
}
}
- @SuppressWarnings("removal") // TODO a future Groovy version should get
the property not as a privileged action
private String getProperty(String key) {
- return
java.security.AccessController.doPrivileged((java.security.PrivilegedAction<String>)
() -> System.getProperty(key));
+ return System.getProperty(key);
}
/**
diff --git a/src/main/java/org/codehaus/groovy/reflection/CachedClass.java
b/src/main/java/org/codehaus/groovy/reflection/CachedClass.java
index 5153e6e739..a3c9a067d3 100644
--- a/src/main/java/org/codehaus/groovy/reflection/CachedClass.java
+++ b/src/main/java/org/codehaus/groovy/reflection/CachedClass.java
@@ -52,11 +52,6 @@ public class CachedClass {
private static ReferenceBundle softBundle =
ReferenceBundle.getSoftBundle();
- @SuppressWarnings("removal") // TODO: perform the action as not privileged
- private static <T> T doPrivileged(java.security.PrivilegedAction<T>
action) {
- return java.security.AccessController.doPrivileged(action);
- }
-
private static <M extends AccessibleObject & Member> boolean
isAccessibleOrCanSetAccessible(M m) {
final int modifiers = m.getModifiers();
final Class<?> declaringClass = m.getDeclaringClass();
@@ -74,10 +69,9 @@ public class CachedClass {
@Override
public CachedField[] initValue() {
- return doPrivileged(() ->
Arrays.stream(getTheClass().getDeclaredFields())
+ return Arrays.stream(getTheClass().getDeclaredFields())
.filter(CachedClass::isAccessibleOrCanSetAccessible)
- .map(CachedField::new).toArray(CachedField[]::new)
- );
+ .map(CachedField::new).toArray(CachedField[]::new);
}
};
@@ -86,12 +80,11 @@ public class CachedClass {
@Override
public CachedConstructor[] initValue() {
- return doPrivileged(() ->
Arrays.stream(getTheClass().getDeclaredConstructors())
+ return Arrays.stream(getTheClass().getDeclaredConstructors())
.filter(c -> !c.isSynthetic()) // GROOVY-9245: exclude inner
class ctors
.filter(CachedClass::isAccessibleOrCanSetAccessible)
.map(c -> new CachedConstructor(CachedClass.this, c))
- .toArray(CachedConstructor[]::new)
- );
+ .toArray(CachedConstructor[]::new);
}
};
@@ -100,16 +93,15 @@ public class CachedClass {
@Override
public CachedMethod[] initValue() {
- CachedMethod[] declaredMethods = doPrivileged(() -> {
- try {
- return Arrays.stream(getTheClass().getDeclaredMethods())
- .filter(CachedClass::isAccessibleOrCanSetAccessible)
- .map(m -> new CachedMethod(CachedClass.this, m))
- .toArray(CachedMethod[]::new);
- } catch (LinkageError e) {
- return CachedMethod.EMPTY_ARRAY;
- }
- });
+ CachedMethod[] declaredMethods;
+ try {
+ declaredMethods =
Arrays.stream(getTheClass().getDeclaredMethods())
+ .filter(CachedClass::isAccessibleOrCanSetAccessible)
+ .map(m -> new CachedMethod(CachedClass.this, m))
+ .toArray(CachedMethod[]::new);
+ } catch (LinkageError e) {
+ declaredMethods = CachedMethod.EMPTY_ARRAY;
+ }
List<CachedMethod> methods = new
ArrayList<>(declaredMethods.length);
List<CachedMethod> mopMethods = new
ArrayList<>(declaredMethods.length);
@@ -142,7 +134,7 @@ public class CachedClass {
@Override
public CallSiteClassLoader initValue() {
- return doPrivileged(() -> new
CallSiteClassLoader(CachedClass.this.cachedClass));
+ return new CallSiteClassLoader(CachedClass.this.cachedClass);
}
};
diff --git a/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java
b/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java
index f85d87627f..23d766cf80 100644
--- a/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java
+++ b/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java
@@ -54,7 +54,6 @@ import org.codehaus.groovy.vmplugin.VMPluginFactory;
import java.lang.ref.WeakReference;
import java.math.BigDecimal;
import java.math.BigInteger;
-import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.atomic.AtomicInteger;
@@ -448,9 +447,8 @@ public class ClassInfo implements Finalizable {
}
@Override
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
public ClassLoaderForClassArtifacts initValue() {
- return
java.security.AccessController.doPrivileged((PrivilegedAction<ClassLoaderForClassArtifacts>)
() -> new ClassLoaderForClassArtifacts(info.classRef.get()));
+ return new ClassLoaderForClassArtifacts(info.classRef.get());
}
}
diff --git
a/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java
b/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java
index 413f28c141..8e34d5c75c 100644
---
a/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java
+++
b/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java
@@ -25,7 +25,6 @@ import org.codehaus.groovy.runtime.callsite.CallSite;
import java.lang.ref.SoftReference;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
-import java.security.PrivilegedAction;
import java.util.concurrent.atomic.AtomicInteger;
public class ClassLoaderForClassArtifacts extends ClassLoader {
@@ -79,8 +78,7 @@ public class ClassLoaderForClassArtifacts extends ClassLoader
{
return null;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
private Class definePrivileged(String name, byte[] bytes) {
- return
java.security.AccessController.doPrivileged((PrivilegedAction<Class>) () ->
define(name, bytes));
+ return define(name, bytes);
}
}
diff --git a/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java
b/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java
index 1c3fd762de..7f3aeb791a 100644
--- a/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java
+++ b/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java
@@ -28,7 +28,6 @@ import java.lang.invoke.MethodType;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Array;
import java.lang.reflect.Method;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -197,9 +196,8 @@ public class ReflectionUtils {
return false;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
public static Optional<AccessibleObject>
makeAccessibleInPrivilegedAction(final AccessibleObject ao) {
- return
java.security.AccessController.doPrivileged((PrivilegedAction<Optional<AccessibleObject>>)
() -> makeAccessible(ao));
+ return makeAccessible(ao);
}
// to be run in PrivilegedAction!
diff --git
a/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java
b/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java
index e8329ab4cf..b145eb8863 100644
---
a/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java
+++
b/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java
@@ -29,7 +29,6 @@ import org.codehaus.groovy.transform.trait.Traits;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
-import java.security.PrivilegedAction;
import java.util.ArrayDeque;
import java.util.Arrays;
import java.util.Collections;
@@ -106,14 +105,9 @@ public class CachedSAMClass extends CachedClass {
return false;
}
- @SuppressWarnings("removal") // TODO: a future Groovy version should
remove the security check
private static Method[] getDeclaredMethods(final Class<?> c) {
- try {
- Method[] methods =
java.security.AccessController.doPrivileged((PrivilegedAction<Method[]>)
c::getDeclaredMethods);
- if (methods != null) return methods;
- } catch (java.security.AccessControlException ace) {
- // swallow and do as if no method is available
- }
+ Method[] methods = c.getDeclaredMethods();
+ if (methods != null) return methods;
return EMPTY_METHOD_ARRAY;
}
diff --git
a/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java
b/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java
index 4bf6e2c747..5327975cad 100644
--- a/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java
+++ b/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java
@@ -278,9 +278,8 @@ public class ProxyGeneratorAdapter extends ClassVisitor {
return traits;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should create
the loader not as a privileged action
private static InnerLoader createInnerLoader(final ClassLoader parent,
final Class<?>[] interfaces) {
- return
java.security.AccessController.doPrivileged((java.security.PrivilegedAction<InnerLoader>)
() -> new InnerLoader(parent, interfaces));
+ return new InnerLoader(parent, interfaces);
}
private InnerLoader findClassLoader(final Class<?> clazz, final Class<?>[]
interfaces) {
diff --git
a/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java
b/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java
index 1db7d5d7f2..b411a5ecdc 100644
--- a/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java
+++ b/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java
@@ -26,7 +26,6 @@ import org.codehaus.groovy.reflection.ClassInfo;
import org.codehaus.groovy.runtime.GroovyCategorySupport;
import org.codehaus.groovy.runtime.InvokerHelper;
-import java.security.PrivilegedAction;
import java.util.stream.IntStream;
public final class CallSiteArray {
@@ -58,14 +57,11 @@ public final class CallSiteArray {
}
private static CallSite createCallStaticSite(CallSite callSite, final
Class receiver, Object[] args) {
- doPrivileged((PrivilegedAction<Void>) () -> {
- try {
- Class.forName(receiver.getName(), true,
receiver.getClassLoader());
- } catch (Exception e) {
- // force <clinit>
- }
- return null;
- });
+ try {
+ Class.forName(receiver.getName(), true, receiver.getClassLoader());
+ } catch (Exception e) {
+ // force <clinit>
+ }
MetaClass metaClass = InvokerHelper.getMetaClass(receiver);
CallSite site =
metaClass instanceof MetaClassImpl
@@ -76,11 +72,6 @@ public final class CallSiteArray {
return site;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static void doPrivileged(PrivilegedAction<Void> action) {
- java.security.AccessController.doPrivileged(action);
- }
-
private static CallSite createCallConstructorSite(CallSite callSite, Class
receiver, Object[] args) {
MetaClass metaClass = InvokerHelper.getMetaClass(receiver);
CallSite site =
diff --git a/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java
b/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java
index fdd3491cca..0e1130ab89 100644
--- a/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java
+++ b/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java
@@ -118,9 +118,8 @@ public class GroovyStarter {
}
}
- @SuppressWarnings("removal") // TODO: a future Groovy version should
perform the operation not as a privileged action
private static ClassLoader getLoader(LoaderConfiguration lc) {
- return
java.security.AccessController.doPrivileged((java.security.PrivilegedAction<ClassLoader>)
() -> new RootLoader(lc));
+ return new RootLoader(lc);
}
private static void exit(Exception e) {
diff --git
a/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java
b/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java
index 9ff312f7bb..86d49ef8ba 100644
--- a/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java
+++ b/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java
@@ -213,10 +213,7 @@ public class JavacJavaCompiler implements JavaCompiler {
|| param.equals("release") || param.equals("-release");
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
private static java.security.CodeSource getCodeSource() {
- return
java.security.AccessController.doPrivileged((java.security.PrivilegedAction<java.security.CodeSource>)
() ->
- GroovyObject.class.getProtectionDomain().getCodeSource()
- );
+ return GroovyObject.class.getProtectionDomain().getCodeSource();
}
}
diff --git a/src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java
b/src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java
index 17e7e21686..99978c8bf1 100644
--- a/src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java
+++ b/src/main/java/org/codehaus/groovy/vmplugin/VMPlugin.java
@@ -148,28 +148,6 @@ public interface VMPlugin {
*/
MetaMethod transformMetaMethod(MetaClass metaClass, MetaMethod metaMethod,
Class<?> caller);
- /**
- * Performs the specified PrivilegedAction with privileges enabled on
platforms
- * which support that capability, otherwise the action is performed
ignoring privileges.
- *
- * @param action the action to be performed
- * @param <T> the type of the value returned by the PrivilegedAction's run
method
- * @return the value returned by the action's run method
- */
- @Deprecated
- <T> T doPrivileged(java.security.PrivilegedAction<T> action);
-
- /**
- * Performs the specified PrivilegedExceptionAction with privileges
enabled on platforms
- * which support that capability, otherwise the action is performed
ignoring privileges.
- *
- * @param action the action to be performed
- * @param <T> the type of the value returned by the PrivilegedAction's run
method
- * @return the value returned by the action's run method
- */
- @Deprecated
- <T> T doPrivileged(java.security.PrivilegedExceptionAction<T> action)
throws java.security.PrivilegedActionException;
-
/**
* transform meta method.
*
diff --git a/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java
b/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java
index 875a184c55..8e8dbe38e1 100644
--- a/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java
+++ b/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java
@@ -39,30 +39,23 @@ public class VMPluginFactory {
private static final VMPlugin PLUGIN = createPlugin();
private static VMPlugin createPlugin() {
- return doPrivileged(() -> {
- ClassLoader loader = VMPluginFactory.class.getClassLoader();
- int specVer = Runtime.version().feature();
- for (Map.Entry<Integer,String> entry : PLUGIN_MAP.entrySet()) {
- if (specVer >= entry.getKey()) {
- String fullName = entry.getValue();
- try {
- return (VMPlugin)
loader.loadClass(fullName).getDeclaredConstructor().newInstance();
- } catch (Throwable t) {
- var log =
java.util.logging.Logger.getLogger(VMPluginFactory.class.getName());
- if (log.isLoggable(java.util.logging.Level.FINE)) {
- log.fine("Trying to create VM plugin `" + fullName
+ "`, but failed:\n" + DefaultGroovyMethods.asString(t));
- }
- return null;
+ ClassLoader loader = VMPluginFactory.class.getClassLoader();
+ int specVer = Runtime.version().feature();
+ for (Map.Entry<Integer,String> entry : PLUGIN_MAP.entrySet()) {
+ if (specVer >= entry.getKey()) {
+ String fullName = entry.getValue();
+ try {
+ return (VMPlugin)
loader.loadClass(fullName).getDeclaredConstructor().newInstance();
+ } catch (Throwable t) {
+ var log =
java.util.logging.Logger.getLogger(VMPluginFactory.class.getName());
+ if (log.isLoggable(java.util.logging.Level.FINE)) {
+ log.fine("Trying to create VM plugin `" + fullName +
"`, but failed:\n" + DefaultGroovyMethods.asString(t));
}
+ return null;
}
}
- return null;
- });
- }
-
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(java.security.PrivilegedAction<T>
action) {
- return java.security.AccessController.doPrivileged(action);
+ }
+ return null;
}
public static VMPlugin getPlugin() {
diff --git a/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java
b/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java
index 826a177b86..d009f6a448 100644
--- a/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java
+++ b/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java
@@ -588,7 +588,7 @@ public class Java8 implements VMPlugin {
return newLookup(receiverClass).unreflectSpecial(method,
receiverClass).bindTo(receiver);
} catch (ReflectiveOperationException e1) {
if (!method.isAccessible()) {
- doPrivilegedInternal(() ->
ReflectionUtils.trySetAccessible(method));
+ ReflectionUtils.trySetAccessible(method);
}
final Class<?> declaringClass = method.getDeclaringClass();
try {
@@ -617,20 +617,4 @@ public class Java8 implements VMPlugin {
throw new IllegalStateException();
}
- @Override
- @Deprecated(since = "4.0.2")
- public <T> T doPrivileged(final java.security.PrivilegedAction<T> action) {
- throw new UnsupportedOperationException("doPrivileged is no longer
supported");
- }
-
- @Override
- @Deprecated(since = "4.0.2")
- public <T> T doPrivileged(final java.security.PrivilegedExceptionAction<T>
action) {
- throw new UnsupportedOperationException("doPrivileged is no longer
supported");
- }
-
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivilegedInternal(final
java.security.PrivilegedAction<T> action) {
- return java.security.AccessController.doPrivileged(action);
- }
}
diff --git a/src/test/groovy/gls/innerClass/InnerClassTest.groovy
b/src/test/groovy/gls/innerClass/InnerClassTest.groovy
index e56c4f9362..9e8bbd73bb 100644
--- a/src/test/groovy/gls/innerClass/InnerClassTest.groovy
+++ b/src/test/groovy/gls/innerClass/InnerClassTest.groovy
@@ -2148,27 +2148,18 @@ final class InnerClassTest {
@Test
void testThisReferenceForAICInOpenBlock() {
assertScript '''
- import java.security.AccessController
- import java.security.PrivilegedAction
-
static void injectVariables(final def instance, def variables) {
instance.class.declaredFields.each { field ->
if (variables[field.name]) {
- AccessController.doPrivileged(new PrivilegedAction() {
- @Override
- Object run() {
- boolean wasAccessible = field.isAccessible()
- try {
- field.accessible = true
- field.set(instance, variables[field.name])
- return null; // return nothing...
- } catch (IllegalArgumentException |
IllegalAccessException ex) {
- throw new IllegalStateException("Cannot
set field: " + field, ex)
- } finally {
- field.accessible = wasAccessible
- }
- }
- })
+ boolean wasAccessible = field.isAccessible()
+ try {
+ field.accessible = true
+ field.set(instance, variables[field.name])
+ } catch (IllegalArgumentException |
IllegalAccessException ex) {
+ throw new IllegalStateException("Cannot set field:
" + field, ex)
+ } finally {
+ field.accessible = wasAccessible
+ }
}
}
}
diff --git a/src/test/groovy/groovy/security/SecurityTest.java
b/src/test/groovy/groovy/security/SecurityTest.java
deleted file mode 100644
index fb7067e901..0000000000
--- a/src/test/groovy/groovy/security/SecurityTest.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package groovy.security;
-
-import groovy.lang.GroovyCodeSource;
-import org.codehaus.groovy.control.CompilationFailedException;
-import org.junit.Ignore;
-
-import java.io.File;
-import java.io.IOException;
-import java.net.URL;
-import java.security.PrivilegedAction;
-import java.security.Security;
-import java.util.PropertyPermission;
-
-/**
- * Test the effects of enabling security in Groovy. Some tests below check
for proper framework
- * behavior (e.g. ensuring that GroovyCodeSources may only be created for
which proper permissions exist).
- * Other tests run .groovy scripts under a secure environment and ensure that
the proper permissions
- * are required for success.
- */
-@Ignore(value="Test doesn't work well when user home is changed, but we need
to do it to make sure tests run in isolation")
-public class SecurityTest extends SecurityTestSupport {
-
- public void testForbiddenProperty() {
- String script = "System.getProperty(\"user.home\")";
- assertExecute(script, null, new PropertyPermission("user.home",
"read"));
- }
-
- public void testForbiddenPackage() {
- String script = "import sun.net.*; s = new NetworkClient()";
- assertExecute(script, "/groovy/security/testForbiddenPackage", new
RuntimePermission("accessClassInPackage.sun.*"));
- }
-
- public void testForbiddenCodebase() {
- assertExecute(new
File("src/test/groovy/security/forbiddenCodeBase.gvy"), new
GroovyCodeSourcePermission("/groovy/security/forbiddenCodeBase"));
- }
-
- public void testForbiddenCodebaseWithActions() {
- assertExecute(new
File("src/test/groovy/security/forbiddenCodeBase.gvy"), new
GroovyCodeSourcePermission("/groovy/security/forbiddenCodeBase", "unused
actions string"));
- }
-
- //Check that the Security package.access control works.
- public void testPackageAccess() {
- String script = "new javax.print.PrintException();";
- // Use our privileged access in order to prevent checks lower in the
call stack. Otherwise we would have
- // to grant access to IDE unit test runners and unit test libs. We
only care about testing the call stack
- // higher upstream from this point of execution.
- doPrivileged((PrivilegedAction<Void>) () -> {
- Security.setProperty("package.access", "javax.print");
- return null;
- });
- //This should throw an ACE because its codeBase does not allow access
to javax.print
- assertExecute(script, "/groovy/security/javax/print/deny", new
RuntimePermission("accessClassInPackage.javax.print"));
- //This should not throw an ACE because groovy.policy grants the
codeBase access to javax.print
- assertExecute(script, "/groovy/security/javax/print/allow", null);
- }
-
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(PrivilegedAction<T> action) {
- return java.security.AccessController.doPrivileged(action);
- }
-
- public void testBadScriptNameBug() {
- assertExecute(new
File("src/test/groovy/bugs/BadScriptNameBug.groovy"), null);
- }
-
- public void testClosureMethodTest() {
- assertExecute(new File("src/test/groovy/ClosureMethodTest.groovy"),
null);
- }
-
- public void testClosureWithDefaultParamTest() {
- assertExecute(new
File("src/test/groovy/ClosureWithDefaultParamTest.groovy"), null);
- }
-
- public void testScriptTest() {
- assertExecute(new File("src/test/groovy/script/ScriptTest.groovy"),
null);
- }
-
- public void testConstructorBug() {
- assertExecute(new File("src/test/groovy/bugs/ConstructorBug.groovy"),
null);
- }
-
- //Mailing list post by Richard Hensley reporting a CodeSource bug. A
GroovyCodeSource created
- //with a URL was causing an NPE.
- public void testCodeSource() throws IOException,
CompilationFailedException {
- URL script = loader.getResource("groovy/ArrayTest.groovy");
- try {
- new GroovyCodeSource(script);
- } catch (RuntimeException re) {
- assertEquals("Could not construct a GroovyCodeSource from a null
URL", re.getMessage());
- }
- }
-
-}
diff --git a/src/test/groovy/groovy/security/SecurityTestSupport.java
b/src/test/groovy/groovy/security/SecurityTestSupport.java
deleted file mode 100644
index ef78c8a260..0000000000
--- a/src/test/groovy/groovy/security/SecurityTestSupport.java
+++ /dev/null
@@ -1,310 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package groovy.security;
-
-import groovy.lang.Binding;
-import groovy.lang.GroovyClassLoader;
-import groovy.lang.GroovyCodeSource;
-import groovy.lang.Script;
-import groovy.test.GroovyTestCase;
-import junit.framework.TestCase;
-import junit.framework.TestFailure;
-import junit.framework.TestResult;
-import junit.framework.TestSuite;
-import junit.textui.ResultPrinter;
-import org.codehaus.groovy.runtime.InvokerHelper;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.security.Permission;
-import java.security.PrivilegedAction;
-import java.util.Enumeration;
-
-public abstract class SecurityTestSupport extends GroovyTestCase {
- private static final String POLICY_FILE = "security/groovy.policy";
- private static int counter = 0;
- private static boolean securityDisabled;
- private static boolean securityAvailable;
- private static boolean securityChecked = false;
-
- static {
- if (System.getProperty("groovy.security.disabled") != null) {
- securityAvailable = false;
- securityDisabled = true;
- } else {
- securityDisabled = false;
- File file = new File(POLICY_FILE);
- if (file.exists()) {
- System.out.println("Using policy file = " +
file.getAbsolutePath());
- securityAvailable = true;
- resetSecurityPolicy("=" + file);
- } else {
- securityAvailable = false;
- }
- }
- }
-
- public static boolean isSecurityAvailable() {
- return securityAvailable;
- }
-
- public static boolean isSecurityDisabled() {
- return securityDisabled;
- }
-
- @SuppressWarnings("removal") // TODO a future Groovy version should remove
this method
- public static void resetSecurityPolicy(String policyFileURL) {
- System.setProperty("java.security.policy", policyFileURL);
- java.security.Policy.getPolicy().refresh();
- }
-
- protected class SecurityTestResultPrinter extends ResultPrinter {
-
- public SecurityTestResultPrinter(PrintStream stream) {
- super(stream);
- }
-
- public void print(TestResult result) {
- getWriter().println("Security testing on a groovy test failed:");
- printErrors(result);
- printFailures(result);
- printFooter(result);
- }
- }
-
- protected GroovyClassLoader loader =
doPrivileged((PrivilegedAction<GroovyClassLoader>) () ->
- new GroovyClassLoader(SecurityTestSupport.class.getClassLoader()));
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager
- private SecurityManager securityManager;
- private ClassLoader currentClassLoader;
-
- public SecurityTestSupport() {
- }
-
- /*
- * Check SecuritySupport to see if security is properly configured. If
not, fail the first
- * test that runs. All remaining tests will run, but not do any security
checking.
- */
- private boolean checkSecurity() {
- if (!securityChecked) {
- securityChecked = true;
- if (!isSecurityAvailable()) {
- fail("Security is not available - skipping security tests.
Ensure that "
- + POLICY_FILE + " is available from the current
execution directory.");
- }
- }
- return isSecurityAvailable();
- }
-
- //Prepare for each security test. First, check to see if groovy.lib can
be determined via
- //a call to checkSecurity(). If not, fail() the first test. Establish a
security manager
- //and make the GroovyClassLoader the initiating class loader (ala
GroovyShell) to compile AND
- //invoke the test scripts. This handles cases where multiple .groovy
scripts are involved in a
- //test case: a.groovy depends on b.groovy; a.groovy is parsed (and in the
process the gcl
- //loads b.groovy via findClass). Note that b.groovy is only available in
the groovy class loader.
- //See
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager
- protected void setUp() {
- if (checkSecurity()) {
- securityManager = System.getSecurityManager();
- if (securityManager == null) {
- System.setSecurityManager(new SecurityManager());
- }
- }
- currentClassLoader = Thread.currentThread().getContextClassLoader();
- doPrivileged((PrivilegedAction) () -> {
- Thread.currentThread().setUncaughtExceptionHandler(new
Thread.UncaughtExceptionHandler() {
- @Override
- public void uncaughtException(Thread t, Throwable e) {
- e.printStackTrace();
- }
- });
- Thread.currentThread().setContextClassLoader(loader);
- return null;
- });
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager
- protected void tearDown() {
- doPrivileged((PrivilegedAction) () -> {
- System.setSecurityManager(securityManager);
- Thread.currentThread().setContextClassLoader(currentClassLoader);
- return null;
- });
- }
-
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(PrivilegedAction<T> action) {
- return java.security.AccessController.doPrivileged(action);
- }
-
- protected synchronized String generateClassName() {
- return "testSecurity" + (++counter);
- }
-
- /*
- * Execute the groovy script contained in file. If missingPermission
- * is non-null, then this invocation expects an AccessControlException
with missingPermission
- * as the reason. If missingPermission is null, the script is expected
to execute successfully.
- */
- protected Class parseClass(File file) {
- GroovyCodeSource gcs = null;
- try {
- gcs = new GroovyCodeSource(file);
- } catch (IOException fnfe) {
- fail(fnfe.toString());
- }
- return parseClass(gcs);
- }
-
- /*
- * Parse the Groovy code contained in the GroovyCodeSource as a privileged
operation (i.e. do not
- * require the code source to have specific compile time permissions) and
return the resulting class.
- */
- protected Class parseClass(final GroovyCodeSource gcs) {
- Class clazz = null;
- try {
- clazz = loader.parseClass(gcs);
- } catch (Exception e) {
- fail(e.toString());
- }
- return clazz;
- }
-
- /*
- * Parse the script contained in the GroovyCodeSource as a privileged
operation (i.e. do not
- * require the code source to have specific compile time permissions).
If the class produced is a
- * TestCase, run the test in a suite and evaluate against the
missingPermission.
- * Otherwise, run the class as a groovy script and evaluate against the
missingPermission.
- */
- private void parseAndExecute(final GroovyCodeSource gcs, Permission
missingPermission) {
- Class clazz = null;
- try {
- clazz = loader.parseClass(gcs);
- } catch (Exception e) {
- fail(e.toString());
- }
- if (TestCase.class.isAssignableFrom(clazz)) {
- executeTest(clazz, missingPermission);
- } else {
- executeScript(clazz, missingPermission);
- }
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
AccessControlException
- protected void executeTest(Class test, Permission missingPermission) {
- TestSuite suite = new TestSuite();
- suite.addTestSuite(test);
- TestResult result = new TestResult();
- suite.run(result);
- if (result.wasSuccessful()) {
- if (missingPermission == null) {
- return;
- } else {
- fail("Security test expected an AccessControlException on " +
missingPermission + ", but did not receive one");
- }
- } else {
- if (missingPermission == null) {
- new SecurityTestResultPrinter(System.out).print(result);
- fail("Security test was expected to run successfully, but
failed (results on System.out)");
- } else {
- //There may be more than 1 failure: iterate to ensure that
they all match the missingPermission.
- boolean otherFailure = false;
- for (Enumeration e = result.errors(); e.hasMoreElements();) {
- TestFailure failure = (TestFailure) e.nextElement();
- if (failure.thrownException() instanceof
java.security.AccessControlException) {
- java.security.AccessControlException ace =
(java.security.AccessControlException) failure.thrownException();
- if (missingPermission.implies(ace.getPermission())) {
- continue;
- }
- }
- otherFailure = true;
- break;
- }
- if (otherFailure) {
- new SecurityTestResultPrinter(System.out).print(result);
- fail("Security test expected an AccessControlException on
" + missingPermission + ", but failed for other reasons (results on
System.out)");
- }
- }
- }
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
AccessControlException
- protected void executeScript(Class scriptClass, Permission
missingPermission) {
- try {
- Script script = InvokerHelper.createScript(scriptClass, new
Binding());
- script.run();
- //InvokerHelper.runScript(scriptClass, null);
- } catch (java.security.AccessControlException ace) {
- if (missingPermission != null &&
missingPermission.implies(ace.getPermission())) {
- return;
- } else {
- fail(ace.toString());
- }
- }
- if (missingPermission != null) {
- fail("Should catch an AccessControlException");
- }
- }
-
- /*
- * Execute the groovy script contained in file. If missingPermission
- * is non-null, then this invocation expects an AccessControlException
with missingPermission
- * as the reason. If missingPermission is null, the script is expected
to execute successfully.
- */
- protected void assertExecute(final File file, final Permission
missingPermission) {
- if (!isSecurityAvailable()) {
- return;
- }
- // Use our privileged access in order to prevent checks lower in the
call stack. Otherwise we would have
- // to grant access to IDE unit test runners and unit test libs. We
only care about testing the call stack
- // higher upstream from this point of execution.
- doPrivileged((PrivilegedAction<Void>) () -> {
- GroovyCodeSource gcs = null;
- try {
- gcs = new GroovyCodeSource(file);
- } catch (IOException fnfe) {
- fail(fnfe.toString());
- }
- parseAndExecute(gcs, missingPermission);
- return null;
- });
- }
-
- /*
- * Execute the script represented by scriptStr using the supplied
codebase. If missingPermission
- * is non-null, then this invocation expects an AccessControlException
with missingPermission
- * as the reason. If missingPermission is null, the script is expected
to execute successfully.
- */
- protected void assertExecute(final String scriptStr, String codeBase,
final Permission missingPermission) {
- if (!isSecurityAvailable()) {
- return;
- }
- final String effectiveCodeBase = (codeBase != null) ? codeBase :
"/groovy/security/test";
- // Use our privileged access in order to prevent checks lower in the
call stack. Otherwise we would have
- // to grant access to IDE unit test runners and unit test libs. We
only care about testing the call stack
- // higher upstream from this point of execution.
- doPrivileged((PrivilegedAction<Void>) () -> {
- parseAndExecute(new GroovyCodeSource(scriptStr,
generateClassName(), effectiveCodeBase), missingPermission);
- return null;
- });
- }
-}
diff --git a/src/test/groovy/groovy/security/forbiddenCodeBase.gvy
b/src/test/groovy/groovy/security/forbiddenCodeBase.gvy
deleted file mode 100644
index 9265c4e685..0000000000
--- a/src/test/groovy/groovy/security/forbiddenCodeBase.gvy
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-// Groovy script to be read as a file to test the file based codesource
features of groovy security.
-// The file extension of .gvy is used to prevent this script from being
treated as a groovy script in the build.
-new GroovyShell().evaluate("1+2", "forbiddenCodeBaseTest",
"/groovy/security/forbiddenCodeBase");
diff --git a/src/test/groovy/org/apache/groovy/parser/antlr4/TestUtils.groovy
b/src/test/groovy/org/apache/groovy/parser/antlr4/TestUtils.groovy
index 2b3b3db6cc..8056ffb57c 100644
--- a/src/test/groovy/org/apache/groovy/parser/antlr4/TestUtils.groovy
+++ b/src/test/groovy/org/apache/groovy/parser/antlr4/TestUtils.groovy
@@ -47,8 +47,6 @@ package org.apache.groovy.parser.antlr4
import org.codehaus.groovy.control.SourceUnit
import org.codehaus.groovy.syntax.Token
- import java.security.AccessController
- import java.security.PrivilegedAction
import java.util.logging.Level
import java.util.zip.ZipEntry
import java.util.zip.ZipFile
@@ -225,9 +223,7 @@ final class TestUtils {
}
private static ModuleNode buildAST(File sourceFile, CompilerConfiguration
config) {
- def loader = AccessController.doPrivileged({ ->
- new GroovyClassLoader()
- } as PrivilegedAction<GroovyClassLoader>)
+ def loader = new GroovyClassLoader()
try {
new SourceUnit(sourceFile, config, loader, null).with {
@@ -245,9 +241,7 @@ final class TestUtils {
}
private static ModuleNode buildAST(String sourceText,
CompilerConfiguration config) {
- def loader = AccessController.doPrivileged({ ->
- new GroovyClassLoader()
- } as PrivilegedAction<GroovyClassLoader>)
+ def loader = new GroovyClassLoader()
try {
ParserPlugin.buildAST(sourceText, config, loader, null)
diff --git a/src/test/groovy/org/codehaus/groovy/reflection/SecurityTest.java
b/src/test/groovy/org/codehaus/groovy/reflection/SecurityTest.java
deleted file mode 100644
index 2f0e8ce370..0000000000
--- a/src/test/groovy/org/codehaus/groovy/reflection/SecurityTest.java
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.codehaus.groovy.reflection;
-
-import groovy.lang.GroovyObjectSupport;
-import groovy.test.GroovyTestCase;
-import org.codehaus.groovy.runtime.InvokerInvocationException;
-import org.codehaus.groovy.vmplugin.VMPluginFactory;
-
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
-import java.lang.reflect.ReflectPermission;
-import java.nio.ByteBuffer;
-import java.security.Permission;
-import java.security.Permissions;
-import java.security.ProtectionDomain;
-
-import static groovy.test.GroovyAssert.isAtLeastJdk;
-
-public class SecurityTest extends GroovyTestCase {
-
- private final boolean skip = Runtime.version().feature() >= 24;
-
- @SuppressWarnings("unused")
- public class TestClass{
- public String publicField;
- protected String protectedField;
- String packagePrivateField;
- private String privateField;
-
- private boolean methodCalled = false;
-
- public void publicMethod() {
- privateMethod();
- }
-
- private void privateMethod() {
- methodCalled = true;
- }
-
- void packagePrivateMethod() {
- privateMethod();
- }
-
- void protectedMethod() {
- privateMethod();
- }
-
- public boolean isMethodCalled() {
- return methodCalled;
- }
- }
-
- @SuppressWarnings("unused")
- public class TestGroovyClass extends GroovyObjectSupport{
- private String privateField;
- private boolean methodCalled = false;
- private void privateMethod() {
- methodCalled = true;
- }
- public boolean isMethodCalled() {
- return methodCalled;
- }
- }
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager
- SecurityManager restrictiveSecurityManager;
- CachedMethod cachedMethodUnderTest;
- CachedField cachedFieldUnderTest;
- Permissions forbidden;
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager & AccessControlException
- public void setUp() {
- if (skip) return;
- // Forbidding suppressAccessChecks in the test will make the internal
implementation of some JDK fail,
- // so load vm plugin before security manager is installed:
- /*
- * Caused by: java.security.AccessControlException:
suppressAccessChecks
- * at
org.codehaus.groovy.reflection.SecurityTest$1.checkPermission(SecurityTest.java:92)
- * at
java.base/java.lang.reflect.AccessibleObject.checkPermission(AccessibleObject.java:83)
- * at
java.base/java.lang.reflect.Constructor.setAccessible(Constructor.java:180)
- * at
java.base/java.lang.invoke.InnerClassLambdaMetafactory$1.run(InnerClassLambdaMetafactory.java:207)
- * at
java.base/java.lang.invoke.InnerClassLambdaMetafactory$1.run(InnerClassLambdaMetafactory.java:200)
- * at
java.base/java.security.AccessController.doPrivileged(Native Method)
- * at
java.base/java.lang.invoke.InnerClassLambdaMetafactory.buildCallSite(InnerClassLambdaMetafactory.java:199)
- * at
java.base/java.lang.invoke.LambdaMetafactory.metafactory(LambdaMetafactory.java:329)
- * at
java.base/java.lang.invoke.BootstrapMethodInvoker.invoke(BootstrapMethodInvoker.java:127)
- */
- VMPluginFactory.getPlugin();
- // ReflectionUtils initializes StackWalker, which can trigger
reflective access checks.
- // Warm it up before the restrictive manager is active.
- ReflectionUtils.getCallingClass();
-
- forbidden = new Permissions();
- forbidden.add(new ReflectPermission("suppressAccessChecks"));
- restrictiveSecurityManager = new SecurityManager() {
-
- @Override
- public void checkPermission(Permission perm) {
- if (forbidden.implies(perm))
- throw new
java.security.AccessControlException(perm.getName());
- }
- };
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void tearDown(){
- if (skip) return;
- System.setSecurityManager(null);
- }
-
- private CachedMethod createCachedMethod(String name) throws Exception {
- return createCachedMethod(TestClass.class, name);
- }
-
- private CachedMethod createCachedMethod(Class<?> cachedClass, String
methodName, Class... parameters) throws NoSuchMethodException {
- Method method = cachedClass.getDeclaredMethod(methodName, parameters);
- method.setAccessible(true);
- return new CachedMethod(null, method);
- }
-
- private boolean invokesCachedMethod() {
- TestClass object = new TestClass();
- cachedMethodUnderTest.invoke(object, new Object[]{});
- return object.isMethodCalled();
- }
-
- private CachedField createCachedField(String name) throws Exception {
- Field field = TestClass.class.getDeclaredField(name);
- field.setAccessible(true);
- return new CachedField(field);
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testInvokesPublicMethodsWithoutChecks() throws Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedMethodUnderTest = createCachedMethod("publicMethod");
- System.setSecurityManager(restrictiveSecurityManager);
- assertTrue(invokesCachedMethod());
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testReturnsAccesiblePublicMethodsWithoutChecks() throws
Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedMethodUnderTest = createCachedMethod("publicMethod");
- System.setSecurityManager(restrictiveSecurityManager);
- assertEquals("publicMethod",
cachedMethodUnderTest.setAccessible().getName());
- assertEquals("publicMethod", cachedMethodUnderTest.getName());
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testAccessesPublicFieldsWithoutChecks() throws Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedFieldUnderTest = createCachedField("publicField");
- System.setSecurityManager(restrictiveSecurityManager);
- TestClass object = new TestClass();
- cachedFieldUnderTest.setProperty(object, "value");
- assertEquals("value", cachedFieldUnderTest.getProperty(object));
- }
-
- public void testInvokesPrivateMethodsWithoutSecurityManager() throws
Exception{
- cachedMethodUnderTest = createCachedMethod("privateMethod");
- assertTrue(invokesCachedMethod());
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testAccessesPrivateFieldsWithoutSecurityManager() throws
Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedFieldUnderTest = createCachedField("privateField");
- System.setSecurityManager(null);
- TestClass object = new TestClass();
- cachedFieldUnderTest.setProperty(object, "value");
- assertEquals("value", cachedFieldUnderTest.getProperty(object));
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testReturnsAccesiblePrivateMethodsWithoutSecurityManager()
throws Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedMethodUnderTest = createCachedMethod("privateMethod");
- System.setSecurityManager(null);
- assertEquals("privateMethod",
cachedMethodUnderTest.setAccessible().getName());
- assertEquals("privateMethod", cachedMethodUnderTest.getName());
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testChecksReflectPermissionForInvokeOnPrivateMethods() throws
Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedMethodUnderTest = createCachedMethod("privateMethod");
- System.setSecurityManager(restrictiveSecurityManager);
- try {
- invokesCachedMethod();
- fail();
- }
- catch (InvokerInvocationException e) {
- assertEquals(CacheAccessControlException.class,
e.getCause().getClass());
- }
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testChecksReflectPermissionForFieldAccessOnPrivateFields()
throws Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedFieldUnderTest = createCachedField("privateField");
- System.setSecurityManager(restrictiveSecurityManager);
- TestClass object = new TestClass();
- try {
- cachedFieldUnderTest.setProperty(object, "value");
- fail();
- }
- catch (CacheAccessControlException e) {
- }
-
- try {
- cachedFieldUnderTest.getProperty(object);
- fail();
- }
- catch (CacheAccessControlException e) {
- }
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testChecksReflectPermissionForMethodAccessOnPrivateMethods()
throws Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedMethodUnderTest = createCachedMethod("privateMethod");
- System.setSecurityManager(restrictiveSecurityManager);
- try {
- cachedMethodUnderTest.setAccessible();
- fail();
- }
- catch (CacheAccessControlException e) {
- }
-
- try {
- cachedMethodUnderTest.getCachedMethod();
- fail();
- }
- catch (CacheAccessControlException e) {
- }
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void
testInvokesPackagePrivateMethodsWithoutChecksInNonRestrictedPackages() throws
Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedMethodUnderTest = createCachedMethod("packagePrivateMethod");
- System.setSecurityManager(restrictiveSecurityManager);
- assertTrue(invokesCachedMethod());
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK9+
- public void
testChecksReflectPermissionForInvokeOnPackagePrivateMethodsInRestrictedJavaPackages()
throws Exception {
- // FIX_JDK9 remove this exemption for JDK9
- if (isAtLeastJdk("9.0")) return;
- cachedMethodUnderTest = createCachedMethod(ClassLoader.class,
"getBootstrapClassPath");
- System.setSecurityManager(restrictiveSecurityManager);
-
- try {
- cachedMethodUnderTest.invoke(null, new Object[]{});
- fail();
- }
- catch (InvokerInvocationException e) {
- assertEquals(CacheAccessControlException.class,
e.getCause().getClass());
- }
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testInvokesProtectedMethodsWithoutChecks() throws Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedMethodUnderTest = createCachedMethod("protectedMethod");
- System.setSecurityManager(restrictiveSecurityManager);
- assertTrue(invokesCachedMethod());
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK16+
- public void
testChecksCreateClassLoaderPermissionForClassLoaderProtectedMethodAccess()
throws Exception {
- // Illegal access to
java.lang.ClassLoader.defineClass(java.lang.String,java.nio.ByteBuffer,java.security.ProtectionDomain)
- if (isAtLeastJdk("16.0")) return;
-
- cachedMethodUnderTest = createCachedMethod(ClassLoader.class,
"defineClass", new Class[]{String.class, ByteBuffer.class,
ProtectionDomain.class});
- forbidden = new Permissions();
- forbidden.add(new RuntimePermission("createClassLoader"));
- System.setSecurityManager(restrictiveSecurityManager);
-
- ClassLoader classLoader = getClass().getClassLoader();
-
- try {
- cachedMethodUnderTest.invoke(classLoader, new Object[]{null, null,
null});
- fail();
- }
- catch (InvokerInvocationException e) {
- assertEquals(CacheAccessControlException.class,
e.getCause().getClass());
- }
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testInvokesPrivateMethodsInGroovyObjectsWithoutChecks() throws
Exception {
- if (isAtLeastJdk("18.0")) return;
- cachedMethodUnderTest = createCachedMethod(TestGroovyClass.class,
"privateMethod");
- TestGroovyClass object = new TestGroovyClass();
- System.setSecurityManager(restrictiveSecurityManager);
- cachedMethodUnderTest.invoke(object, new Object[]{});
- assertTrue(object.isMethodCalled());
- }
-
- @SuppressWarnings("removal") // TODO in a future Groovy version remove
reference to SecurityManager, for now not run for JDK18+
- public void testAccessesPrivateFieldsInGroovyObjectsWithoutChecks() throws
Exception {
- if (isAtLeastJdk("18.0")) return;
- Field field = TestGroovyClass.class.getDeclaredField("privateField");
- field.setAccessible(true);
- cachedFieldUnderTest = new CachedField(field);
- TestGroovyClass object = new TestGroovyClass();
- System.setSecurityManager(restrictiveSecurityManager);
- cachedFieldUnderTest.setProperty(object, "value");
- assertEquals("value", cachedFieldUnderTest.getProperty(object));
- }
-}
diff --git
a/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java
b/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java
index 0f44cffa2c..d02a1e2d85 100644
--- a/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java
+++ b/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java
@@ -66,24 +66,24 @@ public abstract class TestSupport {
.append(id, 24, 36)
.append(".groovy")
.toString();
- Class<?> scriptClass = loader.parseClass(doPrivileged(() ->
+ Class<?> scriptClass = loader.parseClass(
new GroovyCodeSource(scriptText, scriptName, "/groovy/testSupport")
- ));
+ );
Script script = InvokerHelper.createScript(scriptClass, new Binding());
script.run();
}
protected final void assertScriptFile(String fileName) throws Exception {
- Class<?> scriptClass = loader.parseClass(doPrivileged(() ->
- new GroovyCodeSource(new File(fileName)))
+ Class<?> scriptClass = loader.parseClass(
+ new GroovyCodeSource(new File(fileName))
);
Script script = InvokerHelper.createScript(scriptClass, new Binding());
script.run();
}
protected final GroovyObject compile (String fileName) throws Exception {
- Class<?> groovyClass = loader.parseClass(doPrivileged(() ->
- new GroovyCodeSource(new File(fileName)))
+ Class<?> groovyClass = loader.parseClass(
+ new GroovyCodeSource(new File(fileName))
);
GroovyObject groovyObject = (GroovyObject)
groovyClass.getDeclaredConstructor().newInstance();
assertNotNull(groovyObject);
@@ -130,7 +130,7 @@ public abstract class TestSupport {
@BeforeEach
void setUpTestCase() throws Exception {
ClassLoader parentLoader = getClass().getClassLoader();
- loader = doPrivileged(() -> new GroovyClassLoader(parentLoader));
+ loader = new GroovyClassLoader(parentLoader);
}
@AfterEach
@@ -168,9 +168,4 @@ public abstract class TestSupport {
return null;
}
}
-
- @SuppressWarnings("removal") // TODO: a future Groovy version should
perform the operation not as a privileged action
- private static <T> T
doPrivileged(java.security.PrivilegedExceptionAction<T> action) throws
Exception {
- return java.security.AccessController.doPrivileged(action);
- }
}
diff --git
a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java
b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java
index f88d4b7c36..bbc40a73ed 100644
---
a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java
+++
b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java
@@ -30,7 +30,6 @@ import org.codehaus.groovy.tools.ErrorReporter;
import java.io.File;
import java.io.PrintWriter;
import java.io.Writer;
-import java.security.PrivilegedAction;
/**
* Support for compilation related tasks.
@@ -134,9 +133,7 @@ public abstract class CompileTaskSupport
}
protected GroovyClassLoader createClassLoader() {
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- GroovyClassLoader gcl =
java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>)
() ->
- new GroovyClassLoader(ClassLoader.getSystemClassLoader(),
config));
+ GroovyClassLoader gcl = new
GroovyClassLoader(ClassLoader.getSystemClassLoader(), config);
Path path = getClasspath();
if (path != null) {
@@ -177,4 +174,4 @@ public abstract class CompileTaskSupport
}
protected abstract void compile() throws Exception;
-}
\ No newline at end of file
+}
diff --git
a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java
b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java
index d006256ec4..3a7eb01a86 100644
--- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java
+++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java
@@ -62,7 +62,6 @@ import java.io.Writer;
import java.lang.reflect.Field;
import java.nio.charset.Charset;
import java.nio.file.Files;
-import java.security.PrivilegedAction;
import java.util.List;
import java.util.Vector;
@@ -561,9 +560,7 @@ public class Groovy extends Java {
}
final String scriptName = computeScriptName();
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- final GroovyClassLoader classLoader =
java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>)
() ->
- new GroovyClassLoader(baseClassLoader));
+ final GroovyClassLoader classLoader = new
GroovyClassLoader(baseClassLoader);
addClassPathes(classLoader);
configureCompiler();
final GroovyShell groovy = new GroovyShell(classLoader, new Binding(),
configuration);
diff --git
a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java
b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java
index 9c8a4eddcb..7c04b4c335 100644
--- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java
+++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java
@@ -51,7 +51,6 @@ import java.io.PrintWriter;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -1422,9 +1421,7 @@ public class Groovyc extends MatchingTask {
}
}
- @SuppressWarnings("removal") // TODO: a future Groovy version should
perform the operation not as a privileged action
- GroovyClassLoader groovyLoader =
java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>)
() ->
- new GroovyClassLoader(loader, configuration));
+ GroovyClassLoader groovyLoader = new GroovyClassLoader(loader,
configuration);
if (!forceLookupUnnamedFiles) {
// in normal case we don't need to do script lookups
diff --git
a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java
b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java
index c87dbfd0eb..15a05a1a18 100644
---
a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java
+++
b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java
@@ -27,8 +27,6 @@ import org.apache.tools.ant.types.Reference;
import org.codehaus.groovy.tools.LoaderConfiguration;
import org.codehaus.groovy.tools.RootLoader;
-import java.security.PrivilegedAction;
-
/**
* Sets the RootLoader as reference.
* Re-execution of this task will set a new instance of RootLoader for
@@ -88,9 +86,7 @@ public class RootLoaderRef extends MatchingTask {
lc.addFile(s);
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- AntClassLoader loader =
java.security.AccessController.doPrivileged((PrivilegedAction<AntClassLoader>)
() ->
- new AntClassLoader(new RootLoader(lc), true));
+ AntClassLoader loader = new AntClassLoader(new RootLoader(lc), true);
project.addReference(name, loader);
}
diff --git
a/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java
b/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java
index 35b60442b7..0dde8bfaeb 100644
---
a/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java
+++
b/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java
@@ -79,7 +79,6 @@ import java.io.Reader;
import java.io.Writer;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
-import java.security.PrivilegedAction;
/**
* JSR-223 Engine implementation.
@@ -111,14 +110,8 @@ public class GroovyScriptEngineImpl extends
AbstractScriptEngine implements Comp
this(createClassLoader());
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
private static GroovyClassLoader createClassLoader() {
- return java.security.AccessController.doPrivileged(new
PrivilegedAction<GroovyClassLoader>() {
- @Override
- public GroovyClassLoader run() {
- return new GroovyClassLoader(getParentLoader(), new
CompilerConfiguration(CompilerConfiguration.DEFAULT));
- }
- });
+ return new GroovyClassLoader(getParentLoader(), new
CompilerConfiguration(CompilerConfiguration.DEFAULT));
}
public GroovyScriptEngineImpl(GroovyClassLoader classLoader) {
diff --git a/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java
b/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java
index 2cf87875d8..7c92078bdf 100644
--- a/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java
+++ b/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java
@@ -29,7 +29,6 @@ import groovy.transform.stc.SimpleType;
import org.codehaus.groovy.runtime.InvokerHelper;
import javax.sql.DataSource;
-import java.security.PrivilegedExceptionAction;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.DriverManager;
@@ -4412,8 +4411,6 @@ public class Sql implements AutoCloseable {
return useConnection;
}
if (dataSource != null) {
- // Use a doPrivileged here as many different properties need to be
- // read, and the policy shouldn't have to list them all.
Connection con = createConnection(dataSource);
if (cacheStatements || cacheConnection) {
useConnection = con;
@@ -4423,24 +4420,8 @@ public class Sql implements AutoCloseable {
return useConnection;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
private Connection createConnection(DataSource dataSource) throws
SQLException {
- Connection con;
- try {
- con = java.security.AccessController.doPrivileged(new
PrivilegedExceptionAction<>() {
- @Override
- public Connection run() throws SQLException {
- return dataSource.getConnection();
- }
- });
- } catch (java.security.PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof SQLException) {
- throw (SQLException) e;
- } else {
- throw (RuntimeException) e;
- }
- }
+ Connection con = dataSource.getConnection();
return con;
}
diff --git
a/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java
b/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java
index 6cbb268339..159ab9c727 100644
---
a/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java
+++
b/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java
@@ -26,7 +26,6 @@ import org.codehaus.groovy.reflection.ReflectionUtils;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
@@ -71,39 +70,33 @@ public class ClosureTriggerBinding implements
TriggerBinding, SourceBinding {
// create our own local copy of the closure
final Class closureClass = closure.getClass();
- // do in privileged block since we may be looking at private stuff
- Closure closureLocalCopy = doPrivileged(new
PrivilegedAction<Closure>() {
- @Override
- public Closure run() {
- // assume closures have only 1 constructor, of the form
(Object, Reference*)
- Constructor constructor =
closureClass.getConstructors()[0];
- int paramCount = constructor.getParameterTypes().length;
- Object[] args = new Object[paramCount];
- args[0] = delegate;
- for (int i = 1; i < paramCount; i++) {
- args[i] = new Reference<Object>(new BindPathSnooper());
- }
- try {
- boolean acc = isAccessible(constructor);
- ReflectionUtils.trySetAccessible(constructor);
- Closure localCopy = (Closure)
constructor.newInstance(args);
- if (!acc) { constructor.setAccessible(false); }
- localCopy.setResolveStrategy(Closure.DELEGATE_ONLY);
- for (Field f:closureClass.getDeclaredFields()) {
- acc = isAccessible(f);
- ReflectionUtils.trySetAccessible(f);
- if (f.getType() == Reference.class) {
- delegate.fields.put(f.getName(),
- (BindPathSnooper) ((Reference)
f.get(localCopy)).get());
- }
- if (!acc) { f.setAccessible(false); }
- }
- return localCopy;
- } catch (Exception e) {
- throw new RuntimeException("Error snooping closure",
e);
+ // assume closures have only 1 constructor, of the form (Object,
Reference*)
+ Constructor constructor = closureClass.getConstructors()[0];
+ int paramCount = constructor.getParameterTypes().length;
+ Object[] args = new Object[paramCount];
+ args[0] = delegate;
+ for (int i = 1; i < paramCount; i++) {
+ args[i] = new Reference<Object>(new BindPathSnooper());
+ }
+ Closure closureLocalCopy;
+ try {
+ boolean acc = isAccessible(constructor);
+ ReflectionUtils.trySetAccessible(constructor);
+ closureLocalCopy = (Closure) constructor.newInstance(args);
+ if (!acc) { constructor.setAccessible(false); }
+ closureLocalCopy.setResolveStrategy(Closure.DELEGATE_ONLY);
+ for (Field f:closureClass.getDeclaredFields()) {
+ acc = isAccessible(f);
+ ReflectionUtils.trySetAccessible(f);
+ if (f.getType() == Reference.class) {
+ delegate.fields.put(f.getName(),
+ (BindPathSnooper) ((Reference)
f.get(closureLocalCopy)).get());
}
+ if (!acc) { f.setAccessible(false); }
}
- });
+ } catch (Exception e) {
+ throw new RuntimeException("Error snooping closure", e);
+ }
try {
closureLocalCopy.call();
} catch (DeadEndException e) {
@@ -131,12 +124,6 @@ public class ClosureTriggerBinding implements
TriggerBinding, SourceBinding {
return fb;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(PrivilegedAction<T> action) {
- return java.security.AccessController.doPrivileged(action);
- }
-
-
// TODO when JDK9+ is minimum, use canAccess and remove suppression
@SuppressWarnings("deprecation")
private boolean isAccessible(AccessibleObject accessibleObject) {
diff --git
a/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java
b/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java
index 51388fad9e..1a089a7247 100644
---
a/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java
+++
b/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java
@@ -31,7 +31,6 @@ import org.codehaus.groovy.control.CompilationFailedException;
import java.io.IOException;
import java.io.Reader;
import java.lang.reflect.InvocationTargetException;
-import java.security.PrivilegedAction;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
@@ -213,9 +212,8 @@ public class GStringTemplateEngine extends TemplateEngine {
}
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
create the loader not as a privileged action
private GroovyClassLoader createClassLoader(ClassLoader parentLoader) {
- return
java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>)
() -> new GroovyClassLoader(parentLoader));
+ return new GroovyClassLoader(parentLoader);
}
private static void appendCharacter(final char c,
diff --git
a/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java
b/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java
index b21a7b5367..99ba1f7c70 100644
---
a/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java
+++
b/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java
@@ -39,7 +39,6 @@ import java.io.LineNumberReader;
import java.io.Reader;
import java.io.StringReader;
import java.lang.reflect.InvocationTargetException;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -624,9 +623,8 @@ public class StreamingTemplateEngine extends TemplateEngine
{
return result;
}
- @SuppressWarnings("removal") // TODO a future Groovy version should
create the loader not as a privileged action
private GroovyClassLoader createClassLoader(ClassLoader parentLoader) {
- return
java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>)
() -> new GroovyClassLoader(parentLoader));
+ return new GroovyClassLoader(parentLoader);
}
/**
diff --git
a/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java
b/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java
index 9832ee0827..d4c4ce2e48 100644
---
a/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java
+++
b/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java
@@ -43,7 +43,6 @@ import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
-import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.List;
@@ -104,7 +103,7 @@ public class MarkupTemplateEngine extends TemplateEngine {
compilerConfiguration.setBytecodePostprocessor(BytecodeDumper.STANDARD_ERR);
}
- groovyClassLoader = doPrivileged(() -> new
TemplateGroovyClassLoader(parentLoader, compilerConfiguration));
+ groovyClassLoader = new TemplateGroovyClassLoader(parentLoader,
compilerConfiguration);
templateResolver = resolver != null ? resolver : new
DefaultTemplateResolver();
templateResolver.configure(groovyClassLoader, templateConfiguration);
@@ -117,20 +116,7 @@ public class MarkupTemplateEngine extends TemplateEngine {
* @param tplConfig template engine configuration
*/
public MarkupTemplateEngine(final ClassLoader parentLoader, final File
templateDirectory, TemplateConfiguration tplConfig) {
- this(doPrivileged(
- new PrivilegedAction<URLClassLoader>() {
- @Override
- public URLClassLoader run() {
- return new
URLClassLoader(buildURLs(templateDirectory), parentLoader);
- }
- }),
- tplConfig,
- null);
- }
-
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static <T> T doPrivileged(PrivilegedAction<T> action) {
- return java.security.AccessController.doPrivileged(action);
+ this(new URLClassLoader(buildURLs(templateDirectory), parentLoader),
tplConfig, null);
}
private static URL[] buildURLs(final File templateDirectory) {
diff --git
a/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java
b/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java
index bb6b46444b..5c2fa0694c 100644
--- a/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java
+++ b/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java
@@ -29,7 +29,6 @@ import org.codehaus.groovy.control.CompilationFailedException;
import java.io.File;
import java.io.IOException;
-import java.security.PrivilegedAction;
import java.util.List;
import java.util.logging.Logger;
@@ -77,11 +76,7 @@ public class AllTestSuite extends TestSuite {
private static final Logger LOG =
Logger.getLogger(AllTestSuite.class.getName());
private static final ClassLoader JAVA_LOADER =
AllTestSuite.class.getClassLoader();
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- private static final GroovyClassLoader GROOVY_LOADER =
- java.security.AccessController.doPrivileged(
- (PrivilegedAction<GroovyClassLoader>) () -> new
GroovyClassLoader(JAVA_LOADER)
- );
+ private static final GroovyClassLoader GROOVY_LOADER = new
GroovyClassLoader(JAVA_LOADER);
private static final String[] EMPTY_ARGS = new String[]{};
private static IFileNameFinder finder = null;
diff --git
a/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java
b/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java
index bbdf057aa6..93517ef765 100644
--- a/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java
+++ b/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java
@@ -27,7 +27,6 @@ import junit.textui.TestRunner;
import org.apache.groovy.test.ScriptTestAdapter;
import java.io.File;
-import java.security.PrivilegedAction;
/**
* A TestSuite which will run a Groovy unit test case inside any Java IDE
@@ -49,11 +48,7 @@ public class GroovyTestSuite extends TestSuite {
protected static String file = null;
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
- protected final GroovyClassLoader loader =
- java.security.AccessController.doPrivileged(
- (PrivilegedAction<GroovyClassLoader>) () -> new
GroovyClassLoader(GroovyTestSuite.class.getClassLoader())
- );
+ protected final GroovyClassLoader loader = new
GroovyClassLoader(GroovyTestSuite.class.getClassLoader());
public static void main(String[] args) {
if (args.length > 0) {
diff --git
a/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java
b/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java
index b49789d74a..7133c07f6a 100644
--- a/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java
+++ b/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java
@@ -27,17 +27,13 @@ import java.security.PrivilegedExceptionAction;
* Support class for creating XML Factories
*/
public class FactorySupport {
- @SuppressWarnings("removal") // TODO a future Groovy version should
perform the operation not as a privileged action
static Object createFactory(PrivilegedExceptionAction action) throws
ParserConfigurationException {
try {
- return java.security.AccessController.doPrivileged(action);
- } catch (java.security.PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof ParserConfigurationException) {
- throw (ParserConfigurationException) e;
- } else {
- throw new RuntimeException(e);
- }
+ return action.run();
+ } catch (ParserConfigurationException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
}
}
