On Sun, 17 Nov 2024 19:01:24 GMT, Eirik Bjørsnøs <eir...@openjdk.org> wrote:
> Please review this PR which cleans up SecurityManager-related code in > `java.sql` and `java.sql.rowset` modules post JEP-486 > > There are quite a few changes to review, but all relatively straightforward: > > `DriverManager` > * Remove `SecurityManager::checkPermission` calls in the `setLogWriter`, > `setLogStream` and `deregisterDriver` methods > * Remove two now-unused package private SQLPermission constants > * `ensureDriversInitialized` is updated to remove > `AccessController::doPrivileged` when reading a system property and when > initializing drivers > > `CachedRowSetImpl` > * Remove `AccessController::doPrivileged` when getting a `SyncFactory` > instance > * `getObject` is update to remove a call to `ReflectUtil::checkPackageAccess` > > `CachedRowSetWriter` > * A call to `ReflectUtil::checkPackageAccess` is removed. > > `SerialJavaObject` > * `getFields` is updated to remove call to > `ReflectUtil::checkPackageAccess`. `@CallerSensitive` is no longer needed for > this method. > > `SyncFactory` > * `initMapIfNecessary` is updated to remove call to > `AccessController::doPrivileged` when reading system properties and when > reading properties from an input stream > * `getInstance` is updated to remove calls to > `ReflectUtil::checkPackageAccess` > * `setLogger` method is updated to remove call to > `SecurityManager::checkPermission` > * `setJNDIContext` methods are updated to remove call to > `SecurityManager::checkPermission` > > `RowsetProvider` > * Static initializer is updated to call `System::getProperty` directly > * `newFactory` is updated to call `System::getProperty` directly > * `newFactory` is updated to not call `ReflectUtil.checkPackageAccess` > * `getContextClassLoader` is updated to not call > `AccessController::doPrivileged` > * `getFactoryClass` is updated to not call `ReflectUtil.checkPackageAccess` > * `getSystemProperty` is removed > > > `SQLInputImpl` > * A call to `ReflectUtil::checkPackageAccess` is removed > > `XmlReaderContentHandler::endElement` > * Replace `ReflectUtil.forName` with `Class::forName` > > `TestPolicy.java` in `test/java/sql/testng/util` > * This is now unused and removed > > Ran `test/jdk/java/sql` and `test/jdk/javax/sql` tests locally. GHA results > pending. I think Brent and/or Lance have been working on this already. If you are taking this, can you remove src/java.sql.rowset/share/classes/com/sun/rowset/internal/XmlReaderContentHandler.java from the patch as it introduces a behavioural change that may require further work. ------------- PR Comment: https://git.openjdk.org/jdk/pull/22185#issuecomment-2482131898
