On Fri, 15 Nov 2024 01:12:34 GMT, Stuart Marks <sma...@openjdk.org> wrote:
> First cut at removal of Security Manager stuff from RMI. > > This covers just about every SM-related case in RMI, except for a bit of > package checking in MarshalInputStream. This will be handled separately. It's > covered by [JDK-8344329](https://bugs.openjdk.org/browse/JDK-8344329). > > Further simplifications could be done in RuntimeUtil and NewThreadAction. > However, those changes started to become somewhat more intrusive than I'd > like for this PR, which is focused on removing security-related stuff. The changes look good to me, with two suggestions below. src/java.rmi/share/classes/sun/rmi/runtime/NewThreadAction.java line 65: > 63: /** > 64: * special child of the system thread group for running tasks that > 65: * may execute user code, so that the security policy for threads in Do we still want to mention `security policy` here? src/java.rmi/share/classes/sun/rmi/server/MarshalInputStream.java line 69: > 67: > 68: /** table to hold sun classes to which access is explicitly permitted > */ > 69: protected static Map<String, Class<?>> permittedSunClasses It looks like `permittedSunClasses` map can be removed alongside to `checkSunClass(String, AccessControlException)` method, since it is only called on [line 198](https://github.com/openjdk/jdk/pull/22129/files#diff-491ee160d740152081c000fc513091e00181c41fd3c423c466fd30448a2a47e6R198): } catch (@SuppressWarnings("removal") AccessControlException e) { return checkSunClass(className, e); ------------- PR Review: https://git.openjdk.org/jdk/pull/22129#pullrequestreview-2443295343 PR Review Comment: https://git.openjdk.org/jdk/pull/22129#discussion_r1847003817 PR Review Comment: https://git.openjdk.org/jdk/pull/22129#discussion_r1847024207
