On Mon, 7 Oct 2024 20:03:49 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
> This PR removes support for running JavaFX applications with the Java > Security Manager. > > The initial work was done in 4 separate commits as follows: > > * Fail fast at startup if the Security Manager is enabled > * Remove `-Djava.security.manager` and all security policy files; delete > `SandboxAppTest` > * Delete remaining tests that depend on the Security Manager; as part of > this, I renamed`CustomSecurityManagerTest` to `StageRobotTest` and removed > all of the tests that depend on the security manager, since the test methods > that don't depend on SM are useful functional tests of a Stage's FullScreen > and AlwaysOnTop mode. > * API spec change to remove mention of security manager (including mention of > throwing SecurityException) > > This PR is both necessary and sufficient to remove support for running with > the Java Security Manager enabled. I have tested this with JDK 23, which > still has SM support (although deprecated for removal), and with a local JDK > built from the > [jdk-sandbox:jep486](https://github.com/openjdk/jdk-sandbox/tree/jep486) > branch, which has the SM disabled. With both JDKs, I can build and run this > PR branch; all tests pass. Attempting to enable the security manager with JDK > 23 will now fail in `<clinit>` of either `LauncherImpl` (called by > `Application.launch`) or `PlatformImpl` (called by `Platform.startup`) with > an informative error message. > > This PR should be integrated prior to the integration of JEP 486, so that we > can continue to run JavaFX tests on JDK 24 after the SM is disabled. > Otherwise they will fail to run with a fatal error launching the JVM (we > currently pass `-Djava.security.manager=allow` when running our tests). > > #### Follow-on work > > I will file additional JBS issues to track follow-up work to cleanup the > remaining calls to the security manager methods that are deprecated for > removal. The follow-up work can be done independently of the timing of the > integration of JEP 486 into JDK 24, but all of them will be targeted for > JavaFX 24. > > Follow-on issues for JavaFX 24: > > * Remove all calls to `doPrivileged` (there are 350 such calls in 168 files) > * Remove all other calls to `AccessController` (48 calls in 33 files) > * Remove all remaining calls to `System::getSecurityManager` (45 calls in 27 > files) > * Remove calls to deprecated SM methods from `PlatformUtil` and `MethodUtil` > in `javafx.base` (these are lightly modified copies of those classes in > `java.base` so I will check how they are being handled) > * Remove all uses (either throw or catch) o... the changes look good (to me). Tried to supply `-Djava.security.manager=com.oracle.tools.fx.monkey.SM` and got expected errors: WARNING: A command line option has enabled the Security Manager WARNING: The Security Manager is deprecated and will be removed in a future release Exception in thread "main" java.lang.ExceptionInInitializerError at java.base/jdk.internal.misc.Unsafe.ensureClassInitialized0(Native Method) at java.base/jdk.internal.misc.Unsafe.ensureClassInitialized(Unsafe.java:1160) at java.base/jdk.internal.reflect.MethodHandleAccessorFactory.ensureClassInitialized(MethodHandleAccessorFactory.java:340) at java.base/jdk.internal.reflect.MethodHandleAccessorFactory.newMethodAccessor(MethodHandleAccessorFactory.java:71) at java.base/jdk.internal.reflect.ReflectionFactory.newMethodAccessor(ReflectionFactory.java:154) at java.base/java.lang.reflect.Method.acquireMethodAccessor(Method.java:726) at java.base/java.lang.reflect.Method.invoke(Method.java:577) at java.base/sun.launcher.LauncherHelper$FXHelper.main(LauncherHelper.java:1147) Caused by: java.lang.UnsupportedOperationException: JavaFX does not support running with the Security Manager at javafx.graphics/com.sun.javafx.application.LauncherImpl.<clinit>(LauncherImpl.java:65) ... 8 more ------------- Marked as reviewed by angorya (Reviewer). PR Review: https://git.openjdk.org/jfx/pull/1595#pullrequestreview-2358523263
