On Wed, 23 Oct 2024 19:36:53 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
>> This PR removes support for running JavaFX applications with the Java >> Security Manager. >> >> The initial work was done in 4 separate commits as follows: >> >> * Fail fast at startup if the Security Manager is enabled >> * Remove `-Djava.security.manager` and all security policy files; delete >> `SandboxAppTest` >> * Delete remaining tests that depend on the Security Manager; as part of >> this, I renamed`CustomSecurityManagerTest` to `StageRobotTest` and removed >> all of the tests that depend on the security manager, since the test methods >> that don't depend on SM are useful functional tests of a Stage's FullScreen >> and AlwaysOnTop mode. >> * API spec change to remove mention of security manager (including mention >> of throwing SecurityException) >> >> This PR is both necessary and sufficient to remove support for running with >> the Java Security Manager enabled. I have tested this with JDK 23, which >> still has SM support (although deprecated for removal), and with a local JDK >> built from the >> [jdk-sandbox:jep486](https://github.com/openjdk/jdk-sandbox/tree/jep486) >> branch, which has the SM disabled. With both JDKs, I can build and run this >> PR branch; all tests pass. Attempting to enable the security manager with >> JDK 23 will now fail in `<clinit>` of either `LauncherImpl` (called by >> `Application.launch`) or `PlatformImpl` (called by `Platform.startup`) with >> an informative error message. >> >> This PR should be integrated prior to the integration of JEP 486, so that we >> can continue to run JavaFX tests on JDK 24 after the SM is disabled. >> Otherwise they will fail to run with a fatal error launching the JVM (we >> currently pass `-Djava.security.manager=allow` when running our tests). >> >> #### Follow-on work >> >> I will file additional JBS issues to track follow-up work to cleanup the >> remaining calls to the security manager methods that are deprecated for >> removal. The follow-up work can be done independently of the timing of the >> integration of JEP 486 into JDK 24, but all of them will be targeted for >> JavaFX 24. >> >> Follow-on issues for JavaFX 24: >> >> * Remove all calls to `doPrivileged` (there are 350 such calls in 168 files) >> * Remove all other calls to `AccessController` (48 calls in 33 files) >> * Remove all remaining calls to `System::getSecurityManager` (45 calls in 27 >> files) >> * Remove calls to deprecated SM methods from `PlatformUtil` and `MethodUtil` >> in `javafx.base` (these are lightly modified copies of those classes in >> `java.base` so I will check how they are being handle... > > Kevin Rushforth has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains seven additional > commits since the last revision: > > - Merge branch 'master' into 8341090-remove-sm > - Merge branch 'master' into 8341090-remove-sm > - Merge branch 'master' into 8341090-remove-sm > - SM removal part 5: Update API spec to remove mention of security manager > - SM removal part 4: delete remaining tests that depend on security manager > - SM removal part 2: remove -Djava.security.manager and security policy files > SM removal part 3: remove SandboxAppTest > - SM removal part 1: Fail fast at startup if the Security Manager is enabled Marked as reviewed by jvos (Reviewer). ------------- PR Review: https://git.openjdk.org/jfx/pull/1595#pullrequestreview-2398865546
