8353642: Deprecate URL::getPermission method and networking permission classes for removal #24592
Conversation
|
👋 Welcome back dfuchs! A progress list of the required criteria for merging this PR into |
|
❗ This change is not yet ready to be integrated. |
openjdk
bot
added
security
Webrevs
|
|
The CSR is also ready to be reviewed at https://bugs.openjdk.org/browse/JDK-8354406 |
| */ | ||
| @Deprecated(since = "25") |
There was a problem hiding this comment.
can this (and all other getPermission methods) be "forRemoval=true"?
There was a problem hiding this comment.
Possibly. @AlanBateman may have some thoughts on this.
There was a problem hiding this comment.
I think we should at least consider deprecating URLConnection.getPermission and HttpURLConnection.getPermission for removal, only because I don't immediately see the advantage of doing it in two steps for these two APIs.
There was a problem hiding this comment.
Thanks - I will do that then
| } | ||
| return this.sp.implies(that.sp); | ||
| @SuppressWarnings("removal") | ||
| var result = this.sp.implies(that.sp); |
There was a problem hiding this comment.
Will we need to rewrite this code without SocketPermissions? Can we remove it, maybe? It is only used by CodeSource.implies, which is not used by the JDK (but may be used elsewhere).
There was a problem hiding this comment.
also the JavaDoc of the implies method references the SocketPermission. That will also need to be cleaned up at some point.
There was a problem hiding this comment.
That will be left over for someone in security-libs to cleanup this code at their convenience before we remove SocketException.
Hmmm... If the public API references SocketException we might have to deprecate in this PR too. Not sure what the implications are. Maybe @seanjmullan can advise.
| @@ -1305,6 +1307,8 @@ public static void main(String args[]) throws Exception { | |||
| * @serial include | |||
| */ | |||
|
|
|||
| @SuppressWarnings("removal") | |||
| @Deprecated(since = "25", forRemoval = true) | |||
There was a problem hiding this comment.
this class is internal, no need to deprecate
There was a problem hiding this comment.
It helps getting warnings at the place where the class is used.
|
The GHA failure (Windows) appears to be related. |
Yes - I missed one windows specific file in my original patch. I have a test running in the CI and I am waiting for it to pass before updating the PR. |
| @@ -456,12 +457,16 @@ private boolean matchLocation(CodeSource that) { | |||
| return false; | |||
| } | |||
| if (this.sp == null) { | |||
| this.sp = new SocketPermission(thisHost, "resolve"); | |||
| @SuppressWarnings("removal") | |||
| var _ = this.sp = new SocketPermission(thisHost, "resolve"); | |||
There was a problem hiding this comment.
What's the reason for the var _ = bit ?
There was a problem hiding this comment.
@SuppressWarnings can not be applied to a an expression - it needs a (variable/method/class) declaration
dfuch
changed the title
Should be fixed now |
Please find her a patch that deprecate networking permission classes for removal. The method
URL::getPermissionnow serves little purpose and is also deprecated. That method was overridden in subclasses and specified to return some of the deprecated permissions.Progress
Issues
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/24592/head:pull/24592$ git checkout pull/24592Update a local copy of the PR:
$ git checkout pull/24592$ git pull https://git.openjdk.org/jdk.git pull/24592/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 24592View PR using the GUI difftool:
$ git pr show -t 24592Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/24592.diff
Using Webrev
Link to Webrev Comment