From 8df6fcb08bd27d2966138af2f01297d7a39f403e Mon Sep 17 00:00:00 2001 From: Sanne Grinovero Date: Wed, 17 Apr 2024 12:09:51 +0100 Subject: [PATCH] Remove support for the SecurityManager --- .../security/ldap/DelegatingLdapContext.java | 13 ++++------ .../ldap/QuarkusDirContextFactory.java | 11 +++----- .../ArcConstraintValidatorFactoryImpl.java | 13 +--------- .../runtime/QuarkusRestClientBuilder.java | 13 ++-------- .../spi/QuarkusClassloadingService.java | 12 +++------ .../quarkus/bootstrap/util/PropertyUtils.java | 26 ++----------------- .../registry/config/PropertiesUtil.java | 26 ++----------------- 7 files changed, 19 insertions(+), 95 deletions(-) diff --git a/extensions/elytron-security-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/DelegatingLdapContext.java b/extensions/elytron-security-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/DelegatingLdapContext.java index c90a9da278e2c..6f43ceb731a5a 100644 --- a/extensions/elytron-security-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/DelegatingLdapContext.java +++ b/extensions/elytron-security-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/DelegatingLdapContext.java @@ -1,7 +1,5 @@ package io.quarkus.elytron.security.ldap; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Hashtable; import javax.naming.Binding; @@ -26,7 +24,6 @@ import org.wildfly.common.Assert; import org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory; -import org.wildfly.security.manager.action.SetContextClassLoaderAction; class DelegatingLdapContext implements LdapContext { @@ -46,7 +43,7 @@ interface CloseHandler { } // for needs of newInstance() - private DelegatingLdapContext(DirContext delegating, SocketFactory socketFactory) throws NamingException { + private DelegatingLdapContext(DirContext delegating, SocketFactory socketFactory) { this.delegating = delegating; this.closeHandler = null; // close handler should not be applied to copy this.socketFactory = socketFactory; @@ -488,10 +485,10 @@ private ClassLoader getSocketFactoryClassLoader() { } private ClassLoader setClassLoaderTo(final ClassLoader targetClassLoader) { - return doPrivileged(new SetContextClassLoaderAction(targetClassLoader)); + final Thread currentThread = Thread.currentThread(); + final ClassLoader original = currentThread.getContextClassLoader(); + currentThread.setContextClassLoader(targetClassLoader); + return original; } - private static T doPrivileged(final PrivilegedAction action) { - return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run(); - } } diff --git a/extensions/elytron-security-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/QuarkusDirContextFactory.java b/extensions/elytron-security-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/QuarkusDirContextFactory.java index 36118d8864f6a..1fe3324d0aa50 100644 --- a/extensions/elytron-security-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/QuarkusDirContextFactory.java +++ b/extensions/elytron-security-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/QuarkusDirContextFactory.java @@ -1,7 +1,5 @@ package io.quarkus.elytron.security.ldap; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.time.Duration; import java.util.Hashtable; @@ -15,7 +13,6 @@ import javax.security.auth.callback.PasswordCallback; import org.wildfly.security.auth.realm.ldap.DirContextFactory; -import org.wildfly.security.manager.action.SetContextClassLoaderAction; public class QuarkusDirContextFactory implements DirContextFactory { // private static final ElytronMessages log = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security"); @@ -142,10 +139,10 @@ public void returnContext(DirContext context) { } private ClassLoader setClassLoaderTo(final ClassLoader targetClassLoader) { - return doPrivileged(new SetContextClassLoaderAction(targetClassLoader)); + final Thread currentThread = Thread.currentThread(); + final ClassLoader original = currentThread.getContextClassLoader(); + currentThread.setContextClassLoader(targetClassLoader); + return original; } - private static T doPrivileged(final PrivilegedAction action) { - return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run(); - } } diff --git a/extensions/hibernate-validator/runtime/src/main/java/io/quarkus/hibernate/validator/runtime/ArcConstraintValidatorFactoryImpl.java b/extensions/hibernate-validator/runtime/src/main/java/io/quarkus/hibernate/validator/runtime/ArcConstraintValidatorFactoryImpl.java index 6662d05dfb3f7..174ce705d62af 100644 --- a/extensions/hibernate-validator/runtime/src/main/java/io/quarkus/hibernate/validator/runtime/ArcConstraintValidatorFactoryImpl.java +++ b/extensions/hibernate-validator/runtime/src/main/java/io/quarkus/hibernate/validator/runtime/ArcConstraintValidatorFactoryImpl.java @@ -1,7 +1,5 @@ package io.quarkus.hibernate.validator.runtime; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.IdentityHashMap; import java.util.Map; @@ -34,7 +32,7 @@ public class ArcConstraintValidatorFactoryImpl implements ConstraintValidatorFac } return instance; } - return run(NewInstance.action(key, "ConstraintValidator")); + return NewInstance.action(key, "ConstraintValidator").run(); } @Override @@ -45,13 +43,4 @@ public void releaseInstance(ConstraintValidator instance) { } } - /** - * Runs the given privileged action, using a privileged block if required. - *

- * NOTE: This must never be changed into a publicly available method to avoid execution of arbitrary - * privileged actions within HV's protection domain. - */ - private T run(PrivilegedAction action) { - return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run(); - } } diff --git a/extensions/resteasy-classic/resteasy-client/runtime/src/main/java/io/quarkus/restclient/runtime/QuarkusRestClientBuilder.java b/extensions/resteasy-classic/resteasy-client/runtime/src/main/java/io/quarkus/restclient/runtime/QuarkusRestClientBuilder.java index ead9b44944922..7ecc462c52d12 100644 --- a/extensions/resteasy-classic/resteasy-client/runtime/src/main/java/io/quarkus/restclient/runtime/QuarkusRestClientBuilder.java +++ b/extensions/resteasy-classic/resteasy-client/runtime/src/main/java/io/quarkus/restclient/runtime/QuarkusRestClientBuilder.java @@ -17,11 +17,9 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.URL; -import java.security.AccessController; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; -import java.security.PrivilegedAction; import java.security.SecureRandom; import java.util.ArrayList; import java.util.Arrays; @@ -397,7 +395,7 @@ public T build(Class aClass) throws IllegalStateException, RestClientDefi * @return list of proxy hosts */ private List getProxyHostsAsRegex() { - String noProxyHostsSysProps = getSystemProperty("http.nonProxyHosts", null); + String noProxyHostsSysProps = System.getProperty("http.nonProxyHosts", null); if (noProxyHostsSysProps == null) { noProxyHostsSysProps = "localhost|127.*|[::1]"; } else { @@ -414,7 +412,7 @@ private List getProxyHostsAsRegex() { */ private boolean useURLConnection() { if (useURLConnection == null) { - String defaultToURLConnection = getSystemProperty( + String defaultToURLConnection = System.getProperty( "org.jboss.resteasy.microprofile.defaultToURLConnectionHttpClient", "false"); useURLConnection = defaultToURLConnection.equalsIgnoreCase("true"); } @@ -820,13 +818,6 @@ private static BeanManager getBeanManager() { } } - private String getSystemProperty(String key, String def) { - if (System.getSecurityManager() == null) { - return System.getProperty(key, def); - } - return AccessController.doPrivileged((PrivilegedAction) () -> System.getProperty(key, def)); - } - private final MpClientBuilderImpl builderDelegate; private final ConfigurationWrapper configurationWrapper; diff --git a/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/spi/QuarkusClassloadingService.java b/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/spi/QuarkusClassloadingService.java index 8fc89fdeb99c4..359f9c4417aaa 100644 --- a/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/spi/QuarkusClassloadingService.java +++ b/extensions/smallrye-graphql/runtime/src/main/java/io/quarkus/smallrye/graphql/runtime/spi/QuarkusClassloadingService.java @@ -1,9 +1,5 @@ package io.quarkus.smallrye.graphql.runtime.spi; -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; - import graphql.schema.PropertyDataFetcherHelper; import io.smallrye.graphql.execution.Classes; import io.smallrye.graphql.spi.ClassloadingService; @@ -38,12 +34,10 @@ public Class loadClass(String className) { if (Classes.isPrimitive(className)) { return Classes.getPrimativeClassType(className); } else { - return AccessController.doPrivileged((PrivilegedExceptionAction>) () -> { - ClassLoader cl = classLoader == null ? Thread.currentThread().getContextClassLoader() : classLoader; - return loadClass(className, cl); - }); + ClassLoader cl = classLoader == null ? Thread.currentThread().getContextClassLoader() : classLoader; + return loadClass(className, cl); } - } catch (PrivilegedActionException | ClassNotFoundException pae) { + } catch (ClassNotFoundException pae) { throw new RuntimeException("Can not load class [" + className + "]", pae); } } diff --git a/independent-projects/bootstrap/app-model/src/main/java/io/quarkus/bootstrap/util/PropertyUtils.java b/independent-projects/bootstrap/app-model/src/main/java/io/quarkus/bootstrap/util/PropertyUtils.java index 5a15d4b205b38..8751c22210ce4 100644 --- a/independent-projects/bootstrap/app-model/src/main/java/io/quarkus/bootstrap/util/PropertyUtils.java +++ b/independent-projects/bootstrap/app-model/src/main/java/io/quarkus/bootstrap/util/PropertyUtils.java @@ -5,8 +5,6 @@ import java.io.Writer; import java.nio.file.Files; import java.nio.file.Path; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -40,32 +38,12 @@ public static String getUserHome() { public static String getProperty(final String name, String defValue) { assert name != null : "name is null"; - final SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - return AccessController.doPrivileged(new PrivilegedAction() { - @Override - public String run() { - return System.getProperty(name, defValue); - } - }); - } else { - return System.getProperty(name, defValue); - } + return System.getProperty(name, defValue); } public static String getProperty(final String name) { assert name != null : "name is null"; - final SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - return AccessController.doPrivileged(new PrivilegedAction() { - @Override - public String run() { - return System.getProperty(name); - } - }); - } else { - return System.getProperty(name); - } + return System.getProperty(name); } public static final Boolean getBooleanOrNull(String name) { diff --git a/independent-projects/tools/registry-client/src/main/java/io/quarkus/registry/config/PropertiesUtil.java b/independent-projects/tools/registry-client/src/main/java/io/quarkus/registry/config/PropertiesUtil.java index 57125c8938306..2e4c52b4228f4 100644 --- a/independent-projects/tools/registry-client/src/main/java/io/quarkus/registry/config/PropertiesUtil.java +++ b/independent-projects/tools/registry-client/src/main/java/io/quarkus/registry/config/PropertiesUtil.java @@ -1,7 +1,5 @@ package io.quarkus.registry.config; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Locale; public class PropertiesUtil { @@ -26,32 +24,12 @@ public static String getUserHome() { public static String getProperty(final String name, String defValue) { assert name != null : "name is null"; - final SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - return AccessController.doPrivileged(new PrivilegedAction() { - @Override - public String run() { - return System.getProperty(name, defValue); - } - }); - } else { - return System.getProperty(name, defValue); - } + return System.getProperty(name, defValue); } public static String getProperty(final String name) { assert name != null : "name is null"; - final SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - return AccessController.doPrivileged(new PrivilegedAction() { - @Override - public String run() { - return System.getProperty(name); - } - }); - } else { - return System.getProperty(name); - } + return System.getProperty(name); } public static final Boolean getBooleanOrNull(String name) {