8344299: SM cleanup in javax.naming modules

Reviewed-by: alanb, dfuchs

Author: AlekseiEfimov

src/java.base/share/classes/sun/security/util/SecurityConstants.java

@@ -96,10 +96,6 @@ private SecurityConstants () {
     public static final RuntimePermission GET_PD_PERMISSION =
         new RuntimePermission("getProtectionDomain");
 
-    // java.lang.Class, java.lang.ClassLoader, java.lang.Thread
-    public static final RuntimePermission GET_CLASSLOADER_PERMISSION =
-        new RuntimePermission("getClassLoader");
-
     // java.lang.Thread
     public static final RuntimePermission GET_STACK_TRACE_PERMISSION =
        new RuntimePermission("getStackTrace");

src/java.naming/share/classes/com/sun/jndi/ldap/ClientId.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -84,8 +84,8 @@ class ClientId {
         if ((socketFactory != null) &&
              !socketFactory.equals(LdapCtx.DEFAULT_SSL_FACTORY)) {
             try {
-                Class<?> socketFactoryClass =
-                        Obj.helper.loadClass(socketFactory);
+                Class<?> socketFactoryClass = Class.forName(socketFactory,
+                        true, Thread.currentThread().getContextClassLoader());
                 this.sockComparator = socketFactoryClass.getMethod(
                                 "compare", new Class<?>[]{Object.class, Object.class});
                 Method getDefault = socketFactoryClass.getMethod(

src/java.naming/share/classes/com/sun/jndi/ldap/Connection.java

@@ -44,8 +44,6 @@
 
 import java.lang.reflect.Method;
 import java.lang.reflect.InvocationTargetException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
@@ -183,10 +181,8 @@ public final class Connection implements Runnable {
             = hostnameVerificationDisabledValue();
 
     private static boolean hostnameVerificationDisabledValue() {
-        PrivilegedAction<String> act = () -> System.getProperty(
+        String prop = System.getProperty(
                 "com.sun.jndi.ldap.object.disableEndpointIdentification");
-        @SuppressWarnings("removal")
-        String prop = AccessController.doPrivileged(act);
         if (prop == null) {
             return false;
         }
@@ -259,7 +255,7 @@ void setBound() {
             throw ce;
         }
 
-        worker = Obj.helper.createThread(this);
+        worker = new Thread(this);
         worker.setDaemon(true);
         worker.start();
     }
@@ -313,7 +309,8 @@ private SocketFactory getSocketFactory(String socketFactoryName) throws Exceptio
             }
             @SuppressWarnings("unchecked")
             Class<? extends SocketFactory> socketFactoryClass =
-                    (Class<? extends SocketFactory>) Obj.helper.loadClass(socketFactoryName);
+                    (Class<? extends SocketFactory>) Class.forName(socketFactoryName,
+                            true, Thread.currentThread().getContextClassLoader());
             Method getDefault =
                     socketFactoryClass.getMethod("getDefault");
             SocketFactory factory = (SocketFactory) getDefault.invoke(null, new Object[]{});

src/java.naming/share/classes/com/sun/jndi/ldap/EventQueue.java

@@ -71,7 +71,7 @@ private static class QueueElement {
 
     // package private
     EventQueue() {
-        qThread = Obj.helper.createThread(this);
+        qThread = new Thread(this);
         qThread.setDaemon(true);  // not a user thread
         qThread.start();
     }

src/java.naming/share/classes/com/sun/jndi/ldap/LdapBindingEnumeration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,10 +25,6 @@
 
 package com.sun.jndi.ldap;
 
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.Vector;
 import javax.naming.*;
 import javax.naming.directory.*;
@@ -41,16 +37,12 @@
 final class LdapBindingEnumeration
         extends AbstractLdapNamingEnumeration<Binding> {
 
-    @SuppressWarnings("removal")
-    private final AccessControlContext acc = AccessController.getContext();
-
     LdapBindingEnumeration(LdapCtx homeCtx, LdapResult answer, Name remain,
         Continuation cont) throws NamingException
     {
         super(homeCtx, answer, remain, cont);
     }
 
-    @SuppressWarnings("removal")
     @Override
     protected Binding
       createItem(String dn, Attributes attrs, Vector<Control> respCtls)
@@ -61,12 +53,7 @@ final class LdapBindingEnumeration
 
         if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) {
             // serialized object or object reference
-            try {
-                PrivilegedExceptionAction<Object> pa = () -> Obj.decodeObject(attrs);
-                obj = AccessController.doPrivileged(pa, acc);
-            } catch (PrivilegedActionException e) {
-                throw (NamingException)e.getException();
-            }
+            obj = Obj.decodeObject(attrs);
         }
         if (obj == null) {
             // DirContext object

src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,8 +32,6 @@
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Locale;
@@ -220,7 +218,7 @@ static final class SearchArgs {
 
     // System property value
     private static final String ALLOWED_MECHS_SP_VALUE =
-            getMechsAllowedToSendCredentials();
+            System.getProperty(ALLOWED_MECHS_SP);
 
     // Set of authentication mechanisms allowed by the system property
     private static final Set<String> MECHS_ALLOWED_BY_SP =
@@ -2706,13 +2704,6 @@ public void reconnect(Control[] connCtls) throws NamingException {
         ensureOpen();      // open or reauthenticated
     }
 
-    // Load 'mechsAllowedToSendCredentials' system property value
-    @SuppressWarnings("removal")
-    private static String getMechsAllowedToSendCredentials() {
-        PrivilegedAction<String> pa = () -> System.getProperty(ALLOWED_MECHS_SP);
-        return System.getSecurityManager() == null ? pa.run() : AccessController.doPrivileged(pa);
-    }
-
     // Get set of allowed authentication mechanism names from the property value
     private static Set<String> getMechsFromPropertyValue(String propValue) {
         if (propValue == null || propValue.isBlank()) {

src/java.naming/share/classes/com/sun/jndi/ldap/LdapDnsProviderService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,14 +25,11 @@
 
 package com.sun.jndi.ldap;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.*;
 import java.util.concurrent.locks.ReentrantLock;
 import javax.naming.NamingException;
 import javax.naming.ldap.spi.LdapDnsProvider;
 import javax.naming.ldap.spi.LdapDnsProviderResult;
-import sun.security.util.SecurityConstants;
 
 /**
  * The {@code LdapDnsProviderService} is responsible for creating and providing
@@ -50,25 +47,10 @@ final class LdapDnsProviderService {
     /**
      * Creates a new instance of LdapDnsProviderService
      */
-    @SuppressWarnings("removal")
     private LdapDnsProviderService() {
-        SecurityManager sm = System.getSecurityManager();
-        if (sm == null) {
-            providers = ServiceLoader.load(
-                    LdapDnsProvider.class,
-                    ClassLoader.getSystemClassLoader());
-        } else {
-            final PrivilegedAction<ServiceLoader<LdapDnsProvider>> pa =
-                    () -> ServiceLoader.load(
-                            LdapDnsProvider.class,
-                            ClassLoader.getSystemClassLoader());
-
-            providers = AccessController.doPrivileged(
-                pa,
-                null,
-                new RuntimePermission("ldapDnsProvider"),
-                SecurityConstants.GET_CLASSLOADER_PERMISSION);
-        }
+        providers = ServiceLoader.load(
+                LdapDnsProvider.class,
+                ClassLoader.getSystemClassLoader());
     }
 
     /**

src/java.naming/share/classes/com/sun/jndi/ldap/LdapPoolManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,8 +34,6 @@
 import javax.naming.ldap.Control;
 import javax.naming.NamingException;
 import javax.naming.CommunicationException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 
 import com.sun.jndi.ldap.pool.PoolCleaner;
 import com.sun.jndi.ldap.pool.Pool;
@@ -60,10 +58,10 @@ public final class LdapPoolManager {
         "com.sun.jndi.ldap.connect.pool.debug";
 
     public static final boolean debug =
-        "all".equalsIgnoreCase(getProperty(DEBUG, null));
+        "all".equalsIgnoreCase(System.getProperty(DEBUG));
 
     public static final boolean trace = debug ||
-        "fine".equalsIgnoreCase(getProperty(DEBUG, null));
+        "fine".equalsIgnoreCase(System.getProperty(DEBUG));
 
     // ---------- System properties for connection pooling
 
@@ -120,16 +118,16 @@ public final class LdapPoolManager {
     private static final Pool[] pools = new Pool[3];
 
     static {
-        maxSize = getInteger(MAX_POOL_SIZE, DEFAULT_MAX_POOL_SIZE);
+        maxSize = Integer.getInteger(MAX_POOL_SIZE, DEFAULT_MAX_POOL_SIZE);
 
-        prefSize = getInteger(PREF_POOL_SIZE, DEFAULT_PREF_POOL_SIZE);
+        prefSize = Integer.getInteger(PREF_POOL_SIZE, DEFAULT_PREF_POOL_SIZE);
 
-        initSize = getInteger(INIT_POOL_SIZE, DEFAULT_INIT_POOL_SIZE);
+        initSize = Integer.getInteger(INIT_POOL_SIZE, DEFAULT_INIT_POOL_SIZE);
 
-        idleTimeout = getLong(POOL_TIMEOUT, DEFAULT_TIMEOUT);
+        idleTimeout = Long.getLong(POOL_TIMEOUT, DEFAULT_TIMEOUT);
 
         // Determine supported authentication mechanisms
-        String str = getProperty(POOL_AUTH, DEFAULT_AUTH_MECHS);
+        String str = System.getProperty(POOL_AUTH, DEFAULT_AUTH_MECHS);
         StringTokenizer parser = new StringTokenizer(str);
         int count = parser.countTokens();
         String mech;
@@ -147,7 +145,7 @@ public final class LdapPoolManager {
         }
 
         // Determine supported protocols
-        str= getProperty(POOL_PROTOCOL, DEFAULT_PROTOCOLS);
+        str = System.getProperty(POOL_PROTOCOL, DEFAULT_PROTOCOLS);
         parser = new StringTokenizer(str);
         count = parser.countTokens();
         String proto;
@@ -171,20 +169,15 @@ public final class LdapPoolManager {
         }
     }
 
-    @SuppressWarnings("removal")
     private static void startCleanerThread() {
         // Create cleaner to expire idle connections
-        PrivilegedAction<Void> pa = new PrivilegedAction<Void>() {
-            public Void run() {
-                Thread t = InnocuousThread.newSystemThread(
-                        "LDAP PoolCleaner",
-                        new PoolCleaner(idleTimeout, pools));
-                assert t.getContextClassLoader() == null;
-                t.setDaemon(true);
-                t.start();
-                return null;
-            }};
-        AccessController.doPrivileged(pa);
+        Thread t = InnocuousThread.newSystemThread(
+                "LDAP PoolCleaner",
+                new PoolCleaner(idleTimeout, pools));
+        assert t.getContextClassLoader() == null;
+        t.setDaemon(true);
+        t.start();
+
     }
 
     // Cannot instantiate one of these
@@ -252,7 +245,8 @@ static boolean isPoolingAllowed(String socketFactory, OutputStream trace,
         if ((socketFactory != null) &&
              !socketFactory.equals(LdapCtx.DEFAULT_SSL_FACTORY)) {
             try {
-                Class<?> socketFactoryClass = Obj.helper.loadClass(socketFactory);
+                Class<?> socketFactoryClass = Class.forName(socketFactory, true,
+                        Thread.currentThread().getContextClassLoader());
                 Class<?>[] interfaces = socketFactoryClass.getInterfaces();
                 for (int i = 0; i < interfaces.length; i++) {
                     if (interfaces[i].getCanonicalName().equals(COMPARATOR)) {
@@ -399,22 +393,4 @@ private static void d(String msg, String o) {
             System.err.println("LdapPoolManager: " + msg + o);
         }
     }
-
-    @SuppressWarnings("removal")
-    private static final String getProperty(final String propName, final String defVal) {
-        PrivilegedAction<String> pa = () -> System.getProperty(propName, defVal);
-        return AccessController.doPrivileged(pa);
-    }
-
-    @SuppressWarnings("removal")
-    private static final int getInteger(final String propName, final int defVal) {
-        PrivilegedAction<Integer> pa = () -> Integer.getInteger(propName, defVal);
-        return AccessController.doPrivileged(pa);
-    }
-
-    @SuppressWarnings("removal")
-    private static final long getLong(final String propName, final long defVal) {
-        PrivilegedAction<Long> pa = () -> Long.getLong(propName, defVal);
-        return AccessController.doPrivileged(pa);
-    }
 }

src/java.naming/share/classes/com/sun/jndi/ldap/LdapSearchEnumeration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,10 +25,6 @@
 
 package com.sun.jndi.ldap;
 
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.Vector;
 import javax.naming.*;
 import javax.naming.directory.*;
@@ -45,9 +41,6 @@ final class LdapSearchEnumeration
     private Name startName;             // prefix of names of search results
     private LdapCtx.SearchArgs searchArgs = null;
 
-    @SuppressWarnings("removal")
-    private final AccessControlContext acc = AccessController.getContext();
-
     LdapSearchEnumeration(LdapCtx homeCtx, LdapResult search_results,
         String starter, LdapCtx.SearchArgs args, Continuation cont)
         throws NamingException {
@@ -61,7 +54,6 @@ final class LdapSearchEnumeration
         searchArgs = args;
     }
 
-    @SuppressWarnings("removal")
     @Override
     protected SearchResult createItem(String dn, Attributes attrs,
                                       Vector<Control> respCtls)
@@ -121,12 +113,7 @@ protected SearchResult createItem(String dn, Attributes attrs,
             if (attrs.get(Obj.JAVA_ATTRIBUTES[Obj.CLASSNAME]) != null) {
                 // Entry contains Java-object attributes (ser/ref object)
                 // serialized object or object reference
-                try {
-                    PrivilegedExceptionAction<Object> pea = () -> Obj.decodeObject(attrs);
-                    obj = AccessController.doPrivileged(pea, acc);
-                } catch (PrivilegedActionException e) {
-                    throw (NamingException)e.getException();
-                }
+                obj = Obj.decodeObject(attrs);
             }
             if (obj == null) {
                 obj = new LdapCtx(homeCtx, dn);