You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@groovy.apache.org by pa...@apache.org on 2022/04/18 07:09:06 UTC
[groovy] 02/02: GROOVY-10586: Revert doPrivileged in VMPlugin approach to JEP-411 (cont'd)
This is an automated email from the ASF dual-hosted git repository.
paulk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/groovy.git
commit 5c10ca3836891a6fe64394a9318c91ce98ac28b8
Author: Paul King <pa...@asert.com.au>
AuthorDate: Mon Apr 18 17:08:44 2022 +1000
GROOVY-10586: Revert doPrivileged in VMPlugin approach to JEP-411 (cont'd)
---
src/main/java/groovy/grape/Grape.java | 10 ++---
src/main/java/groovy/lang/GroovyClassLoader.java | 41 +++++++++++++-------
src/main/java/groovy/lang/GroovyCodeSource.java | 8 +++-
src/main/java/groovy/lang/GroovyShell.java | 25 ++++++++----
src/main/java/groovy/lang/MetaClassImpl.java | 10 +++--
src/main/java/groovy/ui/GroovyMain.java | 8 +++-
src/main/java/groovy/util/GroovyScriptEngine.java | 22 ++++++-----
.../internal/util/ReevaluatingReference.java | 8 +++-
.../codehaus/groovy/control/ProcessingUnit.java | 9 +++--
.../org/codehaus/groovy/control/SourceUnit.java | 8 +++-
.../codehaus/groovy/reflection/CachedClass.java | 14 ++++---
.../org/codehaus/groovy/reflection/ClassInfo.java | 4 +-
.../reflection/ClassLoaderForClassArtifacts.java | 20 ++++++----
.../groovy/reflection/ReflectionUtils.java | 4 +-
.../codehaus/groovy/reflection/SunClassLoader.java | 10 ++++-
.../reflection/stdclasses/CachedSAMClass.java | 3 +-
.../groovy/runtime/DefaultGroovyMethods.java | 14 ++++---
.../groovy/runtime/ProxyGeneratorAdapter.java | 5 +--
.../groovy/runtime/callsite/CallSiteArray.java | 9 +++--
.../runtime/callsite/GroovySunClassLoader.java | 8 +++-
.../org/codehaus/groovy/tools/GroovyStarter.java | 9 +++--
.../groovy/tools/javac/JavacJavaCompiler.java | 10 +++--
.../codehaus/groovy/vmplugin/VMPluginFactory.java | 8 +++-
.../org/codehaus/groovy/vmplugin/v8/Java8.java | 12 ++++--
src/test/groovy/security/SecurityTest.java | 8 +++-
src/test/groovy/security/SecurityTestSupport.java | 36 ++++++++++--------
.../codehaus/groovy/reflection/SecurityTest.java | 20 +++++++++-
.../org/codehaus/groovy/classgen/TestSupport.java | 24 ++++++++----
.../codehaus/groovy/ant/CompileTaskSupport.java | 7 ++--
.../main/java/org/codehaus/groovy/ant/Groovy.java | 7 ++--
.../main/java/org/codehaus/groovy/ant/Groovyc.java | 7 ++--
.../org/codehaus/groovy/ant/RootLoaderRef.java | 7 +++-
.../main/groovy/groovy/console/ui/Console.groovy | 5 ++-
.../groovy/jsr223/GroovyScriptEngineImpl.java | 10 +++--
.../groovy-sql/src/main/java/groovy/sql/Sql.java | 44 ++++++++++++----------
.../swing/binding/ClosureTriggerBinding.java | 14 +++++--
.../groovy/groovy/text/GStringTemplateEngine.java | 3 +-
.../groovy/text/StreamingTemplateEngine.java | 3 +-
.../groovy/text/markup/MarkupTemplateEngine.java | 12 ++++--
.../src/main/java/groovy/test/AllTestSuite.java | 5 ++-
.../src/main/java/groovy/test/GroovyTestSuite.java | 5 +--
.../src/main/java/groovy/xml/FactorySupport.java | 11 ++----
42 files changed, 325 insertions(+), 182 deletions(-)
diff --git a/src/main/java/groovy/grape/Grape.java b/src/main/java/groovy/grape/Grape.java
index a8dcc88a58..78e346ba43 100644
--- a/src/main/java/groovy/grape/Grape.java
+++ b/src/main/java/groovy/grape/Grape.java
@@ -20,7 +20,6 @@ package groovy.grape;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.List;
@@ -155,13 +154,14 @@ public class Grape {
}
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
public static void grab(final Map<String, Object> args, final Map... dependencies) {
if (enableGrapes) {
- AccessController.doPrivileged(new PrivilegedAction<Void>() {
+ java.security.AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
- GrapeEngine instance = getInstance();
- if (instance != null) {
+ GrapeEngine instance1 = getInstance();
+ if (instance1 != null) {
if (!args.containsKey(AUTO_DOWNLOAD_SETTING)) {
args.put(AUTO_DOWNLOAD_SETTING, enableAutoDownload);
}
@@ -171,7 +171,7 @@ public class Grape {
if (!args.containsKey(GrapeEngine.CALLEE_DEPTH)) {
args.put(GrapeEngine.CALLEE_DEPTH, GrapeEngine.DEFAULT_CALLEE_DEPTH + 2);
}
- instance.grab(args, dependencies);
+ instance1.grab(args, dependencies);
}
return null;
}
diff --git a/src/main/java/groovy/lang/GroovyClassLoader.java b/src/main/java/groovy/lang/GroovyClassLoader.java
index ffab72ad23..2c03b16e3f 100644
--- a/src/main/java/groovy/lang/GroovyClassLoader.java
+++ b/src/main/java/groovy/lang/GroovyClassLoader.java
@@ -66,7 +66,6 @@ import java.net.URL;
import java.net.URLClassLoader;
import java.net.URLConnection;
import java.net.URLDecoder;
-import java.security.AccessController;
import java.security.CodeSource;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
@@ -110,8 +109,9 @@ public class GroovyClassLoader extends URLClassLoader {
private GroovyResourceLoader resourceLoader = new GroovyResourceLoader() {
@Override
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
public URL loadGroovySource(final String filename) throws MalformedURLException {
- return AccessController.doPrivileged((PrivilegedAction<URL>) () -> {
+ return java.security.AccessController.doPrivileged((PrivilegedAction<URL>) () -> {
for (String extension : config.getScriptExtensions()) {
try {
URL ret = getSourceFile(filename, extension);
@@ -253,11 +253,16 @@ public class GroovyClassLoader extends URLClassLoader {
* @return the main class defined in the given script
*/
public Class parseClass(final String text, final String fileName) throws CompilationFailedException {
- GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, fileName, "/groovy/script"));
+ GroovyCodeSource gcs = createCodeSource((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, fileName, "/groovy/script"));
gcs.setCachable(false);
return parseClass(gcs);
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private GroovyCodeSource createCodeSource(PrivilegedAction<GroovyCodeSource> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
/**
* Parses the given text into a Java class capable of being run
*
@@ -278,7 +283,7 @@ public class GroovyClassLoader extends URLClassLoader {
}
public Class parseClass(final Reader reader, final String fileName) throws CompilationFailedException {
- GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> {
+ GroovyCodeSource gcs = createCodeSource((PrivilegedAction<GroovyCodeSource>) () -> {
try {
String scriptText = IOGroovyMethods.getText(reader);
return new GroovyCodeSource(scriptText, fileName, "/groovy/script");
@@ -425,12 +430,7 @@ public class GroovyClassLoader extends URLClassLoader {
perms = new Permissions();
}
- ProtectionDomain myDomain = AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
- @Override
- public ProtectionDomain run() {
- return getClass().getProtectionDomain();
- }
- });
+ ProtectionDomain myDomain = getProtectionDomain();
PermissionCollection myPerms = myDomain.getPermissions();
if (myPerms != null) {
for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements();) {
@@ -445,6 +445,16 @@ public class GroovyClassLoader extends URLClassLoader {
return perms;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private ProtectionDomain getProtectionDomain() {
+ return java.security.AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() {
+ @Override
+ public ProtectionDomain run() {
+ return getClass().getProtectionDomain();
+ }
+ });
+ }
+
public static class InnerLoader extends GroovyClassLoader {
private final GroovyClassLoader delegate;
private final long timeStamp;
@@ -643,8 +653,12 @@ public class GroovyClassLoader extends URLClassLoader {
* @return the ClassCollector
*/
protected ClassCollector createCollector(CompilationUnit unit, SourceUnit su) {
- InnerLoader loader = AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(GroovyClassLoader.this));
- return new ClassCollector(loader, unit, su);
+ return new ClassCollector(createLoader(), unit, su);
+ }
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private InnerLoader createLoader() {
+ return java.security.AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(GroovyClassLoader.this));
}
public static class ClassCollector implements CompilationUnit.ClassgenCallback {
@@ -1082,8 +1096,9 @@ public class GroovyClassLoader extends URLClassLoader {
* @param path is a jar file or a directory.
* @see #addURL(URL)
*/
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
public void addClasspath(final String path) {
- AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+ java.security.AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
URI newURI;
try {
diff --git a/src/main/java/groovy/lang/GroovyCodeSource.java b/src/main/java/groovy/lang/GroovyCodeSource.java
index 2ca2a8edc0..063227251a 100644
--- a/src/main/java/groovy/lang/GroovyCodeSource.java
+++ b/src/main/java/groovy/lang/GroovyCodeSource.java
@@ -31,7 +31,6 @@ import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
-import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -123,7 +122,7 @@ public class GroovyCodeSource {
//The calls below require access to user.dir - allow here since getName() and getCodeSource() are
//package private and used only by the GroovyClassLoader.
try {
- Object[] info = AccessController.doPrivileged((PrivilegedExceptionAction<Object[]>) () -> {
+ Object[] info = doPrivileged((PrivilegedExceptionAction<Object[]>) () -> {
// retrieve the content of the file using the provided encoding
if (encoding != null) {
scriptText = ResourceGroovyMethods.getText(infile, encoding);
@@ -150,6 +149,11 @@ public class GroovyCodeSource {
}
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
/**
* @param infile the file to create a GroovyCodeSource for.
* @throws IOException if an issue arises opening and reading the file.
diff --git a/src/main/java/groovy/lang/GroovyShell.java b/src/main/java/groovy/lang/GroovyShell.java
index 82ab601a9f..6630356cc6 100644
--- a/src/main/java/groovy/lang/GroovyShell.java
+++ b/src/main/java/groovy/lang/GroovyShell.java
@@ -33,7 +33,6 @@ import java.io.Reader;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -100,12 +99,22 @@ public class GroovyShell extends GroovyObjectSupport {
&& ((GroovyClassLoader) parentLoader).hasCompatibleConfiguration(config)) {
this.loader = (GroovyClassLoader) parentLoader;
} else {
- this.loader = AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader,config));
+ this.loader = doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader, config));
}
this.context = binding;
this.config = config;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
public void resetLoadedClasses() {
loader.clearCache();
}
@@ -203,13 +212,13 @@ public class GroovyShell extends GroovyObjectSupport {
}
}
- AccessController.doPrivileged(new DoSetContext(loader));
+ doPrivileged(new DoSetContext(loader));
// Parse the script, generate the class, and invoke the main method. This is a little looser than
// if you are compiling the script because the JVM isn't executing the main method.
Class scriptClass;
try {
- scriptClass = AccessController.doPrivileged((PrivilegedExceptionAction<Class>) () -> loader.parseClass(scriptFile));
+ scriptClass = doPrivileged((PrivilegedExceptionAction<Class>) () -> loader.parseClass(scriptFile));
} catch (PrivilegedActionException pae) {
Exception e = pae.getException();
if (e instanceof CompilationFailedException) {
@@ -340,7 +349,7 @@ public class GroovyShell extends GroovyObjectSupport {
* @param args the command line arguments to pass in
*/
public Object run(final String scriptText, final String fileName, String[] args) throws CompilationFailedException {
- GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
+ GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
return run(gcs, args);
}
@@ -404,7 +413,7 @@ public class GroovyShell extends GroovyObjectSupport {
* @param args the command line arguments to pass in
*/
public Object run(final Reader in, final String fileName, String[] args) throws CompilationFailedException {
- GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(in, fileName, DEFAULT_CODE_BASE));
+ GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(in, fileName, DEFAULT_CODE_BASE));
Class scriptClass = parseClass(gcs);
return runScriptOrMainOrTestOrRunnable(scriptClass, args);
}
@@ -462,7 +471,7 @@ public class GroovyShell extends GroovyObjectSupport {
sm.checkPermission(new GroovyCodeSourcePermission(codeBase));
}
- GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, codeBase));
+ GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, codeBase));
return evaluate(gcs);
}
@@ -607,7 +616,7 @@ public class GroovyShell extends GroovyObjectSupport {
}
public Script parse(final String scriptText, final String fileName, Binding binding) throws CompilationFailedException {
- GroovyCodeSource gcs = AccessController.doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
+ GroovyCodeSource gcs = doPrivileged((PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(scriptText, fileName, DEFAULT_CODE_BASE));
return parse(gcs, binding);
}
diff --git a/src/main/java/groovy/lang/MetaClassImpl.java b/src/main/java/groovy/lang/MetaClassImpl.java
index 3ae4b24402..1c62fdfae4 100644
--- a/src/main/java/groovy/lang/MetaClassImpl.java
+++ b/src/main/java/groovy/lang/MetaClassImpl.java
@@ -98,7 +98,6 @@ import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
import java.net.URL;
-import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
@@ -3496,9 +3495,9 @@ public class MetaClassImpl implements MetaClass, MutableMetaClass {
// introspect
try {
if (isBeanDerivative(theClass)) {
- info = (BeanInfo) AccessController.doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass, Introspector.IGNORE_ALL_BEANINFO));
+ info = (BeanInfo) doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass, Introspector.IGNORE_ALL_BEANINFO));
} else {
- info = (BeanInfo) AccessController.doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass));
+ info = (BeanInfo) doPrivileged((PrivilegedExceptionAction) () -> Introspector.getBeanInfo(theClass));
}
} catch (PrivilegedActionException pae) {
throw new GroovyRuntimeException("exception during bean introspection", pae.getException());
@@ -3528,6 +3527,11 @@ public class MetaClassImpl implements MetaClass, MutableMetaClass {
}
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private Object doPrivileged(PrivilegedExceptionAction action) throws PrivilegedActionException {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
private static boolean isBeanDerivative(Class theClass) {
Class next = theClass;
while (next != null) {
diff --git a/src/main/java/groovy/ui/GroovyMain.java b/src/main/java/groovy/ui/GroovyMain.java
index 10cd8b0ab6..11ae848b0e 100644
--- a/src/main/java/groovy/ui/GroovyMain.java
+++ b/src/main/java/groovy/ui/GroovyMain.java
@@ -54,7 +54,6 @@ import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.LinkedHashMap;
@@ -527,7 +526,12 @@ public class GroovyMain {
}
}
- AccessController.doPrivileged(new DoSetContext(shell.getClassLoader()));
+ doPrivileged(new DoSetContext(shell.getClassLoader()));
+ }
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
}
/**
diff --git a/src/main/java/groovy/util/GroovyScriptEngine.java b/src/main/java/groovy/util/GroovyScriptEngine.java
index f4bbd58f84..1a4c367ba4 100644
--- a/src/main/java/groovy/util/GroovyScriptEngine.java
+++ b/src/main/java/groovy/util/GroovyScriptEngine.java
@@ -47,7 +47,6 @@ import java.lang.ref.WeakReference;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
-import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.util.HashMap;
@@ -61,23 +60,23 @@ import java.util.concurrent.ConcurrentHashMap;
* with dependent scripts.
*/
public class GroovyScriptEngine implements ResourceConnector {
- private static final ClassLoader CL_STUB = AccessController.doPrivileged((PrivilegedAction<ClassLoader>) () -> new ClassLoader() {});
+ private static final ClassLoader CL_STUB = doPrivileged((PrivilegedAction<ClassLoader>) () -> new ClassLoader() {});
private static final URL[] EMPTY_URL_ARRAY = new URL[0];
private static class LocalData {
CompilationUnit cu;
final StringSetMap dependencyCache = new StringSetMap();
- final Map<String, String> precompiledEntries = new HashMap<String, String>();
+ final Map<String, String> precompiledEntries = new HashMap<>();
}
- private static WeakReference<ThreadLocal<LocalData>> localData = new WeakReference<ThreadLocal<LocalData>>(null);
+ private static WeakReference<ThreadLocal<LocalData>> localData = new WeakReference<>(null);
private static synchronized ThreadLocal<LocalData> getLocalData() {
ThreadLocal<LocalData> local = localData.get();
if (local != null) return local;
- local = new ThreadLocal<LocalData>();
- localData = new WeakReference<ThreadLocal<LocalData>>(local);
+ local = new ThreadLocal<>();
+ localData = new WeakReference<>(local);
return local;
}
@@ -261,7 +260,7 @@ public class GroovyScriptEngine implements ResourceConnector {
StringSetMap cache = localData.dependencyCache;
cache.makeTransitiveHull();
long time = getCurrentTime();
- Set<String> entryNames = new HashSet<String>();
+ Set<String> entryNames = new HashSet<>();
for (Map.Entry<String, Set<String>> entry : cache.entrySet()) {
String className = entry.getKey();
Class clazz = getClassCacheEntry(className);
@@ -297,7 +296,7 @@ public class GroovyScriptEngine implements ResourceConnector {
}
private Set<String> convertToPaths(Set<String> orig, Map<String, String> precompiledEntries) {
- Set<String> ret = new HashSet<String>();
+ Set<String> ret = new HashSet<>();
for (String className : orig) {
Class clazz = getClassCacheEntry(className);
if (clazz == null) continue;
@@ -339,7 +338,7 @@ public class GroovyScriptEngine implements ResourceConnector {
*/
private GroovyClassLoader initGroovyLoader() {
GroovyClassLoader groovyClassLoader =
- AccessController.doPrivileged((PrivilegedAction<ScriptClassLoader>) () -> {
+ doPrivileged((PrivilegedAction<ScriptClassLoader>) () -> {
if (parentLoader instanceof GroovyClassLoader) {
return new ScriptClassLoader((GroovyClassLoader) parentLoader);
} else {
@@ -350,6 +349,11 @@ public class GroovyScriptEngine implements ResourceConnector {
return groovyClassLoader;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
/**
* Get a resource connection as a <code>URLConnection</code> to retrieve a script
* from the <code>ResourceConnector</code>.
diff --git a/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java b/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java
index 255e97bf40..91e476cfef 100644
--- a/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java
+++ b/src/main/java/org/apache/groovy/internal/util/ReevaluatingReference.java
@@ -27,7 +27,6 @@ import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.invoke.SwitchPoint;
import java.lang.ref.WeakReference;
-import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
@@ -41,7 +40,7 @@ public class ReevaluatingReference<T> {
static {
try {
//TODO Jochen: move the findSpecial to a central place together with others to easy security configuration
- FALLBACK_HANDLE = AccessController.doPrivileged((PrivilegedExceptionAction<MethodHandle>) () -> MethodHandles.lookup().findSpecial(
+ FALLBACK_HANDLE = doPrivileged((PrivilegedExceptionAction<MethodHandle>) () -> MethodHandles.lookup().findSpecial(
ReevaluatingReference.class, "replacePayLoad",
MethodType.methodType(Object.class),
ReevaluatingReference.class));
@@ -50,6 +49,11 @@ public class ReevaluatingReference<T> {
}
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
private final Supplier<T> valueSupplier;
private final Function<T, SwitchPoint> validationSupplier;
private final WeakReference<Class<T>> clazzRef;
diff --git a/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java b/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java
index 0b12ebf75e..8aca4f8197 100644
--- a/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java
+++ b/src/main/java/org/codehaus/groovy/control/ProcessingUnit.java
@@ -20,7 +20,6 @@ package org.codehaus.groovy.control;
import groovy.lang.GroovyClassLoader;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import static java.util.Objects.requireNonNull;
@@ -100,13 +99,17 @@ public abstract class ProcessingUnit {
public void setClassLoader(final GroovyClassLoader loader) {
// ClassLoaders should only be created inside a doPrivileged block in case
// this method is invoked by code that does not have security permissions.
- this.classLoader = loader != null ? loader : AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> {
+ this.classLoader = loader != null ? loader : createClassLoader();
+ }
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action
+ private GroovyClassLoader createClassLoader() {
+ return java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> {
ClassLoader parent = Thread.currentThread().getContextClassLoader();
if (parent == null) parent = ProcessingUnit.class.getClassLoader();
return new GroovyClassLoader(parent, getConfiguration());
});
}
-
/**
* Errors found during the compilation should be reported through the ErrorCollector.
*/
diff --git a/src/main/java/org/codehaus/groovy/control/SourceUnit.java b/src/main/java/org/codehaus/groovy/control/SourceUnit.java
index 703a803043..2fc4460d17 100644
--- a/src/main/java/org/codehaus/groovy/control/SourceUnit.java
+++ b/src/main/java/org/codehaus/groovy/control/SourceUnit.java
@@ -37,7 +37,6 @@ import java.io.File;
import java.io.IOException;
import java.io.Reader;
import java.net.URL;
-import java.security.AccessController;
import java.security.PrivilegedAction;
/**
@@ -237,11 +236,16 @@ public class SourceUnit extends ProcessingUnit {
buildAST();
- if ("xml".equals(AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty("groovy.ast")))) {
+ if ("xml".equals(getProperty("groovy.ast"))) {
XStreamUtils.serialize(name, ast);
}
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should get the property not as a privileged action
+ private String getProperty(String key) {
+ return java.security.AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty(key));
+ }
+
/**
* Builds the AST.
*/
diff --git a/src/main/java/org/codehaus/groovy/reflection/CachedClass.java b/src/main/java/org/codehaus/groovy/reflection/CachedClass.java
index 866692de48..61cdc32092 100644
--- a/src/main/java/org/codehaus/groovy/reflection/CachedClass.java
+++ b/src/main/java/org/codehaus/groovy/reflection/CachedClass.java
@@ -31,7 +31,6 @@ import org.codehaus.groovy.util.FastArray;
import org.codehaus.groovy.util.LazyReference;
import org.codehaus.groovy.util.ReferenceBundle;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
@@ -57,7 +56,7 @@ public class CachedClass {
PrivilegedAction<CachedField[]> action = () -> Arrays.stream(getTheClass().getDeclaredFields())
.filter(f -> ReflectionUtils.checkCanSetAccessible(f, CachedClass.class))
.map(CachedField::new).toArray(CachedField[]::new);
- return AccessController.doPrivileged(action);
+ return doPrivileged(action);
}
};
@@ -71,7 +70,7 @@ public class CachedClass {
.filter(c -> ReflectionUtils.checkCanSetAccessible(c, CachedClass.class))
.map(c -> new CachedConstructor(CachedClass.this, c))
.toArray(CachedConstructor[]::new);
- return AccessController.doPrivileged(action);
+ return doPrivileged(action);
}
};
@@ -91,7 +90,7 @@ public class CachedClass {
return CachedMethod.EMPTY_ARRAY;
}
};
- CachedMethod[] declaredMethods = AccessController.doPrivileged(action);
+ CachedMethod[] declaredMethods = doPrivileged(action);
List<CachedMethod> methods = new ArrayList<>(declaredMethods.length);
List<CachedMethod> mopMethods = new ArrayList<>(declaredMethods.length);
@@ -134,12 +133,17 @@ public class CachedClass {
}
};
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the action not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
private final LazyReference<CallSiteClassLoader> callSiteClassLoader = new LazyReference<CallSiteClassLoader>(softBundle) {
private static final long serialVersionUID = 4410385968428074090L;
@Override
public CallSiteClassLoader initValue() {
- return AccessController.doPrivileged((PrivilegedAction<CallSiteClassLoader>) () -> new CallSiteClassLoader(CachedClass.this.cachedClass));
+ return doPrivileged((PrivilegedAction<CallSiteClassLoader>) () -> new CallSiteClassLoader(CachedClass.this.cachedClass));
}
};
diff --git a/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java b/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java
index b4b4f6d238..f01cb3bcd7 100644
--- a/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java
+++ b/src/main/java/org/codehaus/groovy/reflection/ClassInfo.java
@@ -54,7 +54,6 @@ import org.codehaus.groovy.vmplugin.VMPluginFactory;
import java.lang.ref.WeakReference;
import java.math.BigDecimal;
import java.math.BigInteger;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Iterator;
@@ -449,8 +448,9 @@ public class ClassInfo implements Finalizable {
}
@Override
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
public ClassLoaderForClassArtifacts initValue() {
- return AccessController.doPrivileged((PrivilegedAction<ClassLoaderForClassArtifacts>) () -> new ClassLoaderForClassArtifacts(info.classRef.get()));
+ return java.security.AccessController.doPrivileged((PrivilegedAction<ClassLoaderForClassArtifacts>) () -> new ClassLoaderForClassArtifacts(info.classRef.get()));
}
}
diff --git a/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java b/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java
index 4995c58ea2..1fe20f193b 100644
--- a/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java
+++ b/src/main/java/org/codehaus/groovy/reflection/ClassLoaderForClassArtifacts.java
@@ -26,7 +26,6 @@ import org.codehaus.groovy.runtime.callsite.GroovySunClassLoader;
import java.lang.ref.SoftReference;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.concurrent.atomic.AtomicInteger;
@@ -36,10 +35,10 @@ public class ClassLoaderForClassArtifacts extends ClassLoader {
public ClassLoaderForClassArtifacts(Class klazz) {
super(klazz.getClassLoader());
- this.klazz = new SoftReference<Class> (klazz);
+ this.klazz = new SoftReference<>(klazz);
}
- public Class define (String name, byte [] bytes) {
+ public Class define(String name, byte[] bytes) {
Class cls = defineClass(name, bytes, 0, bytes.length, klazz.get().getProtectionDomain());
resolveClass(cls);
return cls;
@@ -49,12 +48,12 @@ public class ClassLoaderForClassArtifacts extends ClassLoader {
public Class loadClass(String name) throws ClassNotFoundException {
Class cls = findLoadedClass(name);
if (cls != null)
- return cls;
+ return cls;
if (GroovySunClassLoader.sunVM != null) {
cls = GroovySunClassLoader.sunVM.doesKnow(name);
if (cls != null)
- return cls;
+ return cls;
}
return super.loadClass(name);
@@ -68,15 +67,15 @@ public class ClassLoaderForClassArtifacts extends ClassLoader {
final String name;
final String clsName = klazz.get().getName();
if (clsName.startsWith("java."))
- name = clsName.replace('.','_') + "$" + methodName;
+ name = clsName.replace('.', '_') + "$" + methodName;
else
name = clsName + "$" + methodName;
int suffix = classNamesCounter.getAndIncrement();
- return suffix == -1? name : name + "$" + suffix;
+ return suffix == -1 ? name : name + "$" + suffix;
}
public Constructor defineClassAndGetConstructor(final String name, final byte[] bytes) {
- final Class cls = AccessController.doPrivileged((PrivilegedAction<Class>) () -> define(name, bytes));
+ final Class cls = definePrivileged(name, bytes);
if (cls != null) {
try {
@@ -86,4 +85,9 @@ public class ClassLoaderForClassArtifacts extends ClassLoader {
}
return null;
}
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private Class definePrivileged(String name, byte[] bytes) {
+ return java.security.AccessController.doPrivileged((PrivilegedAction<Class>) () -> define(name, bytes));
+ }
}
diff --git a/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java b/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java
index 1a89ca8203..1268899c02 100644
--- a/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java
+++ b/src/main/java/org/codehaus/groovy/reflection/ReflectionUtils.java
@@ -28,7 +28,6 @@ import java.lang.invoke.MethodType;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Array;
import java.lang.reflect.Method;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
@@ -206,8 +205,9 @@ public class ReflectionUtils {
return false;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
public static Optional<AccessibleObject> makeAccessibleInPrivilegedAction(final AccessibleObject ao) {
- return AccessController.doPrivileged((PrivilegedAction<Optional<AccessibleObject>>) () -> makeAccessible(ao));
+ return java.security.AccessController.doPrivileged((PrivilegedAction<Optional<AccessibleObject>>) () -> makeAccessible(ao));
}
// to be run in PrivilegedAction!
diff --git a/src/main/java/org/codehaus/groovy/reflection/SunClassLoader.java b/src/main/java/org/codehaus/groovy/reflection/SunClassLoader.java
index 2c78c968f9..ee0a104390 100644
--- a/src/main/java/org/codehaus/groovy/reflection/SunClassLoader.java
+++ b/src/main/java/org/codehaus/groovy/reflection/SunClassLoader.java
@@ -25,8 +25,9 @@ import org.objectweb.asm.MethodVisitor;
import java.io.IOException;
import java.io.InputStream;
-import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
@@ -46,7 +47,7 @@ public class SunClassLoader extends ClassLoader {
static {
SunClassLoader res;
try {
- res = AccessController.doPrivileged((PrivilegedAction<SunClassLoader>) () -> {
+ res = doPrivileged((PrivilegedAction<SunClassLoader>) () -> {
try {
return new SunClassLoader();
} catch (Throwable e) {
@@ -59,6 +60,11 @@ public class SunClassLoader extends ClassLoader {
sunVM = res;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
protected SunClassLoader() throws Throwable {
super(SunClassLoader.class.getClassLoader());
diff --git a/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java b/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java
index 4800461a33..60d545c183 100644
--- a/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java
+++ b/src/main/java/org/codehaus/groovy/reflection/stdclasses/CachedSAMClass.java
@@ -30,7 +30,6 @@ import org.codehaus.groovy.transform.trait.Traits;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Collections;
@@ -103,7 +102,7 @@ public class CachedSAMClass extends CachedClass {
@SuppressWarnings("removal") // TODO a future Groovy version should remove the security check
private static Method[] getDeclaredMethods(final Class c) {
try {
- Method[] methods = AccessController.doPrivileged((PrivilegedAction<Method[]>) c::getDeclaredMethods);
+ Method[] methods = java.security.AccessController.doPrivileged((PrivilegedAction<Method[]>) c::getDeclaredMethods);
if (methods!=null) return methods;
} catch (java.security.AccessControlException ace) {
// swallow and do as if no method is available
diff --git a/src/main/java/org/codehaus/groovy/runtime/DefaultGroovyMethods.java b/src/main/java/org/codehaus/groovy/runtime/DefaultGroovyMethods.java
index e6c47a0ee0..baa6e62639 100644
--- a/src/main/java/org/codehaus/groovy/runtime/DefaultGroovyMethods.java
+++ b/src/main/java/org/codehaus/groovy/runtime/DefaultGroovyMethods.java
@@ -125,7 +125,6 @@ import java.math.BigDecimal;
import java.math.BigInteger;
import java.math.RoundingMode;
import java.net.URL;
-import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
@@ -462,10 +461,7 @@ public class DefaultGroovyMethods extends DefaultGroovyMethodsSupport {
if (groovyObject && field.getName().equals("metaClass")) {
continue;
}
- AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
- ReflectionUtils.trySetAccessible(field);
- return null;
- });
+ trySetAccessible(field);
buffer.append(" ");
buffer.append(field.getName());
buffer.append("=");
@@ -484,6 +480,14 @@ public class DefaultGroovyMethods extends DefaultGroovyMethodsSupport {
return buffer.toString();
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the accessible check not as a privileged action
+ private static void trySetAccessible(final Field field) {
+ java.security.AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
+ ReflectionUtils.trySetAccessible(field);
+ return null;
+ });
+ }
+
/**
* Retrieves the list of {@link groovy.lang.MetaProperty} objects for 'self' and wraps it
* in a list of {@link groovy.lang.PropertyValue} objects that additionally provide
diff --git a/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java b/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java
index 16beccdabd..9e24d1b3d2 100644
--- a/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java
+++ b/src/main/java/org/codehaus/groovy/runtime/ProxyGeneratorAdapter.java
@@ -44,7 +44,6 @@ import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
@@ -288,12 +287,12 @@ public class ProxyGeneratorAdapter extends ClassVisitor {
@SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action
private GroovyClassLoader createClassLoader(ClassLoader parentLoader) {
- return AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader));
+ return java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader));
}
@SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action
private static InnerLoader createInnerLoader(final ClassLoader parent, final Class<?>[] interfaces) {
- return AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(parent, interfaces));
+ return java.security.AccessController.doPrivileged((PrivilegedAction<InnerLoader>) () -> new InnerLoader(parent, interfaces));
}
private InnerLoader findClassLoader(final Class<?> clazz, final Class<?>[] interfaces) {
diff --git a/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java b/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java
index 5fe58fbae8..04c2e0865f 100644
--- a/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java
+++ b/src/main/java/org/codehaus/groovy/runtime/callsite/CallSiteArray.java
@@ -26,11 +26,9 @@ import org.codehaus.groovy.reflection.ClassInfo;
import org.codehaus.groovy.runtime.GroovyCategorySupport;
import org.codehaus.groovy.runtime.InvokerHelper;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.stream.IntStream;
-
public final class CallSiteArray {
public static final Object[] NOPARAM = new Object[0];
public final CallSite[] array;
@@ -60,7 +58,7 @@ public final class CallSiteArray {
}
private static CallSite createCallStaticSite(CallSite callSite, final Class receiver, Object[] args) {
- AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+ doPrivileged((PrivilegedAction<Void>) () -> {
try {
Class.forName(receiver.getName(), true, receiver.getClassLoader());
} catch (Exception e) {
@@ -78,6 +76,11 @@ public final class CallSiteArray {
return site;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static void doPrivileged(PrivilegedAction<Void> action) {
+ java.security.AccessController.doPrivileged(action);
+ }
+
private static CallSite createCallConstructorSite(CallSite callSite, Class receiver, Object[] args) {
MetaClass metaClass = InvokerHelper.getMetaClass(receiver);
CallSite site =
diff --git a/src/main/java/org/codehaus/groovy/runtime/callsite/GroovySunClassLoader.java b/src/main/java/org/codehaus/groovy/runtime/callsite/GroovySunClassLoader.java
index d16dcc97d1..9dc48c4e8c 100644
--- a/src/main/java/org/codehaus/groovy/runtime/callsite/GroovySunClassLoader.java
+++ b/src/main/java/org/codehaus/groovy/runtime/callsite/GroovySunClassLoader.java
@@ -25,7 +25,6 @@ import org.objectweb.asm.ClassWriter;
import java.io.IOException;
import java.io.InputStream;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import static org.codehaus.groovy.control.CompilerConfiguration.ASM_API_VERSION;
@@ -35,7 +34,7 @@ public class GroovySunClassLoader extends SunClassLoader {
public static final SunClassLoader sunVM;
static {
- sunVM = AccessController.doPrivileged((PrivilegedAction<SunClassLoader>) () -> {
+ sunVM = doPrivileged((PrivilegedAction<SunClassLoader>) () -> {
try {
if (SunClassLoader.sunVM != null) {
return new GroovySunClassLoader();
@@ -46,6 +45,11 @@ public class GroovySunClassLoader extends SunClassLoader {
});
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
protected GroovySunClassLoader() throws Throwable {
this(ClassReader.SKIP_CODE);
}
diff --git a/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java b/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java
index 4bffd7237b..2dd9a596ab 100644
--- a/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java
+++ b/src/main/java/org/codehaus/groovy/tools/GroovyStarter.java
@@ -21,7 +21,6 @@ package org.codehaus.groovy.tools;
import java.io.FileInputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
-import java.security.AccessController;
import java.security.PrivilegedAction;
/**
@@ -34,7 +33,6 @@ public class GroovyStarter {
System.exit(1);
}
-
public static void rootLoader(String[] args) {
String conf = System.getProperty("groovy.starter.conf",null);
final LoaderConfiguration lc = new LoaderConfiguration();
@@ -99,7 +97,7 @@ public class GroovyStarter {
}
}
// create loader and execute main class
- ClassLoader loader = AccessController.doPrivileged((PrivilegedAction<RootLoader>) () -> new RootLoader(lc));
+ ClassLoader loader = getLoader(lc);
Method m=null;
try {
Class c = loader.loadClass(lc.getMainClass());
@@ -114,6 +112,11 @@ public class GroovyStarter {
}
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static RootLoader getLoader(LoaderConfiguration lc) {
+ return java.security.AccessController.doPrivileged((PrivilegedAction<RootLoader>) () -> new RootLoader(lc));
+ }
+
private static void exit(Exception e) {
e.printStackTrace();
System.exit(1);
diff --git a/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java b/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java
index c654cdf8e6..c49dc2bc5e 100644
--- a/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java
+++ b/src/main/java/org/codehaus/groovy/tools/javac/JavacJavaCompiler.java
@@ -34,7 +34,6 @@ import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.charset.Charset;
-import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.util.ArrayList;
@@ -189,8 +188,7 @@ public class JavacJavaCompiler implements JavaCompiler {
}
try {
- CodeSource codeSource = AccessController.doPrivileged(
- (PrivilegedAction<CodeSource>) () -> GroovyObject.class.getProtectionDomain().getCodeSource());
+ CodeSource codeSource = getCodeSource();
if (codeSource != null) {
paths.add(new File(codeSource.getLocation().toURI()).getPath());
}
@@ -203,4 +201,10 @@ public class JavacJavaCompiler implements JavaCompiler {
return params;
}
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private CodeSource getCodeSource() {
+ return java.security.AccessController.doPrivileged(
+ (PrivilegedAction<CodeSource>) () -> GroovyObject.class.getProtectionDomain().getCodeSource());
+ }
}
diff --git a/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java b/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java
index e8d46d47bd..da9df41e8a 100644
--- a/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java
+++ b/src/main/java/org/codehaus/groovy/vmplugin/VMPluginFactory.java
@@ -22,7 +22,6 @@ import org.apache.groovy.util.Maps;
import org.codehaus.groovy.runtime.DefaultGroovyMethods;
import java.math.BigDecimal;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.logging.Level;
@@ -55,8 +54,13 @@ public class VMPluginFactory {
return PLUGIN;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
private static VMPlugin createPlugin() {
- return AccessController.doPrivileged((PrivilegedAction<VMPlugin>) () -> {
+ return doPrivileged((PrivilegedAction<VMPlugin>) () -> {
final BigDecimal specVer = new BigDecimal(VMPlugin.getJavaVersion());
ClassLoader loader = VMPluginFactory.class.getClassLoader();
for (Map.Entry<BigDecimal, String> entry : PLUGIN_MAP.entrySet()) {
diff --git a/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java b/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java
index 77f5a6a401..51a6c3538c 100644
--- a/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java
+++ b/src/main/java/org/codehaus/groovy/vmplugin/v8/Java8.java
@@ -66,8 +66,8 @@ import java.lang.reflect.ReflectPermission;
import java.lang.reflect.Type;
import java.lang.reflect.TypeVariable;
import java.lang.reflect.WildcardType;
-import java.security.AccessController;
import java.security.Permission;
+import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
@@ -583,6 +583,7 @@ public class Java8 implements VMPlugin {
* @return the check result
*/
@Override
+ @SuppressWarnings("removal") // TODO a future Groovy version should skip the permission check
public boolean checkCanSetAccessible(final AccessibleObject accessibleObject, final Class<?> callerClass) {
SecurityManager sm = System.getSecurityManager();
try {
@@ -670,7 +671,7 @@ public class Java8 implements VMPlugin {
private Object getInvokeSpecialHandleFallback(final Method method, final Object receiver) {
if (!method.isAccessible()) {
- AccessController.doPrivileged((java.security.PrivilegedAction<Object>) () -> {
+ doPrivilegedInternal((PrivilegedAction<Object>) () -> {
ReflectionUtils.trySetAccessible(method);
return null;
});
@@ -682,6 +683,11 @@ public class Java8 implements VMPlugin {
throw new GroovyBugError(e);
}
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivilegedInternal(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
@Override
public Object invokeHandle(final Object handle, final Object[] args) throws Throwable {
@@ -715,7 +721,7 @@ public class Java8 implements VMPlugin {
try {
if (!lookup.isAccessible()) {
final Constructor<MethodHandles.Lookup> finalReference = lookup;
- AccessController.doPrivileged((java.security.PrivilegedAction<Object>) () -> {
+ doPrivilegedInternal((java.security.PrivilegedAction<Object>) () -> {
ReflectionUtils.trySetAccessible(finalReference);
return null;
});
diff --git a/src/test/groovy/security/SecurityTest.java b/src/test/groovy/security/SecurityTest.java
index cae37ec757..fb7067e901 100644
--- a/src/test/groovy/security/SecurityTest.java
+++ b/src/test/groovy/security/SecurityTest.java
@@ -25,7 +25,6 @@ import org.junit.Ignore;
import java.io.File;
import java.io.IOException;
import java.net.URL;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.PropertyPermission;
@@ -63,7 +62,7 @@ public class SecurityTest extends SecurityTestSupport {
// Use our privileged access in order to prevent checks lower in the call stack. Otherwise we would have
// to grant access to IDE unit test runners and unit test libs. We only care about testing the call stack
// higher upstream from this point of execution.
- AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+ doPrivileged((PrivilegedAction<Void>) () -> {
Security.setProperty("package.access", "javax.print");
return null;
});
@@ -73,6 +72,11 @@ public class SecurityTest extends SecurityTestSupport {
assertExecute(script, "/groovy/security/javax/print/allow", null);
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
public void testBadScriptNameBug() {
assertExecute(new File("src/test/groovy/bugs/BadScriptNameBug.groovy"), null);
}
diff --git a/src/test/groovy/security/SecurityTestSupport.java b/src/test/groovy/security/SecurityTestSupport.java
index be33f9fdd6..ef78c8a260 100644
--- a/src/test/groovy/security/SecurityTestSupport.java
+++ b/src/test/groovy/security/SecurityTestSupport.java
@@ -33,10 +33,7 @@ import org.codehaus.groovy.runtime.InvokerHelper;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
-import java.security.AccessControlException;
-import java.security.AccessController;
import java.security.Permission;
-import java.security.Policy;
import java.security.PrivilegedAction;
import java.util.Enumeration;
@@ -72,9 +69,10 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
return securityDisabled;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should remove this method
public static void resetSecurityPolicy(String policyFileURL) {
System.setProperty("java.security.policy", policyFileURL);
- Policy.getPolicy().refresh();
+ java.security.Policy.getPolicy().refresh();
}
protected class SecurityTestResultPrinter extends ResultPrinter {
@@ -91,11 +89,10 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
}
}
- protected GroovyClassLoader loader =
- AccessController.doPrivileged(
- (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(SecurityTestSupport.class.getClassLoader())
- );
+ protected GroovyClassLoader loader = doPrivileged((PrivilegedAction<GroovyClassLoader>) () ->
+ new GroovyClassLoader(SecurityTestSupport.class.getClassLoader()));
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager
private SecurityManager securityManager;
private ClassLoader currentClassLoader;
@@ -124,6 +121,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
//test case: a.groovy depends on b.groovy; a.groovy is parsed (and in the process the gcl
//loads b.groovy via findClass). Note that b.groovy is only available in the groovy class loader.
//See
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager
protected void setUp() {
if (checkSecurity()) {
securityManager = System.getSecurityManager();
@@ -132,7 +130,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
}
}
currentClassLoader = Thread.currentThread().getContextClassLoader();
- AccessController.doPrivileged((PrivilegedAction) () -> {
+ doPrivileged((PrivilegedAction) () -> {
Thread.currentThread().setUncaughtExceptionHandler(new Thread.UncaughtExceptionHandler() {
@Override
public void uncaughtException(Thread t, Throwable e) {
@@ -144,14 +142,20 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
});
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager
protected void tearDown() {
- AccessController.doPrivileged((PrivilegedAction) () -> {
+ doPrivileged((PrivilegedAction) () -> {
System.setSecurityManager(securityManager);
Thread.currentThread().setContextClassLoader(currentClassLoader);
return null;
});
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
protected synchronized String generateClassName() {
return "testSecurity" + (++counter);
}
@@ -205,6 +209,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
}
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove AccessControlException
protected void executeTest(Class test, Permission missingPermission) {
TestSuite suite = new TestSuite();
suite.addTestSuite(test);
@@ -225,8 +230,8 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
boolean otherFailure = false;
for (Enumeration e = result.errors(); e.hasMoreElements();) {
TestFailure failure = (TestFailure) e.nextElement();
- if (failure.thrownException() instanceof AccessControlException) {
- AccessControlException ace = (AccessControlException) failure.thrownException();
+ if (failure.thrownException() instanceof java.security.AccessControlException) {
+ java.security.AccessControlException ace = (java.security.AccessControlException) failure.thrownException();
if (missingPermission.implies(ace.getPermission())) {
continue;
}
@@ -242,12 +247,13 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
}
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove AccessControlException
protected void executeScript(Class scriptClass, Permission missingPermission) {
try {
Script script = InvokerHelper.createScript(scriptClass, new Binding());
script.run();
//InvokerHelper.runScript(scriptClass, null);
- } catch (AccessControlException ace) {
+ } catch (java.security.AccessControlException ace) {
if (missingPermission != null && missingPermission.implies(ace.getPermission())) {
return;
} else {
@@ -271,7 +277,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
// Use our privileged access in order to prevent checks lower in the call stack. Otherwise we would have
// to grant access to IDE unit test runners and unit test libs. We only care about testing the call stack
// higher upstream from this point of execution.
- AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+ doPrivileged((PrivilegedAction<Void>) () -> {
GroovyCodeSource gcs = null;
try {
gcs = new GroovyCodeSource(file);
@@ -296,7 +302,7 @@ public abstract class SecurityTestSupport extends GroovyTestCase {
// Use our privileged access in order to prevent checks lower in the call stack. Otherwise we would have
// to grant access to IDE unit test runners and unit test libs. We only care about testing the call stack
// higher upstream from this point of execution.
- AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+ doPrivileged((PrivilegedAction<Void>) () -> {
parseAndExecute(new GroovyCodeSource(scriptStr, generateClassName(), effectiveCodeBase), missingPermission);
return null;
});
diff --git a/src/test/org/codehaus/groovy/reflection/SecurityTest.java b/src/test/org/codehaus/groovy/reflection/SecurityTest.java
index 2020420c36..3d42d0f78b 100644
--- a/src/test/org/codehaus/groovy/reflection/SecurityTest.java
+++ b/src/test/org/codehaus/groovy/reflection/SecurityTest.java
@@ -27,7 +27,6 @@ import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.lang.reflect.ReflectPermission;
import java.nio.ByteBuffer;
-import java.security.AccessControlException;
import java.security.Permission;
import java.security.Permissions;
import java.security.ProtectionDomain;
@@ -77,11 +76,13 @@ public class SecurityTest extends GroovyTestCase {
return methodCalled;
}
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager
SecurityManager restrictiveSecurityManager;
CachedMethod cachedMethodUnderTest;
CachedField cachedFieldUnderTest;
Permissions forbidden;
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager & AccessControlException
public void setUp() {
// Forbidding suppressAccessChecks in the test will make the internal implementation of some JDK fail,
// so load vm plugin before security manager is installed:
@@ -106,11 +107,12 @@ public class SecurityTest extends GroovyTestCase {
@Override
public void checkPermission(Permission perm) {
if (forbidden.implies(perm))
- throw new AccessControlException(perm.getName());
+ throw new java.security.AccessControlException(perm.getName());
}
};
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void tearDown(){
System.setSecurityManager(null);
}
@@ -137,6 +139,7 @@ public class SecurityTest extends GroovyTestCase {
return new CachedField(field);
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testInvokesPublicMethodsWithoutChecks() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedMethodUnderTest = createCachedMethod("publicMethod");
@@ -144,6 +147,7 @@ public class SecurityTest extends GroovyTestCase {
assertTrue(invokesCachedMethod());
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testReturnsAccesiblePublicMethodsWithoutChecks() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedMethodUnderTest = createCachedMethod("publicMethod");
@@ -152,6 +156,7 @@ public class SecurityTest extends GroovyTestCase {
assertEquals("publicMethod", cachedMethodUnderTest.getName());
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testAccessesPublicFieldsWithoutChecks() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedFieldUnderTest = createCachedField("publicField");
@@ -166,6 +171,7 @@ public class SecurityTest extends GroovyTestCase {
assertTrue(invokesCachedMethod());
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testAccessesPrivateFieldsWithoutSecurityManager() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedFieldUnderTest = createCachedField("privateField");
@@ -175,6 +181,7 @@ public class SecurityTest extends GroovyTestCase {
assertEquals("value", cachedFieldUnderTest.getProperty(object));
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testReturnsAccesiblePrivateMethodsWithoutSecurityManager() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedMethodUnderTest = createCachedMethod("privateMethod");
@@ -183,6 +190,7 @@ public class SecurityTest extends GroovyTestCase {
assertEquals("privateMethod", cachedMethodUnderTest.getName());
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testChecksReflectPermissionForInvokeOnPrivateMethods() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedMethodUnderTest = createCachedMethod("privateMethod");
@@ -196,6 +204,7 @@ public class SecurityTest extends GroovyTestCase {
}
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testChecksReflectPermissionForFieldAccessOnPrivateFields() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedFieldUnderTest = createCachedField("privateField");
@@ -216,6 +225,7 @@ public class SecurityTest extends GroovyTestCase {
}
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testChecksReflectPermissionForMethodAccessOnPrivateMethods() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedMethodUnderTest = createCachedMethod("privateMethod");
@@ -235,6 +245,7 @@ public class SecurityTest extends GroovyTestCase {
}
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testInvokesPackagePrivateMethodsWithoutChecksInNonRestrictedPackages() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedMethodUnderTest = createCachedMethod("packagePrivateMethod");
@@ -242,6 +253,7 @@ public class SecurityTest extends GroovyTestCase {
assertTrue(invokesCachedMethod());
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK9+
public void testChecksReflectPermissionForInvokeOnPackagePrivateMethodsInRestrictedJavaPackages() throws Exception {
// FIX_JDK9 remove this exemption for JDK9
if (isAtLeastJdk("9.0")) return;
@@ -257,6 +269,7 @@ public class SecurityTest extends GroovyTestCase {
}
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testInvokesProtectedMethodsWithoutChecks() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedMethodUnderTest = createCachedMethod("protectedMethod");
@@ -265,6 +278,7 @@ public class SecurityTest extends GroovyTestCase {
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK16+
public void testChecksCreateClassLoaderPermissionForClassLoaderProtectedMethodAccess() throws Exception {
// Illegal access to java.lang.ClassLoader.defineClass(java.lang.String,java.nio.ByteBuffer,java.security.ProtectionDomain)
if (isAtLeastJdk("16.0")) return;
@@ -285,6 +299,7 @@ public class SecurityTest extends GroovyTestCase {
}
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testInvokesPrivateMethodsInGroovyObjectsWithoutChecks() throws Exception {
if (isAtLeastJdk("18.0")) return;
cachedMethodUnderTest = createCachedMethod(TestGroovyClass.class, "privateMethod");
@@ -294,6 +309,7 @@ public class SecurityTest extends GroovyTestCase {
assertTrue(object.isMethodCalled());
}
+ @SuppressWarnings("removal") // TODO in a future Groovy version remove reference to SecurityManager, for now not run for JDK18+
public void testAccessesPrivateFieldsInGroovyObjectsWithoutChecks() throws Exception {
if (isAtLeastJdk("18.0")) return;
Field field = TestGroovyClass.class.getDeclaredField("privateField");
diff --git a/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java b/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java
index 0f60cca183..86fbb1fbce 100644
--- a/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java
+++ b/src/testFixtures/groovy/org/codehaus/groovy/classgen/TestSupport.java
@@ -44,7 +44,6 @@ import java.io.File;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
-import java.security.AccessController;
import java.security.PrivilegedAction;
/**
@@ -57,9 +56,15 @@ public class TestSupport extends GroovyTestCase implements Opcodes {
final ClassLoader parentLoader = getClass().getClassLoader();
protected final GroovyClassLoader loader =
- AccessController.doPrivileged(
- (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader)
- );
+ createClassLoader();
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private GroovyClassLoader createClassLoader() {
+ return java.security.AccessController.doPrivileged(
+ (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader)
+ );
+ }
+
final CompileUnit unit = new CompileUnit(loader, new CompilerConfiguration());
final ModuleNode module = new ModuleNode(unit);
@@ -137,14 +142,19 @@ public class TestSupport extends GroovyTestCase implements Opcodes {
protected void assertScript(final String text, final String scriptName) throws Exception {
log.info("About to execute script");
log.info(text);
- GroovyCodeSource gcs = AccessController.doPrivileged(
- (PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, scriptName, "/groovy/testSupport")
- );
+ GroovyCodeSource gcs = getCodeSource(text, scriptName);
Class<?> groovyClass = loader.parseClass(gcs);
Script script = InvokerHelper.createScript(groovyClass, new Binding());
script.run();
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private GroovyCodeSource getCodeSource(String text, String scriptName) {
+ return java.security.AccessController.doPrivileged(
+ (PrivilegedAction<GroovyCodeSource>) () -> new GroovyCodeSource(text, scriptName, "/groovy/testSupport")
+ );
+ }
+
protected void assertScriptFile(String fileName) throws Exception {
log.info("About to execute script: " + fileName);
Class<?> groovyClass = loader.parseClass(new GroovyCodeSource(new File(fileName)));
diff --git a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java
index 56ba6949f2..f88d4b7c36 100644
--- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java
+++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/CompileTaskSupport.java
@@ -30,7 +30,6 @@ import org.codehaus.groovy.tools.ErrorReporter;
import java.io.File;
import java.io.PrintWriter;
import java.io.Writer;
-import java.security.AccessController;
import java.security.PrivilegedAction;
/**
@@ -135,9 +134,9 @@ public abstract class CompileTaskSupport
}
protected GroovyClassLoader createClassLoader() {
- GroovyClassLoader gcl =
- AccessController.doPrivileged(
- (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(ClassLoader.getSystemClassLoader(), config));
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ GroovyClassLoader gcl = java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () ->
+ new GroovyClassLoader(ClassLoader.getSystemClassLoader(), config));
Path path = getClasspath();
if (path != null) {
diff --git a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java
index c44e2bfc87..60cdb9a0ad 100644
--- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java
+++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovy.java
@@ -62,7 +62,6 @@ import java.io.Reader;
import java.io.Writer;
import java.lang.reflect.Field;
import java.nio.charset.Charset;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.List;
import java.util.Vector;
@@ -562,9 +561,9 @@ public class Groovy extends Java {
}
final String scriptName = computeScriptName();
- final GroovyClassLoader classLoader =
- AccessController.doPrivileged(
- (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(baseClassLoader));
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ final GroovyClassLoader classLoader = java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () ->
+ new GroovyClassLoader(baseClassLoader));
addClassPathes(classLoader);
configureCompiler();
final GroovyShell groovy = new GroovyShell(classLoader, new Binding(), configuration);
diff --git a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java
index 64dc16fa8c..3fcdbaf55c 100644
--- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java
+++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/Groovyc.java
@@ -53,7 +53,6 @@ import java.io.Writer;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
@@ -1443,8 +1442,10 @@ public class Groovyc extends MatchingTask {
}
}
- GroovyClassLoader groovyLoader = AccessController.doPrivileged(
- (PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(loader, configuration));
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ GroovyClassLoader groovyLoader = java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () ->
+ new GroovyClassLoader(loader, configuration));
+
if (!forceLookupUnnamedFiles) {
// in normal case we don't need to do script lookups
groovyLoader.setResourceLoader(filename -> null);
diff --git a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java
index a8d96b0c7a..933cdabbd6 100644
--- a/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java
+++ b/subprojects/groovy-ant/src/main/java/org/codehaus/groovy/ant/RootLoaderRef.java
@@ -27,7 +27,6 @@ import org.apache.tools.ant.types.Reference;
import org.codehaus.groovy.tools.LoaderConfiguration;
import org.codehaus.groovy.tools.RootLoader;
-import java.security.AccessController;
import java.security.PrivilegedAction;
/**
@@ -88,7 +87,11 @@ public class RootLoaderRef extends MatchingTask {
}
lc.addFile(s);
}
- AntClassLoader loader = AccessController.doPrivileged((PrivilegedAction<AntClassLoader>) () -> new AntClassLoader(new RootLoader(lc), true));
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ AntClassLoader loader = java.security.AccessController.doPrivileged((PrivilegedAction<AntClassLoader>) () ->
+ new AntClassLoader(new RootLoader(lc), true));
+
project.addReference(name, loader);
}
diff --git a/subprojects/groovy-console/src/main/groovy/groovy/console/ui/Console.groovy b/subprojects/groovy-console/src/main/groovy/groovy/console/ui/Console.groovy
index 1cdfd464d5..bc1b9a66f9 100644
--- a/subprojects/groovy-console/src/main/groovy/groovy/console/ui/Console.groovy
+++ b/subprojects/groovy-console/src/main/groovy/groovy/console/ui/Console.groovy
@@ -60,7 +60,6 @@ import org.codehaus.groovy.vmplugin.VMPluginFactory
import javax.swing.Action
import javax.swing.Icon
-import javax.swing.JApplet
import javax.swing.JFileChooser
import javax.swing.JFrame
import javax.swing.JLabel
@@ -99,6 +98,7 @@ import java.awt.event.FocusEvent
import java.awt.event.FocusListener
import java.util.logging.Logger
import java.util.prefs.Preferences
+
/**
* Groovy Swing console.
*
@@ -416,7 +416,8 @@ class Console implements CaretListener, HyperlinkListener, ComponentListener, Fo
}
@Deprecated
- void run(JApplet applet) {
+ @SuppressWarnings("removal") // TODO a future Groovy version will remove this method
+ void run(javax.swing.JApplet applet) {
run([
rootContainerDelegate: {
containingWindows += SwingUtilities.getRoot(applet.getParent())
diff --git a/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java b/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java
index 540a155435..3b7c782e94 100644
--- a/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java
+++ b/subprojects/groovy-jsr223/src/main/java/org/codehaus/groovy/jsr223/GroovyScriptEngineImpl.java
@@ -79,7 +79,6 @@ import java.io.Reader;
import java.io.Writer;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
-import java.security.AccessController;
import java.security.PrivilegedAction;
/**
@@ -109,12 +108,17 @@ public class GroovyScriptEngineImpl extends AbstractScriptEngine implements Comp
}
public GroovyScriptEngineImpl() {
- this(AccessController.doPrivileged(new PrivilegedAction<GroovyClassLoader>() {
+ this(createClassLoader());
+ }
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static GroovyClassLoader createClassLoader() {
+ return java.security.AccessController.doPrivileged(new PrivilegedAction<GroovyClassLoader>() {
@Override
public GroovyClassLoader run() {
return new GroovyClassLoader(getParentLoader(), new CompilerConfiguration(CompilerConfiguration.DEFAULT));
}
- }));
+ });
}
public GroovyScriptEngineImpl(GroovyClassLoader classLoader) {
diff --git a/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java b/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java
index 5551f70d23..497047f723 100644
--- a/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java
+++ b/subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java
@@ -30,8 +30,6 @@ import org.codehaus.groovy.runtime.InvokerHelper;
import javax.sql.DataSource;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.sql.CallableStatement;
import java.sql.Connection;
@@ -271,8 +269,8 @@ public class Sql implements AutoCloseable {
private boolean withinBatch;
- private final Map<String, Statement> statementCache = new HashMap<String, Statement>();
- private final Map<String, String> namedParamSqlCache = new HashMap<String, String>();
+ private final Map<String, Statement> statementCache = new HashMap<>();
+ private final Map<String, String> namedParamSqlCache = new HashMap<>();
private final Map<String, List<Tuple<?>>> namedParamIndexPropCache = new HashMap<>();
private List<String> keyColumnNames;
@@ -4300,22 +4298,7 @@ public class Sql implements AutoCloseable {
if (dataSource != null) {
// Use a doPrivileged here as many different properties need to be
// read, and the policy shouldn't have to list them all.
- Connection con;
- try {
- con = AccessController.doPrivileged(new PrivilegedExceptionAction<Connection>() {
- @Override
- public Connection run() throws SQLException {
- return dataSource.getConnection();
- }
- });
- } catch (PrivilegedActionException pae) {
- Exception e = pae.getException();
- if (e instanceof SQLException) {
- throw (SQLException) e;
- } else {
- throw (RuntimeException) e;
- }
- }
+ Connection con = createConnection(dataSource);
if (cacheStatements || cacheConnection) {
useConnection = con;
}
@@ -4324,6 +4307,27 @@ public class Sql implements AutoCloseable {
return useConnection;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private Connection createConnection(DataSource dataSource) throws SQLException {
+ Connection con;
+ try {
+ con = java.security.AccessController.doPrivileged(new PrivilegedExceptionAction<Connection>() {
+ @Override
+ public Connection run() throws SQLException {
+ return dataSource.getConnection();
+ }
+ });
+ } catch (java.security.PrivilegedActionException pae) {
+ Exception e = pae.getException();
+ if (e instanceof SQLException) {
+ throw (SQLException) e;
+ } else {
+ throw (RuntimeException) e;
+ }
+ }
+ return con;
+ }
+
/**
* An extension point allowing derived classes to change the behavior
* of resource closing.
diff --git a/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java b/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java
index 44b6905480..6cbb268339 100644
--- a/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java
+++ b/subprojects/groovy-swing/src/main/java/org/apache/groovy/swing/binding/ClosureTriggerBinding.java
@@ -53,7 +53,7 @@ public class ClosureTriggerBinding implements TriggerBinding, SourceBinding {
BindPath bp = new BindPath();
bp.propertyName = propertyName;
bp.updateLocalSyntheticProperties(syntheticBindings);
- List<BindPath> childPaths = new ArrayList<BindPath>();
+ List<BindPath> childPaths = new ArrayList<>();
for (Map.Entry<String, BindPathSnooper> entry : snooper.fields.entrySet()) {
childPaths.add(createBindPath(entry.getKey(), entry.getValue()));
}
@@ -72,7 +72,7 @@ public class ClosureTriggerBinding implements TriggerBinding, SourceBinding {
final Class closureClass = closure.getClass();
// do in privileged block since we may be looking at private stuff
- Closure closureLocalCopy = java.security.AccessController.doPrivileged(new PrivilegedAction<Closure>() {
+ Closure closureLocalCopy = doPrivileged(new PrivilegedAction<Closure>() {
@Override
public Closure run() {
// assume closures have only 1 constructor, of the form (Object, Reference*)
@@ -118,7 +118,7 @@ public class ClosureTriggerBinding implements TriggerBinding, SourceBinding {
e.printStackTrace(System.out);
throw new RuntimeException("A closure expression binding could not be created because of " + e.getClass().getName() + ":\n\t" + e.getMessage());
}
- List<BindPath> rootPaths = new ArrayList<BindPath>();
+ List<BindPath> rootPaths = new ArrayList<>();
for (Map.Entry<String, BindPathSnooper> entry : delegate.fields.entrySet()) {
BindPath bp =createBindPath(entry.getKey(), entry.getValue());
bp.currentObject = closure;
@@ -131,6 +131,12 @@ public class ClosureTriggerBinding implements TriggerBinding, SourceBinding {
return fb;
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
+
// TODO when JDK9+ is minimum, use canAccess and remove suppression
@SuppressWarnings("deprecation")
private boolean isAccessible(AccessibleObject accessibleObject) {
@@ -159,7 +165,7 @@ class DeadEndObject {
class BindPathSnooper extends GroovyObjectSupport {
static final DeadEndObject DEAD_END = new DeadEndObject();
- Map<String, BindPathSnooper> fields = new LinkedHashMap<String, BindPathSnooper>();
+ Map<String, BindPathSnooper> fields = new LinkedHashMap<>();
@Override
public Object getProperty(String property) {
diff --git a/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java b/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java
index 5ec22b7112..30bb330293 100644
--- a/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java
+++ b/subprojects/groovy-templates/src/main/groovy/groovy/text/GStringTemplateEngine.java
@@ -31,7 +31,6 @@ import org.codehaus.groovy.control.CompilationFailedException;
import java.io.IOException;
import java.io.Reader;
import java.lang.reflect.InvocationTargetException;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
@@ -216,7 +215,7 @@ public class GStringTemplateEngine extends TemplateEngine {
@SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action
private GroovyClassLoader createClassLoader(ClassLoader parentLoader) {
- return AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader));
+ return java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader));
}
private static void appendCharacter(final char c,
diff --git a/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java b/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java
index 65907d3003..326fc783a5 100644
--- a/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java
+++ b/subprojects/groovy-templates/src/main/groovy/groovy/text/StreamingTemplateEngine.java
@@ -38,7 +38,6 @@ import java.io.LineNumberReader;
import java.io.Reader;
import java.io.StringReader;
import java.lang.reflect.InvocationTargetException;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
@@ -621,7 +620,7 @@ public class StreamingTemplateEngine extends TemplateEngine {
@SuppressWarnings("removal") // TODO a future Groovy version should create the loader not as a privileged action
private GroovyClassLoader createClassLoader(ClassLoader parentLoader) {
- return AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader));
+ return java.security.AccessController.doPrivileged((PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(parentLoader));
}
/**
diff --git a/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java b/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java
index abbbd0eed8..a8d40d2445 100644
--- a/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java
+++ b/subprojects/groovy-templates/src/main/groovy/groovy/text/markup/MarkupTemplateEngine.java
@@ -43,7 +43,6 @@ import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.LinkedHashMap;
@@ -70,7 +69,7 @@ public class MarkupTemplateEngine extends TemplateEngine {
private final TemplateGroovyClassLoader groovyClassLoader;
private final CompilerConfiguration compilerConfiguration;
private final TemplateConfiguration templateConfiguration;
- private final Map<String, GroovyCodeSource> codeSourceCache = new LinkedHashMap<String, GroovyCodeSource>();
+ private final Map<String, GroovyCodeSource> codeSourceCache = new LinkedHashMap<>();
private final TemplateResolver templateResolver;
public MarkupTemplateEngine() {
@@ -101,7 +100,7 @@ public class MarkupTemplateEngine extends TemplateEngine {
}
);
}
- groovyClassLoader = AccessController.doPrivileged((PrivilegedAction<TemplateGroovyClassLoader>) () -> new TemplateGroovyClassLoader(parentLoader, compilerConfiguration));
+ groovyClassLoader = doPrivileged((PrivilegedAction<TemplateGroovyClassLoader>) () -> new TemplateGroovyClassLoader(parentLoader, compilerConfiguration));
if (DEBUG_BYTECODE) {
compilerConfiguration.setBytecodePostprocessor(BytecodeDumper.STANDARD_ERR);
}
@@ -116,7 +115,7 @@ public class MarkupTemplateEngine extends TemplateEngine {
* @param tplConfig template engine configuration
*/
public MarkupTemplateEngine(final ClassLoader parentLoader, final File templateDirectory, TemplateConfiguration tplConfig) {
- this(AccessController.doPrivileged(
+ this(doPrivileged(
new PrivilegedAction<URLClassLoader>() {
@Override
public URLClassLoader run() {
@@ -127,6 +126,11 @@ public class MarkupTemplateEngine extends TemplateEngine {
null);
}
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
+ private static <T> T doPrivileged(PrivilegedAction<T> action) {
+ return java.security.AccessController.doPrivileged(action);
+ }
+
private static URL[] buildURLs(final File templateDirectory) {
try {
return new URL[]{templateDirectory.toURI().toURL()};
diff --git a/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java b/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java
index 757be72844..46e31b2a43 100644
--- a/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java
+++ b/subprojects/groovy-test/src/main/java/groovy/test/AllTestSuite.java
@@ -29,7 +29,6 @@ import org.apache.groovy.test.ScriptTestAdapter;
import java.io.File;
import java.io.IOException;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.List;
import java.util.logging.Logger;
@@ -77,8 +76,10 @@ public class AllTestSuite extends TestSuite {
private static final Logger LOG = Logger.getLogger(AllTestSuite.class.getName());
private static final ClassLoader JAVA_LOADER = AllTestSuite.class.getClassLoader();
+
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
private static final GroovyClassLoader GROOVY_LOADER =
- AccessController.doPrivileged(
+ java.security.AccessController.doPrivileged(
(PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(JAVA_LOADER)
);
diff --git a/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java b/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java
index eb1553e733..bbdf057aa6 100644
--- a/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java
+++ b/subprojects/groovy-test/src/main/java/groovy/test/GroovyTestSuite.java
@@ -27,10 +27,8 @@ import junit.textui.TestRunner;
import org.apache.groovy.test.ScriptTestAdapter;
import java.io.File;
-import java.security.AccessController;
import java.security.PrivilegedAction;
-
/**
* A TestSuite which will run a Groovy unit test case inside any Java IDE
* either as a unit test case or as an application.
@@ -51,8 +49,9 @@ public class GroovyTestSuite extends TestSuite {
protected static String file = null;
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
protected final GroovyClassLoader loader =
- AccessController.doPrivileged(
+ java.security.AccessController.doPrivileged(
(PrivilegedAction<GroovyClassLoader>) () -> new GroovyClassLoader(GroovyTestSuite.class.getClassLoader())
);
diff --git a/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java b/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java
index a6d57c7c60..b49789d74a 100644
--- a/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java
+++ b/subprojects/groovy-xml/src/main/java/groovy/xml/FactorySupport.java
@@ -21,27 +21,24 @@ package groovy.xml;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
/**
* Support class for creating XML Factories
*/
public class FactorySupport {
+ @SuppressWarnings("removal") // TODO a future Groovy version should perform the operation not as a privileged action
static Object createFactory(PrivilegedExceptionAction action) throws ParserConfigurationException {
- Object factory;
try {
- factory = AccessController.doPrivileged(action);
- } catch (PrivilegedActionException pae) {
+ return java.security.AccessController.doPrivileged(action);
+ } catch (java.security.PrivilegedActionException pae) {
Exception e = pae.getException();
if (e instanceof ParserConfigurationException) {
- throw(ParserConfigurationException) e;
+ throw (ParserConfigurationException) e;
} else {
throw new RuntimeException(e);
}
}
- return factory;
}
public static DocumentBuilderFactory createDocumentBuilderFactory() throws ParserConfigurationException {