JDK-8193709 : Remove pre-1.2 SecurityManager text from java.awt.Toolkit
  • Type: CSR
  • Component: client-libs
  • Sub-Component: java.awt
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 10
  • Submitted: 2017-12-18
  • Updated: 2017-12-21
  • Resolved: 2017-12-21
Related Reports
CSR :  
JDK-8193435 - Remove pre-1.2 SecurityManager text from java.awt.Toolkit
Description
Summary
-------

Remove pre-JDK 1.2 SecurityManager text and and related code from java.awt.Toolkit class

Problem
-------

Support for pre-JDK 1.2 SecurityManager was removed under JDK-8189750. So it is necessary to update classes in java.desktop module accordingly.

Solution
--------

It is necessary to update description of java.awt.Toolkit.getImage(URL u) and java.awt.Toolkit.createImage(URL u) to get rid of ���pre JDK 1.2 SecurityManager��� text. Also the corresponding fallback code should be removed from SunToolkit.checkPermission(URL u) and from the constructor of URLImageSource.

Specification
-------------

Changing API spec of java.awt.Toolkit.getImage(URL url)

from:

     * then {@code URLPermission} is used for security checks.
     * For compatibility with pre-1.2 security managers, if the access
     * is denied with {@code FilePermission} or {@code SocketPermission},
     * the method throws the {@code SecurityException}
     * if the corresponding 1.1-style SecurityManager.checkXXX method
     * also denies permission.
     * @param     url   the URL to use in fetching the pixel data.

to:

     * then {@code URLPermission} is used for security checks.
     * @param     url   the URL to use in fetching the pixel data.

Changing API spec of java.awt.Toolkit.createImage(URL url)

from:

     * then {@code URLPermission} is used for security checks.
     * For compatibility with pre-1.2 security managers, if the access
     * is denied with {@code FilePermission} or {@code SocketPermission},
     * the method throws the {@code SecurityException}
     * if the corresponding 1.1-style SecurityManager.checkXXX method
     * also denies permission.
     * @param     url   the URL to use in fetching the pixel data.

to:

     * then {@code URLPermission} is used for security checks.
     * @param     url   the URL to use in fetching the pixel data.
Comments
Moving to approved. In my estimation, this is a good change to get into JDK 10 post-ramp down 1.
21-12-2017
Moving to approved.
21-12-2017
Moving this to Finalized since the proposed fix was approved on awt-dev, see http://mail.openjdk.java.net/pipermail/awt-dev/2017-December/013464.html
19-12-2017