diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 231d888c17c0..1e5be8f66843 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -229,7 +229,7 @@ jobs:
java: [ 17 ]
include:
- os: ubuntu-latest
- java: 23
+ java: 24-ea
fail-fast: false
steps:
@@ -260,6 +260,7 @@ jobs:
run: tar --zstd -xf build.tar.zst
- name: platform/masterfs
+ if: ${{ matrix.java == '17' }}
run: .github/retry.sh ant $OPTS -f platform/masterfs test
- name: Commit Validation tests
@@ -836,7 +837,7 @@ jobs:
timeout-minutes: 50
strategy:
matrix:
- java: [ '17', '21', '23' ]
+ java: [ '17', '21', '24-ea' ]
exclude:
- java: ${{ github.event_name == 'pull_request' && 'nothing' || '21' }}
fail-fast: false
@@ -1443,10 +1444,10 @@ jobs:
timeout-minutes: 60
strategy:
matrix:
- java: [ '17', '23' ]
+ java: [ '17', '24-ea' ]
config: [ 'batch1', 'batch2' ]
exclude:
- - java: ${{ github.event_name == 'pull_request' && 'nothing' || '23' }}
+ - java: ${{ github.event_name == 'pull_request' && 'nothing' || '24-ea' }}
fail-fast: false
steps:
@@ -1496,7 +1497,7 @@ jobs:
timeout-minutes: 60
strategy:
matrix:
- java: [ '17', '21', '23' ]
+ java: [ '17', '21', '24-ea' ]
exclude:
- java: ${{ github.event_name == 'pull_request' && 'nothing' || '21' }}
fail-fast: false
diff --git a/nb/ide.launcher/netbeans.conf b/nb/ide.launcher/netbeans.conf
index 11c80906ee98..c25759510b10 100644
--- a/nb/ide.launcher/netbeans.conf
+++ b/nb/ide.launcher/netbeans.conf
@@ -56,7 +56,7 @@ netbeans_default_cachedir="${DEFAULT_CACHEDIR_ROOT}/@@metabuild.RawVersion@@"
# The automatically selected value can be overridden by specifying -J-Xmx
# here or on the command line.
#
-netbeans_default_options="-J-XX:+UseStringDeduplication -J-Xss2m @@metabuild.logcli@@ -J-Dapple.laf.useScreenMenuBar=true -J-Dapple.awt.application.appearance=system -J-Dsun.java2d.noddraw=true -J-Dsun.java2d.dpiaware=true -J-Dplugin.manager.check.updates=false -J-Dnetbeans.extbrowser.manual_chrome_plugin_install=yes @@metabuild.jms-flags@@ -J-XX:+IgnoreUnrecognizedVMOptions"
+netbeans_default_options="-J-XX:+UseStringDeduplication -J-Xss2m @@metabuild.logcli@@ -J-Djava.lang.Runtime.level=FINE -J-Dapple.laf.useScreenMenuBar=true -J-Dapple.awt.application.appearance=system -J-Dsun.java2d.noddraw=true -J-Dsun.java2d.dpiaware=true -J-Dplugin.manager.check.updates=false -J-Dnetbeans.extbrowser.manual_chrome_plugin_install=yes @@metabuild.jms-flags@@ -J-XX:+IgnoreUnrecognizedVMOptions"
# Default location of JDK:
# (set by installer or commented out if launcher should decide)
diff --git a/nbbuild/jdk.xml b/nbbuild/jdk.xml
index 3109e3f032b4..298b1636a257 100644
--- a/nbbuild/jdk.xml
+++ b/nbbuild/jdk.xml
@@ -107,17 +107,6 @@
-
-
-
-
-
-
-
-
-
-
-
@@ -229,17 +218,6 @@
-
-
-
-
-
-
-
-
-
-
-
diff --git a/nbbuild/templates/common.xml b/nbbuild/templates/common.xml
index 1b14cdd5f7e0..2cfef20611a1 100644
--- a/nbbuild/templates/common.xml
+++ b/nbbuild/templates/common.xml
@@ -765,7 +765,6 @@
-
@@ -797,7 +796,6 @@
-
@@ -871,7 +869,6 @@
-
@@ -901,7 +898,6 @@
-
@@ -931,7 +927,6 @@
-
@@ -975,7 +970,6 @@
-
@@ -1011,7 +1005,6 @@
-
@@ -1049,7 +1042,6 @@
-
@@ -1111,7 +1103,6 @@
-
@@ -1143,7 +1134,6 @@
-
@@ -1165,7 +1155,6 @@
-
@@ -1187,7 +1176,6 @@
-
@@ -1270,7 +1258,6 @@
-
diff --git a/platform/core.execution/src/org/netbeans/core/execution/Install.java b/platform/core.execution/src/org/netbeans/core/execution/Install.java
index f977bb0b8f5c..e8e04a9974f4 100644
--- a/platform/core.execution/src/org/netbeans/core/execution/Install.java
+++ b/platform/core.execution/src/org/netbeans/core/execution/Install.java
@@ -29,7 +29,6 @@
import java.awt.event.ActionListener;
import java.awt.event.WindowAdapter;
import java.awt.event.WindowEvent;
-import java.beans.Introspector;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.util.ArrayList;
@@ -50,7 +49,6 @@
import javax.swing.event.ListDataEvent;
import javax.swing.event.ListDataListener;
import javax.swing.text.DefaultEditorKit;
-import org.netbeans.TopSecurityManager;
import org.netbeans.core.ModuleActions;
import org.netbeans.modules.progress.spi.Controller;
import org.netbeans.modules.progress.spi.InternalHandle;
@@ -88,7 +86,7 @@ public class Install implements Runnable {
private static final Logger LOG = Logger.getLogger(Install.class.getName());
public @Override void run() {
- TopSecurityManager.register(SecMan.DEFAULT);
+// TopSecurityManager.register(SecMan.DEFAULT);
}
@OnStop
@@ -97,7 +95,7 @@ public static final class Down implements Runnable {
public @Override void run() {
showPendingTasks();
- TopSecurityManager.unregister(SecMan.DEFAULT);
+// TopSecurityManager.unregister(SecMan.DEFAULT);
}
}
diff --git a/platform/core.startup/src/org/netbeans/core/startup/ModuleLifecycleManager.java b/platform/core.startup/src/org/netbeans/core/startup/ModuleLifecycleManager.java
index e30cfdcc4698..bd862c66a870 100644
--- a/platform/core.startup/src/org/netbeans/core/startup/ModuleLifecycleManager.java
+++ b/platform/core.startup/src/org/netbeans/core/startup/ModuleLifecycleManager.java
@@ -38,13 +38,6 @@
@ServiceProvider(service=LifecycleManager.class)
public class ModuleLifecycleManager extends LifecycleManager {
public ModuleLifecycleManager() {
- Runtime.getRuntime().addShutdownHook(new Thread("close modules") { // NOI18N
- public @Override void run() {
- if (System.getSecurityManager() instanceof TopSecurityManager) {
- LifecycleManager.getDefault().exit();
- }
- }
- });
}
public void saveAll() {
diff --git a/platform/core.startup/src/org/netbeans/core/startup/TopThreadGroup.java b/platform/core.startup/src/org/netbeans/core/startup/TopThreadGroup.java
index dd50ec01ead4..023250faba40 100644
--- a/platform/core.startup/src/org/netbeans/core/startup/TopThreadGroup.java
+++ b/platform/core.startup/src/org/netbeans/core/startup/TopThreadGroup.java
@@ -20,7 +20,6 @@
package org.netbeans.core.startup;
import java.lang.Thread.UncaughtExceptionHandler;
-import org.netbeans.TopSecurityManager;
import org.openide.util.Exceptions;
/** The ThreadGroup for catching uncaught exceptions in Corona.
diff --git a/platform/o.n.bootstrap/launcher/unix/nbexec b/platform/o.n.bootstrap/launcher/unix/nbexec
index 1d6ad6e53019..228b37cbe20d 100755
--- a/platform/o.n.bootstrap/launcher/unix/nbexec
+++ b/platform/o.n.bootstrap/launcher/unix/nbexec
@@ -192,7 +192,7 @@ fi
# rename old heap dump to .old
mv "${userdir}/var/log/heapdump.hprof" "${userdir}/var/log/heapdump.hprof.old" > /dev/null 2>&1
-jargs_without_clusters="$jargs -Djava.security.manager=allow"
+jargs_without_clusters="$jargs"
jargs="-Dnetbeans.dirs=\"${clusters}\" $jargs_without_clusters"
if [ -z "$cachedirspecified" ]; then
diff --git a/platform/o.n.bootstrap/launcher/windows/platformlauncher.cpp b/platform/o.n.bootstrap/launcher/windows/platformlauncher.cpp
index 33bf8ee83ec2..95b4981194f7 100644
--- a/platform/o.n.bootstrap/launcher/windows/platformlauncher.cpp
+++ b/platform/o.n.bootstrap/launcher/windows/platformlauncher.cpp
@@ -579,8 +579,6 @@ void PlatformLauncher::prepareOptions() {
option = OPT_KEEP_WORKING_SET_ON_MINIMIZE;
javaOptions.push_back(option);
- option = OPT_JAVA_SECURITY_MANAGER_ALLOW;
- javaOptions.push_back(option);
}
string & PlatformLauncher::constructClassPath(bool runUpdater) {
diff --git a/platform/o.n.bootstrap/nbproject/org-netbeans-bootstrap.sig b/platform/o.n.bootstrap/nbproject/org-netbeans-bootstrap.sig
index d946568e7644..14acc909b4ec 100644
--- a/platform/o.n.bootstrap/nbproject/org-netbeans-bootstrap.sig
+++ b/platform/o.n.bootstrap/nbproject/org-netbeans-bootstrap.sig
@@ -36,8 +36,9 @@ CLSS public abstract interface java.io.Serializable
CLSS public abstract java.lang.ClassLoader
cons protected init()
cons protected init(java.lang.ClassLoader)
+cons protected init(java.lang.String,java.lang.ClassLoader)
meth protected final java.lang.Class defineClass(byte[],int,int)
- anno 0 java.lang.Deprecated()
+ anno 0 java.lang.Deprecated(boolean forRemoval=false, java.lang.String since="1.1")
meth protected final java.lang.Class defineClass(java.lang.String,byte[],int,int)
meth protected final java.lang.Class defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
meth protected final java.lang.Class defineClass(java.lang.String,java.nio.ByteBuffer,java.security.ProtectionDomain)
@@ -46,21 +47,31 @@ meth protected final java.lang.Class findSystemClass(java.lang.String) throws
meth protected final void resolveClass(java.lang.Class)
meth protected final void setSigners(java.lang.Class,java.lang.Object[])
meth protected java.lang.Class findClass(java.lang.String) throws java.lang.ClassNotFoundException
+meth protected java.lang.Class findClass(java.lang.String,java.lang.String)
meth protected java.lang.Class loadClass(java.lang.String,boolean) throws java.lang.ClassNotFoundException
meth protected java.lang.Object getClassLoadingLock(java.lang.String)
meth protected java.lang.Package definePackage(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.net.URL)
meth protected java.lang.Package getPackage(java.lang.String)
+ anno 0 java.lang.Deprecated(boolean forRemoval=false, java.lang.String since="9")
meth protected java.lang.Package[] getPackages()
meth protected java.lang.String findLibrary(java.lang.String)
meth protected java.net.URL findResource(java.lang.String)
+meth protected java.net.URL findResource(java.lang.String,java.lang.String) throws java.io.IOException
meth protected java.util.Enumeration findResources(java.lang.String) throws java.io.IOException
meth protected static boolean registerAsParallelCapable()
+meth public final boolean isRegisteredAsParallelCapable()
meth public final java.lang.ClassLoader getParent()
+meth public final java.lang.Module getUnnamedModule()
+meth public final java.lang.Package getDefinedPackage(java.lang.String)
+meth public final java.lang.Package[] getDefinedPackages()
meth public java.io.InputStream getResourceAsStream(java.lang.String)
meth public java.lang.Class loadClass(java.lang.String) throws java.lang.ClassNotFoundException
+meth public java.lang.String getName()
meth public java.net.URL getResource(java.lang.String)
meth public java.util.Enumeration getResources(java.lang.String) throws java.io.IOException
+meth public java.util.stream.Stream resources(java.lang.String)
meth public static java.io.InputStream getSystemResourceAsStream(java.lang.String)
+meth public static java.lang.ClassLoader getPlatformClassLoader()
meth public static java.lang.ClassLoader getSystemClassLoader()
meth public static java.net.URL getSystemResource(java.lang.String)
meth public static java.util.Enumeration getSystemResources(java.lang.String) throws java.io.IOException
@@ -82,6 +93,7 @@ CLSS public java.lang.Object
cons public init()
meth protected java.lang.Object clone() throws java.lang.CloneNotSupportedException
meth protected void finalize() throws java.lang.Throwable
+ anno 0 java.lang.Deprecated(boolean forRemoval=false, java.lang.String since="9")
meth public boolean equals(java.lang.Object)
meth public final java.lang.Class getClass()
meth public final void notify()
@@ -92,65 +104,6 @@ meth public final void wait(long,int) throws java.lang.InterruptedException
meth public int hashCode()
meth public java.lang.String toString()
-CLSS public java.lang.SecurityManager
-cons public init()
-fld protected boolean inCheck
- anno 0 java.lang.Deprecated()
-meth protected boolean inClass(java.lang.String)
- anno 0 java.lang.Deprecated()
-meth protected boolean inClassLoader()
- anno 0 java.lang.Deprecated()
-meth protected int classDepth(java.lang.String)
- anno 0 java.lang.Deprecated()
-meth protected int classLoaderDepth()
- anno 0 java.lang.Deprecated()
-meth protected java.lang.Class currentLoadedClass()
- anno 0 java.lang.Deprecated()
-meth protected java.lang.ClassLoader currentClassLoader()
- anno 0 java.lang.Deprecated()
-meth protected java.lang.Class[] getClassContext()
-meth public boolean checkTopLevelWindow(java.lang.Object)
- anno 0 java.lang.Deprecated()
-meth public boolean getInCheck()
- anno 0 java.lang.Deprecated()
-meth public java.lang.Object getSecurityContext()
-meth public java.lang.ThreadGroup getThreadGroup()
-meth public void checkAccept(java.lang.String,int)
-meth public void checkAccess(java.lang.Thread)
-meth public void checkAccess(java.lang.ThreadGroup)
-meth public void checkAwtEventQueueAccess()
- anno 0 java.lang.Deprecated()
-meth public void checkConnect(java.lang.String,int)
-meth public void checkConnect(java.lang.String,int,java.lang.Object)
-meth public void checkCreateClassLoader()
-meth public void checkDelete(java.lang.String)
-meth public void checkExec(java.lang.String)
-meth public void checkExit(int)
-meth public void checkLink(java.lang.String)
-meth public void checkListen(int)
-meth public void checkMemberAccess(java.lang.Class,int)
- anno 0 java.lang.Deprecated()
-meth public void checkMulticast(java.net.InetAddress)
-meth public void checkMulticast(java.net.InetAddress,byte)
- anno 0 java.lang.Deprecated()
-meth public void checkPackageAccess(java.lang.String)
-meth public void checkPackageDefinition(java.lang.String)
-meth public void checkPermission(java.security.Permission)
-meth public void checkPermission(java.security.Permission,java.lang.Object)
-meth public void checkPrintJobAccess()
-meth public void checkPropertiesAccess()
-meth public void checkPropertyAccess(java.lang.String)
-meth public void checkRead(java.io.FileDescriptor)
-meth public void checkRead(java.lang.String)
-meth public void checkRead(java.lang.String,java.lang.Object)
-meth public void checkSecurityAccess(java.lang.String)
-meth public void checkSetFactory()
-meth public void checkSystemClipboardAccess()
- anno 0 java.lang.Deprecated()
-meth public void checkWrite(java.io.FileDescriptor)
-meth public void checkWrite(java.lang.String)
-supr java.lang.Object
-
CLSS public java.lang.Throwable
cons protected init(java.lang.String,java.lang.Throwable,boolean,boolean)
cons public init()
@@ -395,7 +348,7 @@ fld public final static java.lang.String PROP_MODULES = "modules"
meth public boolean hasToEnableCompatModules(java.util.Set)
meth public boolean isOrWillEnable(org.netbeans.Module)
meth public boolean shouldDelegateResource(org.netbeans.Module,org.netbeans.Module,java.lang.String)
- anno 0 java.lang.Deprecated()
+ anno 0 java.lang.Deprecated(boolean forRemoval=false, java.lang.String since="")
meth public boolean shouldDelegateResource(org.netbeans.Module,org.netbeans.Module,java.lang.String,java.lang.ClassLoader)
meth public boolean shutDown()
meth public boolean shutDown(java.lang.Runnable)
@@ -414,12 +367,12 @@ meth public java.util.Collection getAttachedFragments(org.n
meth public java.util.List simulateDisable(java.util.Set)
meth public java.util.List simulateEnable(java.util.Set)
meth public java.util.Set getModuleInterdependencies(org.netbeans.Module,boolean,boolean)
- anno 0 java.lang.Deprecated()
+ anno 0 java.lang.Deprecated(boolean forRemoval=false, java.lang.String since="")
meth public java.util.Set getModuleInterdependencies(org.netbeans.Module,boolean,boolean,boolean)
meth public java.util.Set getModules()
meth public java.util.concurrent.Future shutDownAsync(java.lang.Runnable)
meth public org.netbeans.Module create(java.io.File,java.lang.Object,boolean,boolean) throws java.io.IOException,org.netbeans.DuplicateException
- anno 0 java.lang.Deprecated()
+ anno 0 java.lang.Deprecated(boolean forRemoval=false, java.lang.String since="")
meth public org.netbeans.Module create(java.io.File,java.lang.Object,boolean,boolean,boolean) throws java.io.IOException,org.netbeans.DuplicateException
meth public org.netbeans.Module createBundle(java.io.File,java.lang.Object,boolean,boolean,boolean,int) throws java.io.IOException,org.netbeans.DuplicateException
meth public org.netbeans.Module createFixed(java.util.jar.Manifest,java.lang.Object,java.lang.ClassLoader) throws org.netbeans.DuplicateException,org.netbeans.InvalidException
@@ -534,30 +487,6 @@ CLSS public abstract interface static org.netbeans.Stamps$Updater
meth public abstract void cacheReady()
meth public abstract void flushCaches(java.io.DataOutputStream) throws java.io.IOException
-CLSS public org.netbeans.TopSecurityManager
-cons public init()
-meth public boolean checkTopLevelWindow(java.lang.Object)
-meth public final void checkPropertyAccess(java.lang.String)
-meth public static void exit(int)
-meth public static void install()
-meth public static void makeSwingUseSpecialClipboard(java.awt.datatransfer.Clipboard)
-meth public static void register(java.lang.SecurityManager)
-meth public static void unregister(java.lang.SecurityManager)
-meth public void checkConnect(java.lang.String,int)
-meth public void checkConnect(java.lang.String,int,java.lang.Object)
-meth public void checkDelete(java.lang.String)
-meth public void checkExit(int)
-meth public void checkMemberAccess(java.lang.Class,int)
-meth public void checkPermission(java.security.Permission)
-meth public void checkPermission(java.security.Permission,java.lang.Object)
-meth public void checkRead(java.io.FileDescriptor)
-meth public void checkRead(java.lang.String)
-meth public void checkWrite(java.io.FileDescriptor)
-meth public void checkWrite(java.lang.String)
-supr java.lang.SecurityManager
-hfds CLIPBOARD_FORBIDDEN,LOG,URLClass,accessControllerClass,allPermission,awtPermissionClass,callerWhiteList,check,classLoaderClass,delegates,fsSecManager,officialExit,runtimePermissionClass,urlField,warnedClassesNDE,warnedClassesNH,warnedSunMisc
-hcls PrivilegedCheck
-
CLSS public final org.netbeans.Util
fld public final static java.util.logging.Logger err
innr public abstract interface static ModuleProvider
diff --git a/platform/o.n.bootstrap/nbproject/project.properties b/platform/o.n.bootstrap/nbproject/project.properties
index e8ec0b6ad922..23861743f547 100644
--- a/platform/o.n.bootstrap/nbproject/project.properties
+++ b/platform/o.n.bootstrap/nbproject/project.properties
@@ -16,7 +16,7 @@
# under the License.
javac.compilerargs=-Xlint:all -Xlint:-serial -Xlint:-processing
-javac.source=1.8
+javac.release=11
module.jar.dir=lib
module.jar.basename=boot.jar
release.launcher/unix/nbexec=lib/nbexec
diff --git a/platform/o.n.bootstrap/src/allow.java b/platform/o.n.bootstrap/src/allow.java
deleted file mode 100644
index 62db45b997f6..000000000000
--- a/platform/o.n.bootstrap/src/allow.java
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import java.io.FileDescriptor;
-import java.net.InetAddress;
-import java.security.Permission;
-import java.util.concurrent.atomic.AtomicBoolean;
-
-/**
- *
- */
-public class allow extends SecurityManager {
-
- @Override
- public void checkAccept(String host, int port) {
- uninstall();
- }
-
- @Override
- public void checkAccess(Thread t) {
- uninstall();
- }
-
- @Override
- public void checkAccess(ThreadGroup g) {
- uninstall();
- }
-
- @Override
- public void checkAwtEventQueueAccess() {
- uninstall();
- }
-
- @Override
- public void checkConnect(String host, int port) {
- uninstall();
- }
-
- @Override
- public void checkConnect(String host, int port, Object context) {
- uninstall();
- }
-
- @Override
- public void checkCreateClassLoader() {
- uninstall();
- }
-
- @Override
- public void checkDelete(String file) {
- uninstall();
- }
-
- @Override
- public void checkExec(String cmd) {
- uninstall();
- }
-
- @Override
- public void checkExit(int status) {
- uninstall();
- }
-
- @Override
- public void checkLink(String lib) {
- uninstall();
- }
-
- @Override
- public void checkListen(int port) {
- uninstall();
- }
-
- @Override
- public void checkMemberAccess(Class clazz, int which) {
- uninstall();
- }
-
- @Override
- public void checkMulticast(InetAddress maddr) {
- uninstall();
- }
-
- @Override
- public void checkMulticast(InetAddress maddr, byte ttl) {
- uninstall();
- }
-
- @Override
- public void checkPackageAccess(String pkg) {
- uninstall();
- }
-
- @Override
- public void checkPackageDefinition(String pkg) {
- uninstall();
- }
-
- @Override
- public void checkPermission(Permission perm) {
- uninstall();
- }
-
- @Override
- public void checkPermission(Permission perm, Object context) {
- uninstall();
- }
-
- @Override
- public void checkPrintJobAccess() {
- uninstall();
- }
-
- @Override
- public void checkPropertiesAccess() {
- uninstall();
- }
-
- @Override
- public void checkPropertyAccess(String key) {
- uninstall();
- }
-
- @Override
- public void checkRead(FileDescriptor fd) {
- uninstall();
- }
-
- @Override
- public void checkRead(String file) {
- uninstall();
- }
-
- @Override
- public void checkRead(String file, Object context) {
- uninstall();
- }
-
- @Override
- public void checkSecurityAccess(String target) {
- uninstall();
- }
-
- @Override
- public void checkSetFactory() {
- uninstall();
- }
-
- @Override
- public void checkSystemClipboardAccess() {
- uninstall();
- }
-
- @Override
- public boolean checkTopLevelWindow(Object window) {
- uninstall();
- return true;
- }
-
- @Override
- public void checkWrite(FileDescriptor fd) {
- uninstall();
- }
-
- @Override
- public void checkWrite(String file) {
- uninstall();
- }
-
- private final AtomicBoolean uninstalling = new AtomicBoolean();
-
- private void uninstall() {
- if (uninstalling.compareAndSet(false, true)) {
- System.setSecurityManager(null);
- }
- }
-}
diff --git a/platform/o.n.bootstrap/src/org/netbeans/ModuleManager.java b/platform/o.n.bootstrap/src/org/netbeans/ModuleManager.java
index 76eac2962833..b4fa0015ee6a 100644
--- a/platform/o.n.bootstrap/src/org/netbeans/ModuleManager.java
+++ b/platform/o.n.bootstrap/src/org/netbeans/ModuleManager.java
@@ -59,6 +59,7 @@
import java.util.jar.Manifest;
import java.util.logging.Level;
import java.util.logging.Logger;
+import java.util.stream.Collectors;
import org.openide.modules.Dependency;
import org.openide.modules.ModuleInfo;
import org.openide.modules.Modules;
@@ -744,7 +745,8 @@ protected synchronized Class loadClass(String name, boolean resolve) throws C
ProxyClassLoader priviledged = null;
NetigsoLoader osgi = null;
if (!name.startsWith("java.")) { // NOI18N
- Class[] stack = TopSecurityManager.getStack();
+
+ List> stack = Util.getStack();
for (Class c: stack) {
ClassLoader l = c.getClassLoader();
if (l == this) {
diff --git a/platform/o.n.bootstrap/src/org/netbeans/NetigsoHandle.java b/platform/o.n.bootstrap/src/org/netbeans/NetigsoHandle.java
index 3c050822730d..ed989b1900bb 100644
--- a/platform/o.n.bootstrap/src/org/netbeans/NetigsoHandle.java
+++ b/platform/o.n.bootstrap/src/org/netbeans/NetigsoHandle.java
@@ -198,14 +198,14 @@ final ClassLoader findFallbackLoader() {
ClassLoader frameworkLoader = f.findFrameworkClassLoader();
- Class[] stack = TopSecurityManager.getStack();
- for (int i = 0; i < stack.length; i++) {
- ClassLoader sl = stack[i].getClassLoader();
+ List> stack = Util.getStack();
+ for (Class frame : stack) {
+ ClassLoader sl = frame.getClassLoader();
if (sl == null) {
continue;
}
if (sl.getClass().getClassLoader() == frameworkLoader) {
- return stack[i].getClassLoader();
+ return frame.getClassLoader();
}
}
return null;
diff --git a/platform/o.n.bootstrap/src/org/netbeans/TopSecurityManager.java b/platform/o.n.bootstrap/src/org/netbeans/TopSecurityManager.java
index babb04da60ef..9afee4281466 100644
--- a/platform/o.n.bootstrap/src/org/netbeans/TopSecurityManager.java
+++ b/platform/o.n.bootstrap/src/org/netbeans/TopSecurityManager.java
@@ -19,163 +19,13 @@
package org.netbeans;
-import java.awt.AWTPermission;
-import java.io.FileDescriptor;
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
-import java.net.InetAddress;
-import java.net.URL;
-import java.net.UnknownHostException;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.AllPermission;
-import java.security.CodeSource;
-import java.security.Permission;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import java.util.logging.LoggingPermission;
-import org.openide.util.Lookup;
-import org.openide.util.WeakSet;
-
/** NetBeans security manager implementation.
* @author Ales Novak, Jesse Glick
*/
-public class TopSecurityManager extends SecurityManager {
- private static final boolean check = !Boolean.getBoolean("netbeans.security.nocheck"); // NOI18N
- private static final Logger LOG = Logger.getLogger(TopSecurityManager.class.getName());
-
- private Permission allPermission;
-
- /* JVMPI sometimes deadlocks sync getForeignClassLoader
- and Class.forName
- */
- private static final Class classLoaderClass = ClassLoader.class;
- private static final Class URLClass = URL.class;
- private static final Class runtimePermissionClass = RuntimePermission.class;
- private static final Class accessControllerClass = AccessController.class;
- private static final Class awtPermissionClass = AWTPermission.class;
- private static SecurityManager fsSecManager;
+public class TopSecurityManager {
- private static final List delegates = new ArrayList();
- /** Register a delegate security manager that can handle some checks for us.
- * Currently only checkExit and checkTopLevelWindow are supported.
- * @param sm the delegate to register
- * @throws SecurityException without RuntimePermission "TopSecurityManager.register"
- */
- public static void register(SecurityManager sm) throws SecurityException {
-/* if (check) {
- try {
- AccessController.checkPermission(new RuntimePermission("TopSecurityManager.register")); // NOI18N
- } catch (SecurityException se) {
- // Something is probably wrong; debug it better.
- ProtectionDomain pd = sm.getClass().getProtectionDomain();
- CodeSource cs = pd.getCodeSource();
- System.err.println("Code source of attempted secman: " + (cs != null ? cs.getLocation().toExternalForm() : "")); // NOI18N
- System.err.println("Its permissions: " + pd); // NOI18N
- throw se;
- }
- }
-*/
- synchronized (delegates) {
- if (delegates.contains(sm)) throw new SecurityException();
- delegates.add(sm);
- if (fsSecManager == null) {
- for (Lookup.Item item : Lookup.getDefault().lookupResult(SecurityManager.class).allItems()) {
- if (item != null && "org.netbeans.modules.masterfs.filebasedfs.utils.FileChangedManager".equals(item.getId())) {//NOI18N
- fsSecManager = item.getInstance();
- break;
- }
- }
- assert fsSecManager != null;
- }
- }
- }
- /** Unregister a delegate security manager.
- * @param sm the delegate to unregister
- * @throws SecurityException without RuntimePermission "TopSecurityManager.unregister"
- */
- public static void unregister(SecurityManager sm) throws SecurityException {
-/* if (check) {
- AccessController.checkPermission(new RuntimePermission("TopSecurityManager.unregister")); // NOI18N
- }
-*/
- synchronized (delegates) {
- if (!delegates.contains(sm)) throw new SecurityException();
- delegates.remove(sm);
- }
- }
-
- /**
- * constructs new TopSecurityManager
- */
- public TopSecurityManager () {
- allPermission = new AllPermission();
- }
-
- public @Override void checkExit(int status) throws SecurityException {
- if (! check) {
- return;
- }
-
- synchronized (delegates) {
- Iterator it = delegates.iterator();
- while (it.hasNext()) {
- it.next().checkExit(status);
- }
- }
-
- PrivilegedCheck.checkExit(status, this);
- }
+ static volatile boolean officialExit = false;
- SecurityManager getSecurityManager() {
- if (fsSecManager == null) {
- synchronized (delegates) {
- return fsSecManager;
- }
- }
- return fsSecManager;
- }
-
- private void notifyDelete(String file) {
- SecurityManager s = getSecurityManager();
- if (s != null) {
- s.checkDelete(file);
- }
- }
-
- private void notifyRead(String file) {
- SecurityManager s = getSecurityManager();
- if (s != null) {
- s.checkRead(file);
- }
- }
-
- private void notifyWrite(String file) {
- SecurityManager s = getSecurityManager();
- if (s != null) {
- s.checkWrite(file);
- }
- }
-
- static boolean officialExit = false;
- static Class[] getStack() {
- SecurityManager s = System.getSecurityManager();
- TopSecurityManager t;
- if (s instanceof TopSecurityManager) {
- t = (TopSecurityManager)s;
- } else {
- t = new TopSecurityManager();
- }
- return t.getClassContext();
- }
-
/** Can be called from core classes to exit the system.
* Direct calls to System.exit will not be honored, for safety.
* @param status the status code to exit with
@@ -188,626 +38,5 @@ public static void exit(int status) {
officialExit = true;
System.exit(status);
}
-
- final void checkExitImpl(int status, AccessControlContext acc) throws SecurityException {
- if (!officialExit) {
- throw new ExitSecurityException("Illegal attempt to exit early"); // NOI18N
- }
-
- super.checkExit(status);
- }
-
- @SuppressWarnings("deprecation")
- public boolean checkTopLevelWindow(Object window) {
- return checkTopLevelWindow(new AWTPermission("showWindowWithoutWarningBanner"), window); // NOI18N
- }
-
- private boolean checkTopLevelWindow(Permission windowPermission, Object window) {
- synchronized (delegates) {
- for (SecurityManager sm : delegates) {
- sm.checkPermission(windowPermission, window);
- }
- }
- return true;
- }
-
- /* XXX probably unnecessary:
- // Hack against permissions of Launcher$AppLoader.
- public void checkPackageAccess(String pckg) {
- if (pckg == null) return;
- if (pckg.startsWith("sun.")) { // NOI18N
- if (inClazz("sun.misc.Launcher") || inClazz("java.lang.Class")) { // NOI18N
- return;
- }
- }
- super.checkPackageAccess(pckg);
- }
-
- private boolean inClazz(String s) {
- Class[] classes = getClassContext();
- int i = 0;
- for (; (i < classes.length) && (classes[i] == TopSecurityManager.class); i++);
- if (i == classes.length) {
- return false;
- }
- return classes[i].getName().startsWith(s);
- }
- */
-
- /** Performance - all props accessible */
- public @Override final void checkPropertyAccess(String x) {
- if ("netbeans.debug.exceptions".equals(x)) { // NOI18N
- // Get rid of this old system property.
- for (Class c : getClassContext()) {
- if (c != TopSecurityManager.class &&
- c != System.class &&
- c != Boolean.class) {
- String n = c.getName();
- synchronized (warnedClassesNDE) {
- if (warnedClassesNDE.add(n)) {
- LOG.log(Level.WARNING, "use of system property netbeans.debug.exceptions has been obsoleted in favor of java.util.logging.Logger at {0}", findCallStackLine(n));
- }
- }
- break;
- }
- }
- }
- if ("netbeans.home".equals(x) || "netbeans.user".equals(x)) { // NOI18N
- // Control access to this system property.
- for (Class c : getClassContext()) {
- if (c != TopSecurityManager.class &&
- c != System.class &&
- c != Boolean.class) {
- String n = c.getName();
- boolean log;
- synchronized (warnedClassesNH) {
- log = warnedClassesNH.add(n);
- }
- if (log) {
- LOG.log(Level.WARNING, "use of system property {0} has been obsoleted in favor of InstalledFileLocator/Places at {1}", new Object[] {x, findCallStackLine(n)});
- }
- break;
- }
- }
- }
- }
- private static String findCallStackLine(String callerClazz) {
- for (StackTraceElement line : Thread.currentThread().getStackTrace()) {
- if (line.getClassName().equals(callerClazz)) {
- return line.toString();
- }
- }
- return callerClazz;
- }
- private final Set warnedClassesNDE = new HashSet(25);
- private static final Set warnedClassesNH = new HashSet(25);
- static {
- // XXX cleaner would be to use @SuppressWarnings, but that has Retention(SOURCE), and not all these can use org.netbeans.api.annotations.common
- warnedClassesNH.add("org.openide.modules.Places");
- warnedClassesNH.add("org.netbeans.MainImpl"); // NOI18N
- warnedClassesNH.add("org.netbeans.MainImpl$BootClassLoader");
- warnedClassesNH.add("org.netbeans.CLIHandler");
- warnedClassesNH.add("org.netbeans.Stamps"); // NOI18N
- warnedClassesNH.add("org.netbeans.Clusters"); // NOI18N
- warnedClassesNH.add("org.netbeans.core.startup.InstalledFileLocatorImpl"); // NOI18N
- warnedClassesNH.add("org.netbeans.core.startup.CLIOptions");
- warnedClassesNH.add("org.netbeans.core.startup.preferences.RelPaths");
- warnedClassesNH.add("org.netbeans.core.startup.layers.BinaryFS");
- warnedClassesNH.add("org.netbeans.modules.netbinox.NetbinoxFactory");
- warnedClassesNH.add("org.netbeans.updater.UpdateTracking"); // NOI18N
- warnedClassesNH.add("org.netbeans.core.ui.ProductInformationPanel"); // #47429; NOI18N
- warnedClassesNH.add("org.netbeans.lib.uihandler.LogFormatter");
- warnedClassesNH.add("org.netbeans.modules.project.libraries.LibrariesStorage");
- warnedClassesNH.add("org.netbeans.modules.j2ee.sun.ide.j2ee.PluginProperties"); // AS bundle is not in any cluster
- warnedClassesNH.add("org.netbeans.modules.apisupport.project.universe.NbPlatform"); // defaultPlatformLocation
- }
-
- /* ----------------- private methods ------------- */
-
- /**
- * The method is empty. This is not "secure", but on the other hand,
- * it reduces performance penalty of startup about 10%
- */
- public @Override void checkRead(String file) {
- notifyRead(file);
- }
-
- public @Override void checkRead(FileDescriptor fd) {
- }
-
-
- public @Override void checkWrite(FileDescriptor fd) {
- }
-
- /** The method has awful performance in super class */
- public @Override void checkDelete(String file) {
- notifyDelete(file);
- try {
- checkPermission(allPermission);
- return;
- } catch (SecurityException e) {
- super.checkDelete(file);
- }
- }
-
- /** The method has awful performance in super class */
- public @Override void checkWrite(String file) {
- notifyWrite(file);
- try {
- checkPermission(allPermission);
- return;
- } catch (SecurityException e) {
- super.checkWrite(file);
- }
- }
-
- /** Checks connect */
- public @Override void checkConnect(String host, int port) {
- if (! check) {
- return;
- }
-
- try {
- checkPermission(allPermission);
- return;
- } catch (SecurityException e) {
- }
-
- try {
- super.checkConnect(host, port);
- return;
- } catch (SecurityException e) {
- }
-
- PrivilegedCheck.checkConnect(host, port, this);
- }
-
- final void checkConnectImpl(String host, int port) {
- Class insecure = getInsecureClass();
- if (insecure != null) {
- URL ctx = getClassURL(insecure);
- if (ctx != null) {
- try {
- String fromHost = ctx.getHost();
- InetAddress ia2 = InetAddress.getByName(host);
- InetAddress ia3 = InetAddress.getByName(fromHost);
- if (ia2.equals(ia3)) {
- return;
- }
- } catch (UnknownHostException e) { // ignore
- e.printStackTrace();
- }
- }
- throw new SecurityException();
- }
- }
-
- public @Override void checkConnect(String s, int port, Object context) {
- checkConnect(s, port);
- }
-
- private final Set> warnedSunMisc = new WeakSet<>();
- private final Set callerWhiteList = createCallerWhiteList();
- @SuppressWarnings("deprecation")
- public void checkMemberAccess(Class clazz, int which) {
- final String n = clazz.getName();
- if (n.startsWith("sun.misc")) { // NOI18N
- Class caller = null;
- Class[] arr = getClassContext();
- for (int i = 0; i < arr.length; i++) {
- if (arr[i] == TopSecurityManager.class) {
- continue;
- }
- if (arr[i] != Class.class) {
- caller = arr[i];
- break;
- }
- }
- StringBuilder msg = new StringBuilder();
- msg.append("Dangerous reflection access to ").append(n).append(" by ").append(caller).append(" detected!");
- if (caller != null && caller.getProtectionDomain() != null) {
- CodeSource cs = caller.getProtectionDomain().getCodeSource();
- msg.append("\ncode location: ").append(cs == null ? "null" : cs.getLocation());
- }
- if (caller != null && isDangerous(caller.getName(), n)) {
- throw new SecurityException(msg.toString());
- }
- Level l;
- if (caller != null && callerWhiteList.contains(caller.getName())) {
- l = Level.FINEST;
- } else {
- l = Level.FINE;
- assert (l = Level.INFO) != null;
- }
- if (!warnedSunMisc.add(caller)) {
- LOG.log(l, msg.toString());
- return;
- }
- Exception ex = new Exception(msg.toString()); // NOI18N
- LOG.log(l, null, ex);
- }
- }
-
- /**
- * Create list of safe callers for {@link #checkMemberAccess(Class, int)}.
- */
- private static Set createCallerWhiteList() {
- Set wl = new HashSet();
- wl.add("org.netbeans.core.output2.FileMapStorage"); //NOI18N
- wl.add("com.sun.tools.javac.util.CloseableURLClassLoader"); //NOI18N
- wl.add("java.lang.Thread$1"); //NOI18N
- wl.add("org.clank.support.NativeMemory"); //NOI18N
- wl.add("org.apache.lucene.store.MMapDirectory$1"); //NOI18N
- wl.add("org.apache.lucene.util.Constants"); //#217037
- wl.add("org.apache.lucene.util.RamUsageEstimator");//#217037
- wl.add("com.google.gson.internal.UnsafeAllocator"); //#219464 //NOI18N
- wl.add("org.netbeans.modules.web.jspparser_ext.WebAppParseSupport$ParserClassLoader"); //#218690 // NOI18N
- return wl;
- }
- private static boolean isDangerous(String caller, String accessTo) {
- if ("com.sun.istack.tools.ProtectedTask".equals(caller)) { // NOI18N
- if ("sun.misc.ClassLoaderUtil".equals(accessTo)) { // NOI18N
- // calling ClassLoaderUtil is allowed
- return false;
- }
- return true;
- }
- return false;
- }
-
- public @Override void checkPermission(Permission perm) {
-// assert checkLogger(perm); //#178013 & JDK bug 1694855
- checkSetSecurityManager(perm);
-
- //
- // part of makeSwingUseSpecialClipboard that makes it work on
- // JDK 1.5
- //
- if (awtPermissionClass.isInstance(perm)) {
- if ("accessClipboard".equals (perm.getName ())) { // NOI18N
- ThreadLocal