Remove SecurityManager layer

.github/workflows/main.yml

@@ -229,7 +229,7 @@ jobs:
         java: [ 17 ]
         include:
           - os: ubuntu-latest
-            java: 23
+            java: 24-ea
       fail-fast: false
     steps:
 
@@ -260,6 +260,7 @@ jobs:
         run: tar --zstd -xf build.tar.zst
 
       - name: platform/masterfs
+        if: ${{ matrix.java == '17' }}
         run: .github/retry.sh ant $OPTS -f platform/masterfs test
 
       - name: Commit Validation tests
@@ -836,7 +837,7 @@ jobs:
     timeout-minutes: 50
     strategy:
       matrix:
-        java: [ '17', '21', '23' ]
+        java: [ '17', '21', '24-ea' ]
         exclude:
           - java: ${{ github.event_name == 'pull_request' && 'nothing' || '21' }}
       fail-fast: false
@@ -1443,10 +1444,10 @@ jobs:
     timeout-minutes: 60
     strategy:
       matrix:
-        java: [ '17', '23' ]
+        java: [ '17', '24-ea' ]
         config: [ 'batch1', 'batch2' ]
         exclude:
-          - java: ${{ github.event_name == 'pull_request' && 'nothing' || '23' }}
+          - java: ${{ github.event_name == 'pull_request' && 'nothing' || '24-ea' }}
       fail-fast: false
     steps:
 
@@ -1496,7 +1497,7 @@ jobs:
     timeout-minutes: 60
     strategy:
       matrix:
-        java: [ '17', '21', '23' ]
+        java: [ '17', '21', '24-ea' ]
         exclude:
           - java: ${{ github.event_name == 'pull_request' && 'nothing' || '21' }}
       fail-fast: false

nb/ide.launcher/netbeans.conf

@@ -56,7 +56,7 @@ netbeans_default_cachedir="${DEFAULT_CACHEDIR_ROOT}/@@metabuild.RawVersion@@"
 # The automatically selected value can be overridden by specifying -J-Xmx
 # here or on the command line.
 #
-netbeans_default_options="-J-XX:+UseStringDeduplication -J-Xss2m @@metabuild.logcli@@ -J-Dapple.laf.useScreenMenuBar=true -J-Dapple.awt.application.appearance=system -J-Dsun.java2d.noddraw=true -J-Dsun.java2d.dpiaware=true -J-Dplugin.manager.check.updates=false -J-Dnetbeans.extbrowser.manual_chrome_plugin_install=yes @@metabuild.jms-flags@@ -J-XX:+IgnoreUnrecognizedVMOptions"
+netbeans_default_options="-J-XX:+UseStringDeduplication -J-Xss2m @@metabuild.logcli@@ -J-Djava.lang.Runtime.level=FINE -J-Dapple.laf.useScreenMenuBar=true -J-Dapple.awt.application.appearance=system -J-Dsun.java2d.noddraw=true -J-Dsun.java2d.dpiaware=true -J-Dplugin.manager.check.updates=false -J-Dnetbeans.extbrowser.manual_chrome_plugin_install=yes @@metabuild.jms-flags@@ -J-XX:+IgnoreUnrecognizedVMOptions"
 
 # Default location of JDK:
 # (set by installer or commented out if launcher should decide)

nbbuild/jdk.xml

@@ -107,17 +107,6 @@
             <arg value="-version" />
         </exec>
 
-        <condition property="nbjdk.enable_security_manager" value="-Djava.security.manager=allow" else="">
-            <not>
-                <or>
-                    <matches pattern=".*version &quot;1\.8\.?.*" string="${nbjdk.versioninfo}" />
-                    <matches pattern=".*version &quot;9(&quot;|\.).*" string="${nbjdk.versioninfo}" />
-                    <matches pattern=".*version &quot;10(&quot;|\.).*" string="${nbjdk.versioninfo}" />
-                    <matches pattern=".*version &quot;11(&quot;|\.).*" string="${nbjdk.versioninfo}" />
-                </or>
-            </not>
-        </condition>
-
         <available property="have-jdk-1.4" classname="java.lang.CharSequence" classpath="${nbjdk.bootclasspath}" ignoresystemclasses="true"/>
         <available property="have-jdk-1.5" classname="java.lang.StringBuilder" classpath="${nbjdk.bootclasspath}" ignoresystemclasses="true"/>
         <available property="have-jdk-1.6" classname="java.util.ServiceLoader" classpath="${nbjdk.bootclasspath}" ignoresystemclasses="true"/>
@@ -229,17 +218,6 @@
             <arg value="-version" />
         </exec>
 
-        <condition property="nbjdk.enable_security_manager" value="-Djava.security.manager=allow" else="">
-            <not>
-                <or>
-                    <matches pattern=".*version &quot;1\.8\.?.*" string="${nbjdk.versioninfo}" />
-                    <matches pattern=".*version &quot;9(&quot;|\.).*" string="${nbjdk.versioninfo}" />
-                    <matches pattern=".*version &quot;10(&quot;|\.).*" string="${nbjdk.versioninfo}" />
-                    <matches pattern=".*version &quot;11(&quot;|\.).*" string="${nbjdk.versioninfo}" />
-                </or>
-            </not>
-        </condition>
-
         <available property="have-jdk-1.4" classname="java.lang.CharSequence"/>
         <available property="have-jdk-1.5" classname="java.lang.StringBuilder"/>
         <available property="have-jdk-1.6" classname="java.util.ServiceLoader"/>

nbbuild/templates/common.xml

@@ -765,7 +765,6 @@
                     <jvmarg line="${test.jms.flags}"/>
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <!--needed to have tests NOT to steal focus when running, works in latest apple jdk update only.-->
                     <sysproperty key="apple.awt.UIElement" value="@{disable.apple.ui}"/>
                     <formatter type="brief" usefile="false"/>
@@ -797,7 +796,6 @@
                     <jvmarg value="${test.bootclasspath.prepend.args}"/>
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <!-- needed to have tests NOT to steal focus when running, works in latest apple jdk update only.-->
                     <sysproperty key="apple.awt.UIElement" value="@{disable.apple.ui}"/>
                 </testng>
@@ -871,7 +869,6 @@
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <jvmarg line="${run.args.ide}"/>
                     <jvmarg line="${run.jvmargs.ide}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <formatter type="brief" usefile="false"/>
                     <formatter type="xml"/>
                 </junit>
@@ -901,7 +898,6 @@
                     <jvmarg value="${test.bootclasspath.prepend.args}"/>
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <!-- needed to have tests NOT to steal focus when running, works in latest apple jdk update only.-->
                     <sysproperty key="apple.awt.UIElement" value="@{disable.apple.ui}"/>
                 </testng>
@@ -931,7 +927,6 @@
                     <jvmarg value="${test.bootclasspath.prepend.args}"/>
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <!-- needed to have tests NOT to steal focus when running, works in latest apple jdk update only.-->
                     <sysproperty key="apple.awt.UIElement" value="@{disable.apple.ui}"/>
                 </testng>
@@ -975,7 +970,6 @@
                 <java fork="true" classname="org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner" jvm="${test.nbjdk.java}">
                     <jvmarg value="-agentlib:jdwp=transport=dt_socket,address=${jpda.address}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <classpath>
                         <path refid="test.@{test.type}.run.cp"/>
                         <fileset dir="${ant.home}" includes="patches/*.jar"/>
@@ -1011,7 +1005,6 @@
                 <java classname="org.testng.TestNG" fork="true" jvm="${test.nbjdk.java}">
                     <jvmarg value="-agentlib:jdwp=transport=dt_socket,address=${jpda.address}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <jvmarg value="${test.bootclasspath.prepend.args}"/>
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <classpath refid="test.@{test.type}.run.cp"/>
@@ -1049,7 +1042,6 @@
                     <jvmarg value="${test.bootclasspath.prepend.args}"/>
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <jvmarg value="-agentlib:jdwp=transport=dt_socket,address=${jpda.address}"/>
                     <!-- needed to have tests NOT to steal focus when running, works in latest apple jdk update only.-->
                     <sysproperty key="apple.awt.UIElement" value="@{disable.apple.ui}"/>
@@ -1111,7 +1103,6 @@
                     <classpath refid="test.@{test.type}.run.cp"/>
                     <syspropertyset refid="test.@{test.type}.properties"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <jvmarg value="${test.bootclasspath.prepend.args}"/>
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <jvmarg line="${run.jvmargs.ide}"/>
@@ -1143,7 +1134,6 @@
                     <jvmarg value="${test.bootclasspath.prepend.args}"/>
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <!-- needed to have tests NOT to steal focus when running, works in latest apple jdk update only.-->
                     <sysproperty key="apple.awt.UIElement" value="@{disable.apple.ui}"/>
                 </testng>
@@ -1165,7 +1155,6 @@
                     <classpath refid="test.@{test.type}.run.cp"/>
                     <syspropertyset refid="test.@{test.type}.properties"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <jvmarg line="${run.args.ide}"/>
                     <jvmarg line="${run.jvmargs.ide}"/>
                     <customize/>
@@ -1187,7 +1176,6 @@
                 <java fork="true" classname="${main.class}">
                     <jvmarg value="-agentlib:jdwp=transport=dt_socket,address=${jpda.address}"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <classpath refid="test.@{test.type}.run.cp"/>
                     <syspropertyset refid="test.@{test.type}.properties"/>
                     <customize/>
@@ -1270,7 +1258,6 @@
                     <jvmarg line="${test.insane.prepend.args}"/>
                     <syspropertyset refid="test.@{test.type}.properties"/>
                     <jvmarg line="${test.run.args}"/>
-                    <jvmarg line="${nbjdk.enable_security_manager}" />
                     <formatter type="brief" usefile="false"/>
                     <formatter type="xml"/>
                 </junit>

platform/core.execution/src/org/netbeans/core/execution/Install.java

@@ -29,7 +29,6 @@
 import java.awt.event.ActionListener;
 import java.awt.event.WindowAdapter;
 import java.awt.event.WindowEvent;
-import java.beans.Introspector;
 import java.beans.PropertyChangeEvent;
 import java.beans.PropertyChangeListener;
 import java.util.ArrayList;
@@ -50,7 +49,6 @@
 import javax.swing.event.ListDataEvent;
 import javax.swing.event.ListDataListener;
 import javax.swing.text.DefaultEditorKit;
-import org.netbeans.TopSecurityManager;
 import org.netbeans.core.ModuleActions;
 import org.netbeans.modules.progress.spi.Controller;
 import org.netbeans.modules.progress.spi.InternalHandle;
@@ -88,7 +86,7 @@ public class Install implements Runnable {
     private static final Logger LOG = Logger.getLogger(Install.class.getName());
 
     public @Override void run() {
-        TopSecurityManager.register(SecMan.DEFAULT);
+//        TopSecurityManager.register(SecMan.DEFAULT);
     }
 
     @OnStop
@@ -97,7 +95,7 @@ public static final class Down implements Runnable {
         public @Override void run() {
             showPendingTasks();
 
-            TopSecurityManager.unregister(SecMan.DEFAULT);
+//            TopSecurityManager.unregister(SecMan.DEFAULT);
         }
     }
 

platform/core.startup/src/org/netbeans/core/startup/ModuleLifecycleManager.java

@@ -38,13 +38,6 @@
 @ServiceProvider(service=LifecycleManager.class)
 public class ModuleLifecycleManager extends LifecycleManager {
     public ModuleLifecycleManager() {
-        Runtime.getRuntime().addShutdownHook(new Thread("close modules") { // NOI18N
-            public @Override void run() {
-                if (System.getSecurityManager() instanceof TopSecurityManager) {
-                    LifecycleManager.getDefault().exit();
-                }
-            }
-        });
     }
 
     public void saveAll() {

platform/core.startup/src/org/netbeans/core/startup/TopThreadGroup.java

@@ -20,7 +20,6 @@
 package org.netbeans.core.startup;
 
 import java.lang.Thread.UncaughtExceptionHandler;
-import org.netbeans.TopSecurityManager;
 import org.openide.util.Exceptions;
 
 /** The ThreadGroup for catching uncaught exceptions in Corona.

platform/o.n.bootstrap/launcher/unix/nbexec

@@ -192,7 +192,7 @@ fi
 # rename old heap dump to .old
 mv "${userdir}/var/log/heapdump.hprof" "${userdir}/var/log/heapdump.hprof.old" > /dev/null 2>&1
 
-jargs_without_clusters="$jargs -Djava.security.manager=allow"
+jargs_without_clusters="$jargs"
 jargs="-Dnetbeans.dirs=\"${clusters}\" $jargs_without_clusters"
 
 if [ -z "$cachedirspecified" ]; then

platform/o.n.bootstrap/launcher/windows/platformlauncher.cpp

@@ -579,8 +579,6 @@ void PlatformLauncher::prepareOptions() {
     option = OPT_KEEP_WORKING_SET_ON_MINIMIZE;
     javaOptions.push_back(option);
 
-    option = OPT_JAVA_SECURITY_MANAGER_ALLOW;
-    javaOptions.push_back(option);
 }
 
 string & PlatformLauncher::constructClassPath(bool runUpdater) {