diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a1deabfac90..fb2bad3e768 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -33,12 +33,11 @@ jobs: contents: read steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Set up JDK 17 + - uses: actions/checkout@v4 + - name: Set up JDK 21 uses: actions/setup-java@v4 with: - java-version: '17' + java-version: '21' distribution: 'temurin' cache: 'maven' - name: Build diff --git a/archetypes/assembly/src/main/resources/archetype-resources/pom.xml b/archetypes/assembly/src/main/resources/archetype-resources/pom.xml index e255be1e278..8cefb1c5b2e 100644 --- a/archetypes/assembly/src/main/resources/archetype-resources/pom.xml +++ b/archetypes/assembly/src/main/resources/archetype-resources/pom.xml @@ -174,7 +174,7 @@ - 11 + 21 diff --git a/archetypes/blueprint/src/main/resources/archetype-resources/pom.xml b/archetypes/blueprint/src/main/resources/archetype-resources/pom.xml index 738507ac93d..52dedc8d200 100644 --- a/archetypes/blueprint/src/main/resources/archetype-resources/pom.xml +++ b/archetypes/blueprint/src/main/resources/archetype-resources/pom.xml @@ -63,8 +63,9 @@ maven-compiler-plugin 3.13.0 - 1.8 - 1.8 + 21 + 21 + 21 256M diff --git a/archetypes/bundle/pom.xml b/archetypes/bundle/pom.xml index 3bbc2cecbac..0cb6128f97a 100644 --- a/archetypes/bundle/pom.xml +++ b/archetypes/bundle/pom.xml @@ -57,8 +57,9 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 + 21 + 21 + 21 256M diff --git a/archetypes/bundle/src/main/resources/archetype-resources/pom.xml b/archetypes/bundle/src/main/resources/archetype-resources/pom.xml index a6d0c97a5c1..b120803f3e8 100644 --- a/archetypes/bundle/src/main/resources/archetype-resources/pom.xml +++ b/archetypes/bundle/src/main/resources/archetype-resources/pom.xml @@ -82,8 +82,9 @@ maven-compiler-plugin 3.13.0 - 1.8 - 1.8 + 21 + 21 + 21 256M diff --git a/archetypes/command/src/main/resources/archetype-resources/pom.xml b/archetypes/command/src/main/resources/archetype-resources/pom.xml index 1548463bc7d..84efb47ad22 100644 --- a/archetypes/command/src/main/resources/archetype-resources/pom.xml +++ b/archetypes/command/src/main/resources/archetype-resources/pom.xml @@ -67,8 +67,9 @@ true 3.13.0 - 1.8 - 1.8 + 21 + 21 + 21 diff --git a/assemblies/apache-karaf-integration/pom.xml b/assemblies/apache-karaf-integration/pom.xml index 0c2f744b5ce..2972fd11d6b 100644 --- a/assemblies/apache-karaf-integration/pom.xml +++ b/assemblies/apache-karaf-integration/pom.xml @@ -187,7 +187,7 @@ - 17 + 21 ${project.build.directory} Apache Karaf Integration diff --git a/assemblies/apache-karaf-minimal/pom.xml b/assemblies/apache-karaf-minimal/pom.xml index 73dd86f274a..481bbedd666 100644 --- a/assemblies/apache-karaf-minimal/pom.xml +++ b/assemblies/apache-karaf-minimal/pom.xml @@ -145,7 +145,7 @@ !org.apache.karaf.command.acl.*, * - 11 + 21 diff --git a/assemblies/apache-karaf/pom.xml b/assemblies/apache-karaf/pom.xml index 64185742bf5..60dd7a90911 100644 --- a/assemblies/apache-karaf/pom.xml +++ b/assemblies/apache-karaf/pom.xml @@ -178,7 +178,7 @@ - 11 + 21 ${project.build.directory} Apache Karaf (full) diff --git a/assemblies/features/base/src/main/filtered-resources/resources/bin/inc b/assemblies/features/base/src/main/filtered-resources/resources/bin/inc index 2809e8be7cf..004142ab4ba 100644 --- a/assemblies/features/base/src/main/filtered-resources/resources/bin/inc +++ b/assemblies/features/base/src/main/filtered-resources/resources/bin/inc @@ -282,12 +282,6 @@ setupVendorSepcifics() { setupDefaults() { DEFAULT_JAVA_OPTS="-XX:+UnlockDiagnosticVMOptions " - if [ "${VERSION}" -gt "11" ]; then - # TODO revisit EventAdminImpl to avoid use of Subject.getSubject(AccessController.getContext()); - # -Djava.security.manager=allow is a workaround for SecurityController deprecation in JDK23+ - DEFAULT_JAVA_OPTS="$DEFAULT_JAVA_OPTS -Djava.security.manager=allow " - fi - setupVendorSepcifics DEFAULT_JAVA_OPTS="${DEFAULT_JAVA_OPTS} ${JAVA_VENDOR_OPTS}" diff --git a/assemblies/features/base/src/main/filtered-resources/resources/bin/karaf.bat b/assemblies/features/base/src/main/filtered-resources/resources/bin/karaf.bat index 4612bf5af27..7757b7d3da6 100644 --- a/assemblies/features/base/src/main/filtered-resources/resources/bin/karaf.bat +++ b/assemblies/features/base/src/main/filtered-resources/resources/bin/karaf.bat @@ -262,10 +262,6 @@ if not exist "%JAVA_HOME%\bin\server\jvm.dll" ( ) set DEFAULT_JAVA_OPTS=-XX:+UnlockDiagnosticVMOptions -if "%JAVA_VERSION%" GTR 11 ( - set DEFAULT_JAVA_OPTS=%DEFAULT_JAVA_OPTS% -Djava.security.manager=allow -) - if "%JAVA_OPTS%" == "" set JAVA_OPTS=%DEFAULT_JAVA_OPTS% if "%EXTRA_JAVA_OPTS%" == "" goto :KARAF_EXTRA_JAVA_OPTS_END diff --git a/assemblies/features/enterprise/pom.xml b/assemblies/features/enterprise/pom.xml index b50a3599ad9..ae831569f39 100644 --- a/assemblies/features/enterprise/pom.xml +++ b/assemblies/features/enterprise/pom.xml @@ -241,7 +241,7 @@ file:${project.build.directory}/feature/feature.xml org.apache.karaf.features:framework - 11 + 21 framework diff --git a/assemblies/features/integration/pom.xml b/assemblies/features/integration/pom.xml index f84467356ca..29197e782db 100644 --- a/assemblies/features/integration/pom.xml +++ b/assemblies/features/integration/pom.xml @@ -105,7 +105,7 @@ file:${project.build.directory}/feature/feature.xml org.apache.karaf.features:framework - 17 + 21 framework diff --git a/assemblies/features/specs/pom.xml b/assemblies/features/specs/pom.xml index 5d44bdd1d10..36ba1df5130 100644 --- a/assemblies/features/specs/pom.xml +++ b/assemblies/features/specs/pom.xml @@ -96,7 +96,7 @@ file:${project.build.directory}/feature/feature.xml org.apache.karaf.features:framework - 11 + 21 framework @@ -149,4 +149,4 @@ - \ No newline at end of file + diff --git a/assemblies/features/spring-legacy/pom.xml b/assemblies/features/spring-legacy/pom.xml index 17e6ddff116..42ad7c1750d 100644 --- a/assemblies/features/spring-legacy/pom.xml +++ b/assemblies/features/spring-legacy/pom.xml @@ -158,7 +158,7 @@ file:${project.build.directory}/feature/feature.xml org.apache.karaf.features:framework - 17 + 21 framework diff --git a/assemblies/features/spring/pom.xml b/assemblies/features/spring/pom.xml index b5abe0e26ad..c04a2ca250c 100644 --- a/assemblies/features/spring/pom.xml +++ b/assemblies/features/spring/pom.xml @@ -158,7 +158,7 @@ file:${project.build.directory}/feature/feature.xml org.apache.karaf.features:framework - 17 + 21 framework diff --git a/assemblies/features/standard/pom.xml b/assemblies/features/standard/pom.xml index a82c623aea4..a31e822aed1 100644 --- a/assemblies/features/standard/pom.xml +++ b/assemblies/features/standard/pom.xml @@ -465,7 +465,7 @@ file:${project.build.directory}/feature/feature.xml org.apache.karaf.features:framework - 11 + 21 framework diff --git a/examples/karaf-docker-example/karaf-docker-example-dynamic-dist/pom.xml b/examples/karaf-docker-example/karaf-docker-example-dynamic-dist/pom.xml index ae13f67f3ca..729a495cc3e 100644 --- a/examples/karaf-docker-example/karaf-docker-example-dynamic-dist/pom.xml +++ b/examples/karaf-docker-example/karaf-docker-example-dynamic-dist/pom.xml @@ -138,7 +138,7 @@ - 11 + 21 @@ -194,4 +194,4 @@ - \ No newline at end of file + diff --git a/examples/karaf-docker-example/karaf-docker-example-static-dist/pom.xml b/examples/karaf-docker-example/karaf-docker-example-static-dist/pom.xml index 0a36d879bed..dbc715cc36d 100644 --- a/examples/karaf-docker-example/karaf-docker-example-static-dist/pom.xml +++ b/examples/karaf-docker-example/karaf-docker-example-static-dist/pom.xml @@ -108,7 +108,7 @@ static true static - 11 + 21 diff --git a/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java b/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java index 2c56c3c15f7..d035bf57c5d 100644 --- a/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java +++ b/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java @@ -537,9 +537,6 @@ private void doStart(InstanceState instance, String name, String javaOpts) throw " --add-exports=jdk.naming.rmi/com.sun.jndi.url.rmi=ALL-UNNAMED" + " --add-exports=java.security.sasl/com.sun.security.sasl=ALL-UNNAMED" + " --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED"; - if (!System.getProperty("java.version").startsWith("11")) { - jdkOpts += " -Djava.security.manager=allow"; - } } else { jdkOpts = " -Djava.endorsed.dirs=\"" + new File(new File(new File(System.getProperty("java.home"), "jre"), "lib"), "endorsed") + System.getProperty("path.separator") + new File(new File(System.getProperty("java.home"), "lib"), "endorsed") + System.getProperty("path.separator") + new File(libDir, "endorsed").getCanonicalPath() + "\"" + " -Djava.ext.dirs=\"" + new File(new File(new File(System.getProperty("java.home"), "jre"), "lib"), "ext") + System.getProperty("path.separator") + new File(new File(System.getProperty("java.home"), "lib"), "ext") + System.getProperty("path.separator") + new File(libDir, "ext").getCanonicalPath() + "\""; diff --git a/itests/common/src/main/java/org/apache/karaf/itests/KarafTestSupport.java b/itests/common/src/main/java/org/apache/karaf/itests/KarafTestSupport.java index 75f5b111f45..e9c11d691f4 100644 --- a/itests/common/src/main/java/org/apache/karaf/itests/KarafTestSupport.java +++ b/itests/common/src/main/java/org/apache/karaf/itests/KarafTestSupport.java @@ -25,7 +25,6 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.security.Principal; -import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -429,7 +428,7 @@ private String executeCommand(final String command, final Long timeout, final Lo commandFuture = new FutureTask<>(() -> { Subject subject = new Subject(); subject.getPrincipals().addAll(Arrays.asList(principals)); - return Subject.doAs(subject, (PrivilegedExceptionAction) commandCallable::call); + return Subject.callAs(subject, (Callable) commandCallable::call); }); } diff --git a/itests/test/src/test/java/org/apache/karaf/itests/JavaSecurityTest.java b/itests/test/src/test/java/org/apache/karaf/itests/JavaSecurityTest.java index 009a9e436d3..2d6459b0a6b 100644 --- a/itests/test/src/test/java/org/apache/karaf/itests/JavaSecurityTest.java +++ b/itests/test/src/test/java/org/apache/karaf/itests/JavaSecurityTest.java @@ -34,7 +34,6 @@ import java.nio.file.StandardCopyOption; import java.util.*; -import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; import static org.ops4j.pax.exam.CoreOptions.maven; import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.*; @@ -72,8 +71,6 @@ public Option[] config() { @Test public void testJavaSecurity() throws Exception { - assertNotNull("Karaf should run under a security manager", System.getSecurityManager()); - BundleService service = getOsgiService(BundleService.class); long tried = 0; while (true) { diff --git a/jaas/command/src/main/java/org/apache/karaf/jaas/command/WhoamiCommand.java b/jaas/command/src/main/java/org/apache/karaf/jaas/command/WhoamiCommand.java index 3ce1e5dc6df..c587f166ed5 100644 --- a/jaas/command/src/main/java/org/apache/karaf/jaas/command/WhoamiCommand.java +++ b/jaas/command/src/main/java/org/apache/karaf/jaas/command/WhoamiCommand.java @@ -55,8 +55,7 @@ public Object execute() throws Exception { ShellTable table = new ShellTable(); // Get the currently-active JAAS Subject. - AccessControlContext acc = AccessController.getContext(); - Subject subj = Subject.getSubject(acc); + Subject subj = Subject.current(); String classString = USER_CLASS; if (groups) { diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/GSSAPILdapLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/GSSAPILdapLoginModule.java index 2c911765529..dd365e0fa05 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/GSSAPILdapLoginModule.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/GSSAPILdapLoginModule.java @@ -34,6 +34,8 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Map; +import java.util.concurrent.Callable; +import java.util.concurrent.CompletionException; /** * Specific LDAPLoginModule to be used with GSSAPI. Uses the specified realm as login context. @@ -62,9 +64,9 @@ public boolean login() throws LoginException { context.login(); try { - succeeded = Subject.doAs(context.getSubject(), (PrivilegedExceptionAction) this::doLogin); + succeeded = Subject.callAs(context.getSubject(), (Callable) this::doLogin); return succeeded; - } catch (PrivilegedActionException pExcp) { + } catch (CompletionException pExcp) { logger.error("error with delegated authentication", pExcp); throw new LoginException(pExcp.getMessage()); } diff --git a/management/server/src/main/java/org/apache/karaf/management/internal/BulkRequestContext.java b/management/server/src/main/java/org/apache/karaf/management/internal/BulkRequestContext.java index 7d1e0641e80..ce6f8f796cb 100644 --- a/management/server/src/main/java/org/apache/karaf/management/internal/BulkRequestContext.java +++ b/management/server/src/main/java/org/apache/karaf/management/internal/BulkRequestContext.java @@ -63,16 +63,11 @@ public static BulkRequestContext newContext(ConfigurationAdmin configAdmin) thro context.configAdmin = configAdmin; try { // check JAAS subject here - AccessControlContext acc = AccessController.getContext(); - if (acc == null) { + Subject subject = Subject.current(); + if (subject == null) { context.anonymous = true; } else { - Subject subject = Subject.getSubject(acc); - if (subject == null) { - context.anonymous = true; - } else { - context.principals.addAll(subject.getPrincipals()); - } + context.principals.addAll(subject.getPrincipals()); } // list available ACL configs - valid for this instance only for (Configuration config : configAdmin.listConfigurations("(service.pid=jmx.acl*)")) { diff --git a/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java b/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java index 53d2e37f2a4..3c7a99916e7 100644 --- a/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java +++ b/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java @@ -33,8 +33,8 @@ import java.io.IOException; import java.lang.reflect.Method; import java.security.Principal; -import java.security.PrivilegedAction; import java.util.*; +import java.util.concurrent.Callable; public class KarafMBeanServerGuardTest extends TestCase { @@ -462,7 +462,7 @@ private ConfigurationAdmin getMockConfigAdmin2(Dictionary... con public void testCurrentUserHasRole() throws Exception { Subject subject = loginWithTestRoles("test"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { assertTrue(JaasHelper.currentUserHasRole("test")); assertFalse(JaasHelper.currentUserHasRole("toast")); return null; @@ -476,7 +476,7 @@ public void testCurrentUserHasCustomRole() throws Exception { lm.login(); lm.commit(); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { assertTrue(JaasHelper.currentUserHasRole(TestRolePrincipal.class.getCanonicalName() + ":foo")); assertFalse(JaasHelper.currentUserHasRole("foo")); return null; @@ -493,7 +493,7 @@ public void testInvoke() throws Throwable { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("editor", "admin"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { Method im = MBeanServer.class.getMethod("invoke", ObjectName.class, String.class, Object[].class, String[].class); @@ -547,7 +547,7 @@ public void testGetAttributeIs() throws Throwable { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("editor", "admin"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { Method im = MBeanServer.class.getMethod("getAttribute", ObjectName.class, String.class); @@ -593,7 +593,7 @@ public void testGetAttributes() throws Throwable { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("editor", "admin"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { Method im = MBeanServer.class.getMethod("getAttributes", ObjectName.class, String[].class); @@ -641,7 +641,7 @@ public void testGetAttributes2() throws Throwable { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("editor", "admin"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { Method im = MBeanServer.class.getMethod("getAttributes", ObjectName.class, String[].class); @@ -688,7 +688,7 @@ public void testSetAttribute() throws Throwable { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("editor", "admin"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { Method im = MBeanServer.class.getMethod("setAttribute", ObjectName.class, Attribute.class); @@ -742,7 +742,7 @@ public void testSetAttributes() throws Throwable { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("editor", "admin"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { Method im = MBeanServer.class.getMethod("setAttributes", ObjectName.class, AttributeList.class); @@ -810,7 +810,7 @@ public void testCanInvokeMBean() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(mbs, on)); assertFalse(guard.canInvoke(mbs, on2)); @@ -851,7 +851,7 @@ public void testCanInvokeMBean2() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertFalse(guard.canInvoke(mbs, on)); @@ -889,7 +889,7 @@ public void testCanInvokeAnyOverload() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(mbs, on, "doit")); @@ -928,7 +928,7 @@ public void testCanInvokeAnyOverload2() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertFalse(guard.canInvoke(mbs, on, "doit")); @@ -960,7 +960,7 @@ public void testCanInvokeAnyOverload3() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertFalse(guard.canInvoke(mbs, on, "doit")); @@ -994,7 +994,7 @@ public void testCanGetAttributeAnyOverload() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(mbs, on, "getFoo")); @@ -1028,7 +1028,7 @@ public void testCanGetAttributeAnyOverload2() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertFalse(guard.canInvoke(mbs, on, "getFoo")); @@ -1063,7 +1063,7 @@ public void testCanGetAttributeAnyOverload3() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(mbs, on, "isFoo")); @@ -1098,7 +1098,7 @@ public void testCanGetAttributeAnyOverload4() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertFalse(guard.canInvoke(mbs, on, "isFoo")); @@ -1132,7 +1132,7 @@ public void testCanSetAttributeAnyOverload() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(mbs, on, "setFoo")); @@ -1166,7 +1166,7 @@ public void testCanSetAttributeAnyOverload2() throws Exception { guard.setConfigAdmin(ca); Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertFalse(guard.canInvoke(mbs, on, "setFoo")); @@ -1202,7 +1202,7 @@ public void testCanInvokeMBeanGetter() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(mbs, on)); @@ -1238,7 +1238,7 @@ public void testCanInvokeMBeanGetter2() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertFalse(guard.canInvoke(mbs, on)); @@ -1274,7 +1274,7 @@ public void testCanInvokeMBeanGetter3() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(mbs, on)); @@ -1310,7 +1310,7 @@ public void testCanInvokeMBeanSetter() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(mbs, on)); @@ -1346,7 +1346,7 @@ public void testCanInvokeMBeanSetter2() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertFalse(guard.canInvoke(mbs, on)); @@ -1374,7 +1374,7 @@ public void testCanInvokeMethod() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(null, on, "dodo", new String[]{"java.lang.String"})); assertTrue(guard.canInvoke(null, on, "doit", new String[]{"java.lang.String", "java.lang.String"})); @@ -1407,7 +1407,7 @@ public void testCanInvokeMethod2() throws Exception { Subject subject = loginWithTestRoles("viewer"); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { assertTrue(guard.canInvoke(null, on, "doit", new String[]{"java.lang.String"})); assertTrue(guard.canInvoke(null, on, "doit", new String[]{})); diff --git a/pom.xml b/pom.xml index 8e31943528e..6b10019d341 100644 --- a/pom.xml +++ b/pom.xml @@ -151,7 +151,7 @@ 1695310533 - 11 + 21 scm:git:https://gitbox.apache.org/repos/asf/karaf.git scm:git:https://gitbox.apache.org/repos/asf/karaf.git @@ -446,6 +446,15 @@ + + org.apache.maven.plugins + maven-compiler-plugin + + + -Xlint:deprecation + + + org.apache.maven.plugins maven-eclipse-plugin @@ -628,7 +637,8 @@ [3.3.9,4) - [11,) + + [21,) @@ -894,7 +904,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 1.8 + 21 diff --git a/service/guard/src/test/java/org/apache/karaf/service/guard/impl/GuardProxyCatalogTest.java b/service/guard/src/test/java/org/apache/karaf/service/guard/impl/GuardProxyCatalogTest.java index 21bb8f993f1..54bb4b737d3 100644 --- a/service/guard/src/test/java/org/apache/karaf/service/guard/impl/GuardProxyCatalogTest.java +++ b/service/guard/src/test/java/org/apache/karaf/service/guard/impl/GuardProxyCatalogTest.java @@ -28,9 +28,9 @@ import java.io.IOException; import java.security.Principal; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; +import java.util.concurrent.Callable; import java.util.Collection; import java.util.Collections; import java.util.Dictionary; @@ -338,7 +338,7 @@ public void testInvocationBlocking1() throws Exception { // Run with the right credentials so we can test the expected roles Subject subject = new Subject(); subject.getPrincipals().add(new RolePrincipal("b")); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { assertEquals("Doing it", ((TestServiceAPI) proxy).doit()); if (!runningUnderCoverage) { try { @@ -369,7 +369,7 @@ public void testInvocationBlocking2() throws Exception { // Run with the right credentials so we can test the expected roles Subject subject = new Subject(); subject.getPrincipals().add(new RolePrincipal("b")); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { if (!runningUnderCoverage) { assertEquals(-42L, ((TestObjectWithoutInterface) proxy).compute(42L)); try { @@ -414,7 +414,7 @@ public String doit() { // Run with the right credentials so we can test the expected roles Subject subject = new Subject(); subject.getPrincipals().add(new RolePrincipal("c")); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { assertEquals("Doing it", ((TestServiceAPI) proxy).doit()); return null; }); @@ -422,7 +422,7 @@ public String doit() { Subject subject2 = new Subject(); subject2.getPrincipals().add(new RolePrincipal("b")); subject2.getPrincipals().add(new RolePrincipal("f")); - Subject.doAs(subject2, (PrivilegedAction) () -> { + Subject.callAs(subject2, (Callable) () -> { try { assertEquals("Doing it", ((TestServiceAPI) proxy).doit()); fail("Should have been blocked"); @@ -450,7 +450,7 @@ public void testInvocationBlocking4() throws Exception { // Run with the right credentials so we can test the expected roles Subject subject = new Subject(); subject.getPrincipals().add(new RolePrincipal("b")); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { assertEquals("Doing it", ((TestServiceAPI) proxy).doit()); if (!runningUnderCoverage) { assertEquals(42L, ((TestObjectWithoutInterface) proxy).compute(-42L)); @@ -478,7 +478,7 @@ public void testInvocationBlocking5() throws Exception { // Invoke the service with role 'c'. Subject subject = new Subject(); subject.getPrincipals().add(new RolePrincipal("c")); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { assertEquals("The invocation under role 'c' should be ok, as there are no rules specified " + "for this service at all.", "HELLO", ((TestServiceAPI2) proxy).doit("hello")); return null; @@ -507,7 +507,7 @@ public void testInvocationBlocking6() throws Exception { subject.getPrincipals().add(new RolePrincipal("a")); subject.getPrincipals().add(new RolePrincipal("b")); subject.getPrincipals().add(new RolePrincipal("c")); - Subject.doAs(subject, (PrivilegedAction) () -> { + Subject.callAs(subject, (Callable) () -> { try { ((TestServiceAPI2) proxy).doit("hello"); fail("The invocation should not process as the 'doit' operation has no roles associated with it"); @@ -533,7 +533,7 @@ public void testInvocationBlocking7() throws Exception { final Object proxy = testCreateProxy(bc, new Class [] {TestServiceAPI3.class}, new TestService3()); Subject s1 = new Subject(); - Subject.doAs(s1, (PrivilegedAction) () -> { + Subject.callAs(s1, (Callable) () -> { TestServiceAPI3 obj = (TestServiceAPI3) proxy; assertEquals("Should have allowed this invocation for any (or no) role", -7, obj.foo(7)); try { @@ -556,7 +556,7 @@ public void testInvocationBlocking7() throws Exception { s2.getPrincipals().add(new RolePrincipal("a")); s2.getPrincipals().add(new RolePrincipal("b")); s2.getPrincipals().add(new RolePrincipal("d")); - Subject.doAs(s2, (PrivilegedAction) () -> { + Subject.callAs(s2, (Callable) () -> { TestServiceAPI3 obj = (TestServiceAPI3) proxy; assertEquals(42, obj.foo()); assertEquals(99, obj.bar()); @@ -585,7 +585,7 @@ public String getName() { Subject s1 = new Subject(); s1.getPrincipals().add(new RolePrincipal("role1")); - Subject.doAs(s1, (PrivilegedAction) () -> { + Subject.callAs(s1, (Callable) () -> { try { ((TestServiceAPI) proxy).doit(); fail("Should have prevented this invocation as the custom role is required"); @@ -598,7 +598,7 @@ public String getName() { Subject s2 = new Subject(); s2.getPrincipals().add(new MyRolePrincipal()); - Subject.doAs(s2, (PrivilegedAction) () -> { + Subject.callAs(s2, (Callable) () -> { ((TestServiceAPI) proxy).doit(); // Should work, the custom role is there return null; }); @@ -606,7 +606,7 @@ public String getName() { Subject s3 = new Subject(); s3.getPrincipals().add(new MyRolePrincipal()); s3.getPrincipals().add(new RolePrincipal("role1")); - Subject.doAs(s3, (PrivilegedAction) () -> { + Subject.callAs(s3, (Callable) () -> { ((TestServiceAPI) proxy).doit(); // Should work, the custom role is there return null; }); diff --git a/services/eventadmin/src/main/java/org/apache/felix/eventadmin/impl/handler/EventAdminImpl.java b/services/eventadmin/src/main/java/org/apache/felix/eventadmin/impl/handler/EventAdminImpl.java index 5491865dd9a..04188de856b 100644 --- a/services/eventadmin/src/main/java/org/apache/felix/eventadmin/impl/handler/EventAdminImpl.java +++ b/services/eventadmin/src/main/java/org/apache/felix/eventadmin/impl/handler/EventAdminImpl.java @@ -143,7 +143,7 @@ private Event prepareEvent(Event event) { boolean needSubject = addSubject && !event.containsProperty(SUBJECT); Subject subject = null; if (needSubject) { - subject = Subject.getSubject(AccessController.getContext()); + subject = Subject.current(); needSubject = (subject != null); } if (needTimeStamp || needSubject) { diff --git a/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandProcessorImpl.java b/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandProcessorImpl.java index 8ae524c936d..6b882ec9002 100644 --- a/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandProcessorImpl.java +++ b/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandProcessorImpl.java @@ -58,8 +58,7 @@ private SecuredCommandProcessorImpl(BundleContext bc, ServiceReference bundleContext = bc; threadIOServiceReference = sr; - AccessControlContext acc = AccessController.getContext(); - Subject sub = Subject.getSubject(acc); + Subject sub = Subject.current(); if (sub == null) throw new SecurityException("No current Subject in the Access Control Context"); diff --git a/shell/console/src/main/java/org/apache/karaf/shell/util/ShellUtil.java b/shell/console/src/main/java/org/apache/karaf/shell/util/ShellUtil.java index 5942a890df8..4d75d3fa4a6 100644 --- a/shell/console/src/main/java/org/apache/karaf/shell/util/ShellUtil.java +++ b/shell/console/src/main/java/org/apache/karaf/shell/util/ShellUtil.java @@ -170,8 +170,7 @@ public static void logException(CommandSession session, Throwable t) { } public static String getCurrentUserName() { - AccessControlContext acc = AccessController.getContext(); - final Subject subject = Subject.getSubject(acc); + final Subject subject = Subject.current(); if (subject != null && subject.getPrincipals(UserPrincipal.class).iterator().hasNext()) { return subject.getPrincipals(UserPrincipal.class).iterator().next().getName(); } else { diff --git a/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java b/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java index e9544265ea6..77a8d8568d0 100644 --- a/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java +++ b/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java @@ -278,11 +278,7 @@ static boolean currentUserHasRole(String requestedRole) { role = requestedRole; } - AccessControlContext acc = AccessController.getContext(); - if (acc == null) { - return false; - } - Subject subject = Subject.getSubject(acc); + Subject subject = Subject.current(); if (subject == null) { return false; diff --git a/shell/core/src/main/java/org/apache/karaf/shell/support/ShellUtil.java b/shell/core/src/main/java/org/apache/karaf/shell/support/ShellUtil.java index de871baf02f..828a5f398d8 100644 --- a/shell/core/src/main/java/org/apache/karaf/shell/support/ShellUtil.java +++ b/shell/core/src/main/java/org/apache/karaf/shell/support/ShellUtil.java @@ -211,8 +211,7 @@ private static String getPrintStackTraces(Session session) { } public static String getCurrentUserName() { - AccessControlContext acc = AccessController.getContext(); - final Subject subject = Subject.getSubject(acc); + final Subject subject = Subject.current(); if (subject != null && subject.getPrincipals(UserPrincipal.class).iterator().hasNext()) { return subject.getPrincipals(UserPrincipal.class).iterator().next().getName(); } else { diff --git a/specs/javaxml/src/main/java/javax/xml/datatype/$FactoryFinder.java b/specs/javaxml/src/main/java/javax/xml/datatype/$FactoryFinder.java index 1e550400c77..099499247f5 100644 --- a/specs/javaxml/src/main/java/javax/xml/datatype/$FactoryFinder.java +++ b/specs/javaxml/src/main/java/javax/xml/datatype/$FactoryFinder.java @@ -77,12 +77,6 @@ static T newInstance(Class type, String className, ClassLoader cl, boolea static T newInstance(Class type, String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader) throws DatatypeConfigurationException { assert type != null; - if (System.getSecurityManager() != null) { - if (className != null && className.startsWith(DEFAULT_PACKAGE)) { - cl = null; - useBSClsLoader = true; - } - } try { Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader); if (!type.isAssignableFrom(providerClass)) { diff --git a/specs/javaxml/src/main/java/javax/xml/parsers/$FactoryFinder.java b/specs/javaxml/src/main/java/javax/xml/parsers/$FactoryFinder.java index f209bf40601..d49d2fbe6e4 100644 --- a/specs/javaxml/src/main/java/javax/xml/parsers/$FactoryFinder.java +++ b/specs/javaxml/src/main/java/javax/xml/parsers/$FactoryFinder.java @@ -93,12 +93,6 @@ static T newInstance(Class type, String className, ClassLoader cl, boolea static T newInstance(Class type, String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader) throws FactoryConfigurationError { assert type != null; - if (System.getSecurityManager() != null) { - if (className != null && className.startsWith(DEFAULT_PACKAGE)) { - cl = null; - useBSClsLoader = true; - } - } try { Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader); if (!type.isAssignableFrom(providerClass)) { diff --git a/specs/javaxml/src/main/java/javax/xml/stream/$FactoryFinder.java b/specs/javaxml/src/main/java/javax/xml/stream/$FactoryFinder.java index 919cba8d995..9f15eb98801 100644 --- a/specs/javaxml/src/main/java/javax/xml/stream/$FactoryFinder.java +++ b/specs/javaxml/src/main/java/javax/xml/stream/$FactoryFinder.java @@ -77,12 +77,6 @@ static T newInstance(Class type, String className, ClassLoader cl, boolea static T newInstance(Class type, String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader) throws FactoryConfigurationError { assert type != null; - if (System.getSecurityManager() != null) { - if (className != null && className.startsWith(DEFAULT_PACKAGE)) { - cl = null; - useBSClsLoader = true; - } - } try { Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader); if (!type.isAssignableFrom(providerClass)) { diff --git a/specs/javaxml/src/main/java/javax/xml/transform/$FactoryFinder.java b/specs/javaxml/src/main/java/javax/xml/transform/$FactoryFinder.java index 20f3b87720c..6f00f5fafc8 100644 --- a/specs/javaxml/src/main/java/javax/xml/transform/$FactoryFinder.java +++ b/specs/javaxml/src/main/java/javax/xml/transform/$FactoryFinder.java @@ -88,12 +88,6 @@ static T newInstance(Class type, String className, ClassLoader cl, boolea static T newInstance(Class type, String className, ClassLoader cl, boolean doFallback, boolean useBSClsLoader) { assert type != null; - if (System.getSecurityManager() != null) { - if (className != null && className.startsWith(DEFAULT_PACKAGE)) { - cl = null; - useBSClsLoader = true; - } - } try { Class providerClass = getProviderClass(className, cl, doFallback, useBSClsLoader); if (!type.isAssignableFrom(providerClass)) { diff --git a/specs/javaxml/src/main/java/javax/xml/validation/$SchemaFactoryFinder.java b/specs/javaxml/src/main/java/javax/xml/validation/$SchemaFactoryFinder.java index d96ccfd0a81..553b7dba0f9 100644 --- a/specs/javaxml/src/main/java/javax/xml/validation/$SchemaFactoryFinder.java +++ b/specs/javaxml/src/main/java/javax/xml/validation/$SchemaFactoryFinder.java @@ -161,15 +161,8 @@ private SchemaFactory _newFactory(String schemaLanguage) { private Class createClass(String className) { Class clazz; - boolean internal = false; - if (System.getSecurityManager() != null) { - if (className != null && className.startsWith(DEFAULT_PACKAGE)) { - internal = true; - } - } - try { - if (classLoader != null && !internal) { + if (classLoader != null) { clazz = Class.forName(className, false, classLoader); } else { clazz = Class.forName(className); @@ -206,7 +199,7 @@ SchemaFactory createInstance(String className, boolean useServicesMechanism) { + " cannot be cast to " + SchemaFactory.class); } if (!useServicesMechanism) { - schemaFactory = newInstanceNoServiceLoader(clazz); + schemaFactory =null; } if (schemaFactory == null) { schemaFactory = (SchemaFactory) clazz.newInstance(); @@ -222,38 +215,6 @@ SchemaFactory createInstance(String className, boolean useServicesMechanism) { return schemaFactory; } - private static SchemaFactory newInstanceNoServiceLoader( - Class providerClass - ) { - if (System.getSecurityManager() == null) { - return null; - } - try { - final Method creationMethod = - providerClass.getDeclaredMethod( - "newXMLSchemaFactoryNoServiceLoader" - ); - final int modifiers = creationMethod.getModifiers(); - - if (!Modifier.isStatic(modifiers) || !Modifier.isPublic(modifiers)) { - return null; - } - - // Only calls "newXMLSchemaFactoryNoServiceLoader" if it's - final Class returnType = creationMethod.getReturnType(); - if (SERVICE_CLASS.isAssignableFrom(returnType)) { - return SERVICE_CLASS.cast(creationMethod.invoke(null, (Object[]) null)); - } else { - throw new ClassCastException(returnType - + " cannot be cast to " + SERVICE_CLASS); - } - } catch (ClassCastException e) { - throw new SchemaFactoryConfigurationError(e.getMessage(), e); - } catch (Exception exc) { - return null; - } - } - private boolean isSchemaLanguageSupportedBy(final SchemaFactory factory, final String schemaLanguage, AccessControlContext acc) { diff --git a/specs/javaxml/src/main/java/javax/xml/xpath/$XPathFactoryFinder.java b/specs/javaxml/src/main/java/javax/xml/xpath/$XPathFactoryFinder.java index f6cc156bf3b..8cd4b066e45 100644 --- a/specs/javaxml/src/main/java/javax/xml/xpath/$XPathFactoryFinder.java +++ b/specs/javaxml/src/main/java/javax/xml/xpath/$XPathFactoryFinder.java @@ -164,15 +164,8 @@ private XPathFactory _newFactory(String uri) throws XPathFactoryConfigurationExc private Class createClass(String className) { Class clazz; - boolean internal = false; - if (System.getSecurityManager() != null) { - if (className != null && className.startsWith(DEFAULT_PACKAGE)) { - internal = true; - } - } - try { - if (classLoader != null && !internal) { + if (classLoader != null) { clazz = Class.forName(className, false, classLoader); } else { clazz = Class.forName(className); @@ -207,7 +200,7 @@ XPathFactory createInstance(String className, boolean useServicesMechanism) try { if (!useServicesMechanism) { - xPathFactory = newInstanceNoServiceLoader(clazz); + xPathFactory = null; } if (xPathFactory == null) { xPathFactory = (XPathFactory) clazz.newInstance(); @@ -223,39 +216,6 @@ XPathFactory createInstance(String className, boolean useServicesMechanism) return xPathFactory; } - private static XPathFactory newInstanceNoServiceLoader( - Class providerClass - ) throws XPathFactoryConfigurationException { - if (System.getSecurityManager() == null) { - return null; - } - try { - Method creationMethod = - providerClass.getDeclaredMethod( - "newXPathFactoryNoServiceLoader" - ); - final int modifiers = creationMethod.getModifiers(); - - // Do not call "newXPathFactoryNoServiceLoader" if it's - if (!Modifier.isStatic(modifiers) || !Modifier.isPublic(modifiers)) { - return null; - } - - // Only calls "newXPathFactoryNoServiceLoader" if it's - final Class returnType = creationMethod.getReturnType(); - if (SERVICE_CLASS.isAssignableFrom(returnType)) { - return SERVICE_CLASS.cast(creationMethod.invoke(null, (Object[]) null)); - } else { - throw new ClassCastException(returnType - + " cannot be cast to " + SERVICE_CLASS); - } - } catch (ClassCastException e) { - throw new XPathFactoryConfigurationException(e); - } catch (Exception exc) { - return null; - } - } - private boolean isObjectModelSupportedBy(final XPathFactory factory, final String objectModel, AccessControlContext acc) { diff --git a/specs/javaxmlws/src/main/java/javax/xml/bind/ContextFinder.java b/specs/javaxmlws/src/main/java/javax/xml/bind/ContextFinder.java index 9e8c0acc804..4cb9c7b3030 100644 --- a/specs/javaxmlws/src/main/java/javax/xml/bind/ContextFinder.java +++ b/specs/javaxmlws/src/main/java/javax/xml/bind/ContextFinder.java @@ -484,15 +484,6 @@ private static Class safeLoadClass(String className, ClassLoader classLoader) th } logger.fine("Trying to load "+className); try { - // make sure that the current thread has an access to the package of the given name. - SecurityManager s = System.getSecurityManager(); - if (s != null) { - int i = className.lastIndexOf('.'); - if (i != -1) { - s.checkPackageAccess(className.substring(0,i)); - } - } - if (classLoader == null) { return Class.forName(className); } else { diff --git a/specs/javaxmlws/src/main/java/javax/xml/soap/$FactoryFinder.java b/specs/javaxmlws/src/main/java/javax/xml/soap/$FactoryFinder.java index 65938dd9f79..bd5b3bfb7f2 100644 --- a/specs/javaxmlws/src/main/java/javax/xml/soap/$FactoryFinder.java +++ b/specs/javaxmlws/src/main/java/javax/xml/soap/$FactoryFinder.java @@ -205,16 +205,6 @@ private static T firstByServiceLoader(Class spiClass) throws SOAPExceptio return null; } - private static void checkPackageAccess(String className) { - SecurityManager s = System.getSecurityManager(); - if (s != null) { - int i = className.lastIndexOf('.'); - if (i != -1) { - s.checkPackageAccess(className.substring(0, i)); - } - } - } - private static Class nullSafeLoadClass(String className, ClassLoader classLoader) throws ClassNotFoundException { if (classLoader == null) { return Class.forName(className); @@ -234,14 +224,6 @@ static Object newInstance(String className, String defaultImplClassName, ClassLo } private static Class safeLoadClass(String className, String defaultImplClassName, ClassLoader classLoader) throws ClassNotFoundException { - try { - checkPackageAccess(className); - } catch (SecurityException se) { - if (defaultImplClassName != null && defaultImplClassName.equals(className)) { - return Class.forName(className); - } - throw se; - } return nullSafeLoadClass(className, classLoader); } diff --git a/specs/javaxmlws/src/main/java/javax/xml/ws/spi/$FactoryFinder.java b/specs/javaxmlws/src/main/java/javax/xml/ws/spi/$FactoryFinder.java index 12bce644faf..4eca078ded3 100644 --- a/specs/javaxmlws/src/main/java/javax/xml/ws/spi/$FactoryFinder.java +++ b/specs/javaxmlws/src/main/java/javax/xml/ws/spi/$FactoryFinder.java @@ -114,16 +114,6 @@ private static T firstByServiceLoader(Class spiClass) throws WebServiceEx return null; } - private static void checkPackageAccess(String className) { - SecurityManager s = System.getSecurityManager(); - if (s != null) { - int i = className.lastIndexOf('.'); - if (i != -1) { - s.checkPackageAccess(className.substring(0, i)); - } - } - } - private static Class nullSafeLoadClass(String className, ClassLoader classLoader) throws ClassNotFoundException { if (classLoader == null) { return Class.forName(className); @@ -143,14 +133,6 @@ private static Object newInstance(String className, String defaultImplClassName, } private static Class safeLoadClass(String className, String defaultImplClassName, ClassLoader classLoader) throws ClassNotFoundException { - try { - checkPackageAccess(className); - } catch (SecurityException se) { - if (defaultImplClassName != null && defaultImplClassName.equals(className)) { - return Class.forName(className); - } - throw se; - } return nullSafeLoadClass(className, classLoader); } diff --git a/tooling/karaf-maven-plugin/pom.xml b/tooling/karaf-maven-plugin/pom.xml index 77e9bf84701..7db6e2151f4 100644 --- a/tooling/karaf-maven-plugin/pom.xml +++ b/tooling/karaf-maven-plugin/pom.xml @@ -372,8 +372,7 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 + 21 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-aggregate-features/pom.xml b/tooling/karaf-maven-plugin/src/it/test-aggregate-features/pom.xml index f0009ac396c..efc3d39e8fa 100644 --- a/tooling/karaf-maven-plugin/src/it/test-aggregate-features/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-aggregate-features/pom.xml @@ -47,8 +47,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-basic-generation/pom.xml b/tooling/karaf-maven-plugin/src/it/test-basic-generation/pom.xml index 45122f8b064..54ca3b8a673 100644 --- a/tooling/karaf-maven-plugin/src/it/test-basic-generation/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-basic-generation/pom.xml @@ -36,8 +36,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-check-dependencies-failure/pom.xml b/tooling/karaf-maven-plugin/src/it/test-check-dependencies-failure/pom.xml index f4b22b2f53f..29fc8781486 100644 --- a/tooling/karaf-maven-plugin/src/it/test-check-dependencies-failure/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-check-dependencies-failure/pom.xml @@ -43,8 +43,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-check-dependencies/pom.xml b/tooling/karaf-maven-plugin/src/it/test-check-dependencies/pom.xml index fb2e03ac23e..a83ec2b9078 100644 --- a/tooling/karaf-maven-plugin/src/it/test-check-dependencies/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-check-dependencies/pom.xml @@ -44,8 +44,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-feature-dependencies/pom.xml b/tooling/karaf-maven-plugin/src/it/test-feature-dependencies/pom.xml index b60f6502281..643ae0fddb3 100644 --- a/tooling/karaf-maven-plugin/src/it/test-feature-dependencies/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-feature-dependencies/pom.xml @@ -47,8 +47,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-feature-use-version-range-transfer-properties/transitive/pom.xml b/tooling/karaf-maven-plugin/src/it/test-feature-use-version-range-transfer-properties/transitive/pom.xml index 42ec7de9b4a..538bbe6fe48 100644 --- a/tooling/karaf-maven-plugin/src/it/test-feature-use-version-range-transfer-properties/transitive/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-feature-use-version-range-transfer-properties/transitive/pom.xml @@ -34,8 +34,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-include-project-artifact/pom.xml b/tooling/karaf-maven-plugin/src/it/test-include-project-artifact/pom.xml index 925f726230f..ef3459b0804 100644 --- a/tooling/karaf-maven-plugin/src/it/test-include-project-artifact/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-include-project-artifact/pom.xml @@ -36,8 +36,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-input-file/pom.xml b/tooling/karaf-maven-plugin/src/it/test-input-file/pom.xml index a135fb1b30e..b3d5c9a0600 100644 --- a/tooling/karaf-maven-plugin/src/it/test-input-file/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-input-file/pom.xml @@ -42,8 +42,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-recursive/pom.xml b/tooling/karaf-maven-plugin/src/it/test-recursive/pom.xml index 46e8ac969b4..d5d4d951bcc 100644 --- a/tooling/karaf-maven-plugin/src/it/test-recursive/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-recursive/pom.xml @@ -43,8 +43,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-rename-main-feature/pom.xml b/tooling/karaf-maven-plugin/src/it/test-rename-main-feature/pom.xml index d81411df4ee..eb704fb2da2 100644 --- a/tooling/karaf-maven-plugin/src/it/test-rename-main-feature/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-rename-main-feature/pom.xml @@ -36,8 +36,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-repository-dependencies/pom.xml b/tooling/karaf-maven-plugin/src/it/test-repository-dependencies/pom.xml index 063e4ff3750..9bf5dfbec4e 100644 --- a/tooling/karaf-maven-plugin/src/it/test-repository-dependencies/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-repository-dependencies/pom.xml @@ -45,8 +45,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-run-bundle/pom.xml b/tooling/karaf-maven-plugin/src/it/test-run-bundle/pom.xml index ec2d2342cf3..eb20c8100d8 100644 --- a/tooling/karaf-maven-plugin/src/it/test-run-bundle/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-run-bundle/pom.xml @@ -32,8 +32,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-simplify-bundles/pom.xml b/tooling/karaf-maven-plugin/src/it/test-simplify-bundles/pom.xml index 6eebb6565e8..b0b8dd7aa8e 100644 --- a/tooling/karaf-maven-plugin/src/it/test-simplify-bundles/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-simplify-bundles/pom.xml @@ -56,8 +56,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-transitive-as-dependency/pom.xml b/tooling/karaf-maven-plugin/src/it/test-transitive-as-dependency/pom.xml index 3dde7c68be5..1c7d73eb019 100644 --- a/tooling/karaf-maven-plugin/src/it/test-transitive-as-dependency/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-transitive-as-dependency/pom.xml @@ -45,8 +45,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/tooling/karaf-maven-plugin/src/it/test-type-classifier/pom.xml b/tooling/karaf-maven-plugin/src/it/test-type-classifier/pom.xml index 3fc5a796d12..57b5fe95565 100644 --- a/tooling/karaf-maven-plugin/src/it/test-type-classifier/pom.xml +++ b/tooling/karaf-maven-plugin/src/it/test-type-classifier/pom.xml @@ -37,8 +37,6 @@ org.apache.maven.plugins maven-compiler-plugin - 1.8 - 1.8 256M ${compiler.fork} diff --git a/util/src/main/java/org/apache/karaf/util/ThreadUtils.java b/util/src/main/java/org/apache/karaf/util/ThreadUtils.java index 9ea69e3ac0e..ad2a764972f 100644 --- a/util/src/main/java/org/apache/karaf/util/ThreadUtils.java +++ b/util/src/main/java/org/apache/karaf/util/ThreadUtils.java @@ -38,8 +38,7 @@ private static class NamedThreadFactory implements ThreadFactory { private final String namePrefix; public NamedThreadFactory(String prefix) { - SecurityManager s = System.getSecurityManager(); - group = (s != null) ? s.getThreadGroup() : Thread.currentThread().getThreadGroup(); + group = Thread.currentThread().getThreadGroup(); namePrefix = prefix + "-" + poolNumber.getAndIncrement() + "-thread-"; } diff --git a/util/src/main/java/org/apache/karaf/util/jaas/JaasHelper.java b/util/src/main/java/org/apache/karaf/util/jaas/JaasHelper.java index e9df8242daf..d121731081f 100644 --- a/util/src/main/java/org/apache/karaf/util/jaas/JaasHelper.java +++ b/util/src/main/java/org/apache/karaf/util/jaas/JaasHelper.java @@ -38,11 +38,7 @@ public static boolean currentUserHasRole(String requestedRole) { return true; } - AccessControlContext acc = AccessController.getContext(); - if (acc == null) { - return false; - } - Subject subject = Subject.getSubject(acc); + Subject subject = Subject.current(); if (subject == null) { return false; } diff --git a/util/src/main/java/org/apache/karaf/util/tracker/BaseActivator.java b/util/src/main/java/org/apache/karaf/util/tracker/BaseActivator.java index de39cb0844c..7864ff60566 100644 --- a/util/src/main/java/org/apache/karaf/util/tracker/BaseActivator.java +++ b/util/src/main/java/org/apache/karaf/util/tracker/BaseActivator.java @@ -66,8 +66,7 @@ public class BaseActivator implements BundleActivator, Runnable, ThreadFactory { private final String namePrefix; public BaseActivator() { - SecurityManager s = System.getSecurityManager(); - group = (s != null) ? s.getThreadGroup() : Thread.currentThread().getThreadGroup(); + group = Thread.currentThread().getThreadGroup(); namePrefix = "activator-" + poolNumber.getAndIncrement() + "-thread-"; } diff --git a/webconsole/gogo/src/main/java/org/apache/karaf/webconsole/gogo/GogoPlugin.java b/webconsole/gogo/src/main/java/org/apache/karaf/webconsole/gogo/GogoPlugin.java index 5e8aaf29e7f..8afb3ac2465 100644 --- a/webconsole/gogo/src/main/java/org/apache/karaf/webconsole/gogo/GogoPlugin.java +++ b/webconsole/gogo/src/main/java/org/apache/karaf/webconsole/gogo/GogoPlugin.java @@ -208,8 +208,7 @@ public SessionTerminal() throws IOException { } private String getCurrentUserName() { - AccessControlContext acc = AccessController.getContext(); - final Subject subject = Subject.getSubject(acc); + final Subject subject = Subject.current(); if (subject != null && subject.getPrincipals().iterator().hasNext()) { return subject.getPrincipals(UserPrincipal.class).iterator().next().getName(); } else {