Remove deprecated SecurityManager, AccessController, SecurityException #184

core/src/main/java/org/eclipse/angus/mail/auth/OAuth2SaslClientFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2025 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -73,11 +73,7 @@ public String[] getMechanismNames(Map<String, ?> props) {
      * If we're not allowed to add this provider, just give up silently.
      */
     public static void init() {
-        try {
-            if (Security.getProvider(PROVIDER_NAME) == null)
-                Security.addProvider(new OAuth2Provider());
-        } catch (SecurityException ex) {
-            // oh well...
-        }
+        if (Security.getProvider(PROVIDER_NAME) == null)
+            Security.addProvider(new OAuth2Provider());
     }
 }

core/src/main/java/org/eclipse/angus/mail/util/PropUtil.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2025 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -108,27 +108,7 @@ public static boolean getBooleanSessionProperty(Session session,
      * @return the property value
      */
     public static boolean getBooleanSystemProperty(String name, boolean def) {
-        try {
-            return getBoolean(getProp(System.getProperties(), name), def);
-        } catch (SecurityException sex) {
-            // fall through...
-        }
-
-        /*
-         * If we can't get the entire System Properties object because
-         * of a SecurityException, just ask for the specific property.
-         */
-        try {
-            String value = System.getProperty(name);
-            if (value == null)
-                return def;
-            if (def)
-                return !value.equalsIgnoreCase("false");
-            else
-                return value.equalsIgnoreCase("true");
-        } catch (SecurityException sex) {
-            return def;
-        }
+        return getBoolean(getProp(System.getProperties(), name), def);
     }
 
     /**

core/src/main/java/org/eclipse/angus/mail/util/SocketFetcher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2024 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2025 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -37,10 +37,8 @@
 import java.net.SocketTimeoutException;
 import java.nio.channels.SocketChannel;
 import java.nio.charset.StandardCharsets;
-import java.security.AccessController;
 import java.security.cert.CertificateException;
 import java.security.GeneralSecurityException;
-import java.security.PrivilegedAction;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -963,22 +961,9 @@ private static String[] stringArray(String s) {
 
     /**
      * Convenience method to get our context class loader.
-     * Assert any privileges we might have and then call the
-     * Thread.getContextClassLoader method.
      */
     private static ClassLoader getContextClassLoader() {
-        return
-                AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
-                    @Override
-                    public ClassLoader run() {
-                        ClassLoader cl = null;
-                        try {
-                            cl = Thread.currentThread().getContextClassLoader();
-                        } catch (SecurityException ex) {
-                        }
-                        return cl;
-                    }
-                });
+        return Thread.currentThread().getContextClassLoader();
     }
 
     /**
@@ -1061,7 +1046,7 @@ public boolean verify(String server, SSLSession ssls) {
             }
 
             // XXX - following is a *very* crude parse of the name and ignores
-            //	 all sorts of important issues such as quoting
+            // all sorts of important issues such as quoting
             Pattern p = Pattern.compile("CN=([^,]*)");
             Matcher m = p.matcher(cert.getSubjectX500Principal().getName());
             if (m.find() && matchServer(server, m.group(1).trim()))

mailhandler/src/main/java/org/eclipse/angus/mail/util/logging/CollectorFormatter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2025 Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2013, 2023 Jason Mehrens. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -468,7 +468,6 @@ record = last;
      * Sets the message format string for this formatter.
      *
      * @param format the format pattern or null for default pattern.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -494,7 +493,6 @@ private synchronized void setFormat0(String v) {
      * Gets the message format string for this formatter.
      *
      * @return a non null format pattern.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -507,7 +505,6 @@ public synchronized String getFormat() {
      * Sets the target formatter.
      *
      * @param f the target formatter or null to use a LogManager default.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -535,7 +532,6 @@ private synchronized void setFormatter0(Formatter f) {
      * Gets the target formatter.
      *
      * @return a non null formatter.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -549,7 +545,6 @@ public synchronized Formatter getFormatter() {
      *
      * @param c the comparator used to order LogRecords. A null value can be
      * used to specify choosing the last seen record.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -574,7 +569,6 @@ private synchronized void setComparator0(Comparator<? super LogRecord> c) {
      *
      * @return the comparator used to order LogRecords or null if choosing the
      * most recent record.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */

mailhandler/src/main/java/org/eclipse/angus/mail/util/logging/CompactFormatter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2024 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2025 Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2013, 2024 Jason Mehrens. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -640,7 +640,6 @@ private boolean isReflection(final StackTraceElement s) {
      * Gets the format pattern for this formatter.
      *
      * @return the format pattern.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -653,7 +652,6 @@ public String getFormat() {
      * Sets the format pattern for this formatter.
      *
      * @param format the format pattern. If null, the default pattern is used.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */

mailhandler/src/main/java/org/eclipse/angus/mail/util/logging/DurationFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2025 Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2015, 2023 Jason Mehrens. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -211,7 +211,6 @@ public boolean isLoggable() {
      * Gets the max number of records per duration.
      *
      * @return the max number of records per duration.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -224,7 +223,6 @@ public synchronized long getRecords() {
      * Sets the max number of records per duration.
      *
      * @param records the max number of records per duration.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -237,7 +235,6 @@ public synchronized void setRecords(long records) {
      * Sets the duration in milliseconds used to determine the log record rate.
      *
      * @param duration in milliseconds to determine the log record rate.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */
@@ -250,7 +247,6 @@ public synchronized void setDurationMillis(long duration) {
      * Gets the duration in milliseconds used to determine the log record rate.
      *
      * @return duration in milliseconds used to determine the log record rate.
-     * @throws SecurityException if a security manager exists and the caller
      * does not have <code>LoggingPermission("control")</code>.
      * @since Angus Mail 2.0.3
      */

mailhandler/src/main/java/org/eclipse/angus/mail/util/logging/LogManagerProperties.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2024 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2025 Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2009, 2024 Jason Mehrens. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -25,7 +25,6 @@
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.lang.reflect.UndeclaredThrowableException;
-import java.security.PrivilegedAction;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.Enumeration;
@@ -237,10 +236,8 @@ static String fromLogManager(final String name) {
 
     /**
      * Check that the current context is trusted to modify the logging
-     * configuration. This requires LoggingPermission("control").
+     * configuration.
      *
-     * @throws SecurityException if a security manager exists and the caller
-     *                           does not have {@code LoggingPermission("control")}.
      * @since JavaMail 1.5.3
      */
     static void checkLogManagerAccess() {
@@ -254,10 +251,6 @@ static void checkLogManagerAccess() {
                         checked = true;
                     } catch (InvocationTargetException ite) {
                         Throwable cause = ite.getCause();
-                        if (cause instanceof SecurityException) {
-                            checked = true;
-                            throw (SecurityException) cause;
-                        }
 
                         if (cause instanceof UnsupportedOperationException) {
                            checked = true;
@@ -267,10 +260,6 @@ static void checkLogManagerAccess() {
                     } catch (ReflectiveOperationException fallthrough) {
                     }
                 }
-            } catch (final SecurityException notAllowed) {
-                if (checked) {
-                    throw notAllowed;
-                }
             } catch (final LinkageError | RuntimeException restricted) {
             } //GAE will forbid access to LogManager
         }
@@ -384,7 +373,6 @@ static Long getLongThreadID(final LogRecord record) {
      * @throws Exception                   if there is a problem.
      * @throws NoSuchMethodException       if the given service does not have a method
      *                                     to get the local host name as a string.
-     * @throws SecurityException           if unable to inspect properties of object.
      * @since JavaMail 1.5.3
      */
     static String getLocalHost(final Object s) throws Exception {
@@ -418,8 +406,6 @@ static String getLocalHost(final Object s) throws Exception {
      * @throws ExceptionInInitializerError if the static initializer fails.
      * @throws Exception                   if there is a problem.
      * @throws NoSuchMethodException       if the correct time methods are missing.
-     * @throws SecurityException           if reflective access to the java.time classes
-     *                                     are not allowed.
      * @since JavaMail 1.5.5
      */
     static long parseDurationToMillis(final CharSequence value) throws Exception {
@@ -622,7 +608,6 @@ static ErrorManager newErrorManager(String name) throws Exception {
      * @throws LinkageError                if the linkage fails.
      * @throws ExceptionInInitializerError if the static initializer fails.
      * @throws Exception                   to match the error method of the ErrorManager.
-     * @throws SecurityException           if unable to inspect properties of class.
      * @since JavaMail 1.5.2
      */
     static boolean isStaticUtilityClass(String name) throws Exception {
@@ -656,7 +641,6 @@ static boolean isStaticUtilityClass(String name) throws Exception {
      * @throws LinkageError                if the linkage fails.
      * @throws ExceptionInInitializerError if the static initializer fails.
      * @throws Exception                   to match the error method of the ErrorManager.
-     * @throws SecurityException           if unable to inspect properties of class.
      * @since JavaMail 1.5.2
      */
     static boolean isReflectionClass(String name) throws Exception {
@@ -844,82 +828,15 @@ private static Class<?> tryLoad(String name, ClassLoader l) throws ClassNotFound
     }
 
     /**
-     * Gets the class loaders using elevated privileges.
+     * Gets the class loaders.
      *
-     * @return any array of class loaders. Indexes may be null.
+     * @return any array of class loaders.
      */
     private static ClassLoader[] getClassLoaders() {
-        return runOrDoPrivileged(new PrivilegedAction<ClassLoader[]>() {
-
-            @SuppressWarnings("override") //JDK-6954234
-            public ClassLoader[] run() {
-                final ClassLoader[] loaders = new ClassLoader[2];
-                try {
-                    loaders[0] = ClassLoader.getSystemClassLoader();
-                } catch (SecurityException ignore) {
-                    loaders[0] = null;
-                }
-
-                try {
-                    loaders[1] = Thread.currentThread().getContextClassLoader();
-                } catch (SecurityException ignore) {
-                    loaders[1] = null;
-                }
-                return loaders;
-            }
-        });
-    }
-
-    /**
-     * Executes a PrivilegedAction without permissions then falling back to
-     * running with elevated permissions.
-     *
-     * Any unchecked exceptions from the action are passed through this API.
-     *
-     * @param <T> the action return type.
-     * @param a the PrivilegedAction object.
-     * @return the result.
-     * @throws NullPointerException if the given action is null.
-     * @throws UndeclaredThrowableException if a checked exception is thrown.
-     * @since Angus Mail 2.0.3
-     */
-    static <T> T runOrDoPrivileged(final PrivilegedAction<T> a) {
-        Objects.requireNonNull(a);
-        try {
-            return a.run();
-        } catch (SecurityException sandbox) {
-            return invokeAccessController(a);
-        }
-    }
-
-    /**
-     * Reflective call to access controller for sandbox environments.
-     * Any unchecked exceptions from the action are passed through this API.
-     *
-     * @param <T> the return type of the action.
-     * @param a a non-null action.
-     * @return the result.
-     * @throws UnsupportedOperationException if not allowed.
-     * @throws UndeclaredThrowableException if a checked exception is thrown.
-     * @since Angus Mail 2.0.3
-     */
-    @SuppressWarnings("unchecked")
-    private static <T> T invokeAccessController(final PrivilegedAction<T> a) {
-        assert a != null;
-        try {
-            Class<?> c = Class.forName("java.security.AccessController");
-            return (T) c.getMethod("doPrivileged", PrivilegedAction.class)
-                    .invoke((Object) null, a);
-        } catch (ReflectiveOperationException roe) {
-            Throwable cause = roe.getCause();
-            if (cause instanceof RuntimeException) {
-                throw (RuntimeException) cause;
-            } else if (cause instanceof Error) {
-                throw (Error) cause;
-            } else {
-                throw new UndeclaredThrowableException(roe);
-            }
-        }
+        final ClassLoader[] loaders = new ClassLoader[2];
+        loaders[0] = ClassLoader.getSystemClassLoader();
+        loaders[1] = Thread.currentThread().getContextClassLoader();
+        return loaders;
     }
 
     /**