Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HSEARCH-5131 Remove usage and mentions of a security manager #4124

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

HSEARCH-5131 Remove usage and mentions of a security manager #4124

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion .../backend/elasticsearch/gson/impl/AbstractConfiguredExtraPropertiesJsonAdapterFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ private static <T> Constructor<T> getConstructor(TypeToken<T> type) {
try {
return (Constructor<T>) type.getRawType().getConstructor();
}
catch (NoSuchMethodException | SecurityException e) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

References to SecurityException do not need to be removed, because:

  1. It's a runtime exception, so our code will compile even if the code inside the try block does not declare throwing that exception.

  2. SecurityException is not planned for removal at the moment:

    We will not deprecate some classes in the java.security package that are related to the Security Manager, for various reasons:

    • SecurityException — A runtime exception thrown by Java APIs when a permission check fails. We may deprecate this API for removal at a later date, but for now the impact of doing so would be too high.

    -- https://openjdk.org/jeps/411#subject-doas

IMO we'd better keep those during the transition period where we still support JDKs that could possibly be using the security manager.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mm, ok. My thoughts here were that since the security exception can only occur in these places when SM is involved (at least according to the javadocs 😃) and we are "removing SM" there's no point in keeping it.

catch (NoSuchMethodException e) {
throw new AssertionFailure( "Missing or inaccessible no-arg constructor on type " + type );
}
}
Expand Down
8 changes: 1 addition & 7 deletions ...rc/main/java/org/hibernate/search/engine/environment/classpath/spi/ClassLoaderHelper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ public static <T> T instanceFromName(Class<T> targetSuperType,
* @return a new instance of classToLoad
*
* @throws SearchException wrapping other error types with a proper error message for all kind of problems, like
* missing proper constructor, securitymanager errors.
* missing proper constructor errors.
*/
public static <T> T untypedInstanceFromClass(final Class<T> classToLoad) {
try {
Expand Down Expand Up @@ -142,9 +142,6 @@ private static <T> T callNoArgConstructor(Class<T> classToLoad)
Constructor<T> constructor = classToLoad.getConstructor();
return constructor.newInstance();
}
catch (SecurityException e) {
throw log.securityManagerLoadingError( classToLoad, e.getMessage(), e );
}
catch (NoSuchMethodException e) {
throw log.noPublicNoArgConstructor( classToLoad );
}
Expand All @@ -160,9 +157,6 @@ private static <T> T callMapArgConstructor(Class<T> classToLoad, Map<String, Str
Constructor<T> singleMapConstructor = classToLoad.getConstructor( Map.class );
return singleMapConstructor.newInstance( constructorParameter );
}
catch (SecurityException e) {
throw log.securityManagerLoadingError( classToLoad, e.getMessage(), e );
}
catch (NoSuchMethodException e) {
throw log.noPublicMapArgConstructor( classToLoad );
}
Expand Down
8 changes: 1 addition & 7 deletions ...main/java/org/hibernate/search/engine/environment/thread/impl/EmbeddedThreadProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
import java.util.concurrent.ThreadFactory;

import org.hibernate.search.engine.environment.thread.spi.ThreadProvider;
import org.hibernate.search.util.common.annotation.impl.SuppressForbiddenApis;

public final class EmbeddedThreadProvider implements ThreadProvider {

Expand All @@ -31,13 +30,8 @@ public String createThreadName(String prefix, int threadNumber) {
}

@Override
@SuppressForbiddenApis(reason = "It's unclear how we will handle this without the security manager;"
+ " we'll see when the security manager actually gets removed from the JDK")
public ThreadFactory createThreadFactory(String prefix) {
@SuppressWarnings("removal")
SecurityManager s = System.getSecurityManager();
@SuppressWarnings({ "removal", "deprecation" })
ThreadGroup group = ( s != null ) ? s.getThreadGroup() : Thread.currentThread().getThreadGroup();
Comment on lines -34 to -40
Copy link
Member

@yrodiere yrodiere Apr 22, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have some ugly static reflection code that detects whether System.getSecurityManager exists, and depending on that does the right thing?

I have no idea of the impact of this change on existing apps... Don't get me wrong, I'm fine with this changing behavior, but if it does, we'll need to postpone the change to a major version of Search... But maybe you're planning on having one anyway for when ORM 7.0 is out?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm so maybe let's do the reflection thing and keep the Security Exceptions in place and get this merged into the current main (7.2) and then for the next major we remove all that ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works for me. Though at this point you may as well open another PR and keep this one for the next major :)

BTW, do we have a version of the JDK we could test the reflection hack against? I think everything still works on JDK 23, doesn't it? I'll do a JDK upgrade on Jenkins just in case.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm looking at 23.ea.18-open, and it seems like it still has SM in place...

ThreadGroup group = Thread.currentThread().getThreadGroup();
String namePrefix = createFullThreadNamePrefix( prefix );
return new SimpleThreadFactory( group, namePrefix );
}
Expand Down
4 changes: 0 additions & 4 deletions engine/src/main/java/org/hibernate/search/engine/logging/impl/Log.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,10 +172,6 @@ void newCollectedFailure(String process,
)
SearchException dslExtensionNoMatch(List<?> attemptedExtensions);

@Message(id = ID_OFFSET + 28, value = "Security manager does not allow access to the constructor of type '%1$s': %2$s")
SearchException securityManagerLoadingError(@FormatWith(ClassFormatter.class) Class<?> classToLoad,
String causeMessage, @Cause Exception cause);

@Message(id = ID_OFFSET + 30, value = "Unable to load class '%1$s': %2$s")
ClassLoadingException unableToLoadTheClass(String className, String causeMessage, @Cause Throwable cause);

Expand Down
16 changes: 4 additions & 12 deletions ...in/java/org/hibernate/search/mapper/orm/model/impl/HibernateOrmBootstrapIntrospector.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
import java.lang.reflect.Field;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
Expand Down Expand Up @@ -154,17 +153,10 @@ private <T> HibernateOrmClassRawTypeModel<T> createClassTypeModel(Class<T> type)
}

private static void setAccessible(Member member) {
try {
// always try to set accessible to true regardless of visibility
// as it's faster even for public fields:
// it bypasses the security model checks at execution time.
( (AccessibleObject) member ).setAccessible( true );
}
catch (SecurityException se) {
if ( !Modifier.isPublic( member.getModifiers() ) ) {
throw se;
}
}
// always try to set accessible to true regardless of visibility
// as it's faster even for public fields:
// it bypasses the security model checks at execution time.
( (AccessibleObject) member ).setAccessible( true );
}

/**
Expand Down
16 changes: 4 additions & 12 deletions ...bernate/search/mapper/pojo/standalone/model/impl/StandalonePojoBootstrapIntrospector.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Constructor;
import java.lang.reflect.Member;
import java.lang.reflect.Modifier;
import java.util.HashMap;
import java.util.Map;

Expand Down Expand Up @@ -94,16 +93,9 @@ private <T> PojoRawTypeModel<T> createTypeModel(Class<T> clazz) {
}

private static void setAccessible(Member member) {
try {
// always try to set accessible to true regardless of visibility
// as it's faster even for public fields:
// it bypasses the security model checks at execution time.
( (AccessibleObject) member ).setAccessible( true );
}
catch (SecurityException se) {
if ( !Modifier.isPublic( member.getModifiers() ) ) {
throw se;
}
}
// always try to set accessible to true regardless of visibility
// as it's faster even for public fields:
// it bypasses the security model checks at execution time.
( (AccessibleObject) member ).setAccessible( true );
}
}