2828
2929/**
3030 * This utility wrapper class is created to support AXIS2 runs
31- * inside of Java 2 Security environment . Due to the access control
32- * checking algorithm, for Java 2 Security to function properly,
31+ * inside of Java security environments . Due to the access control
32+ * checking algorithm, for Java security to function properly,
3333 * <code>doPrivileged()</code>
3434 * is required in cases where there is application code on the stack frame
35- * accessing the system resources (ie, read/write files, opening ports, and etc).
36- * This class also improve performance no matther Security Manager is being enabled
37- * or not.
35+ * accessing system resources (ie, read/write files, opening ports, and etc).
36+ * <p/>
37+ * This class provides a consistent security model across Java versions by
38+ * always using doPrivileged(), ensuring proper privilege elevation regardless
39+ * of SecurityManager presence (which was deprecated in Java 17 and removed in Java 21).
3840 * <p/>
3941 * Note: This utility should be used properly, otherwise might introduce
4042 * security holes.
@@ -60,7 +62,8 @@ public class AccessController {
6062
6163 /**
6264 * Performs the specified <code>PrivilegedAction</code> with privileges
63- * enabled if a security manager is present.
65+ * enabled. This method always uses doPrivileged for security consistency
66+ * across Java versions.
6467 * <p/>
6568 * If the action's <code>run</code> method throws an (unchecked) exception,
6669 * it will propagate through this method.
@@ -71,12 +74,7 @@ public class AccessController {
7174 * @see #doPrivileged(PrivilegedExceptionAction)
7275 */
7376 public static <T > T doPrivileged (PrivilegedAction <T > action ) {
74- SecurityManager sm = System .getSecurityManager ();
75- if (sm == null ) {
76- return (action .run ());
77- } else {
78- return java .security .AccessController .doPrivileged (action );
79- }
77+ return java .security .AccessController .doPrivileged (action );
8078 }
8179
8280
@@ -85,9 +83,7 @@ public static <T> T doPrivileged(PrivilegedAction<T> action) {
8583 * enabled and restricted by the specified <code>AccessControlContext</code>.
8684 * The action is performed with the intersection of the permissions
8785 * possessed by the caller's protection domain, and those possessed
88- * by the domains represented by the specified
89- * <code>AccessControlContext</code> if a security manager is present.
90- * <p/>
86+ * by the domains represented by the specified <code>AccessControlContext</code>.
9187 * <p/>
9288 * If the action's <code>run</code> method throws an (unchecked) exception,
9389 * it will propagate through this method.
@@ -101,51 +97,35 @@ public static <T> T doPrivileged(PrivilegedAction<T> action) {
10197 * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
10298 */
10399 public static <T > T doPrivileged (PrivilegedAction <T > action , AccessControlContext context ) {
104- SecurityManager sm = System .getSecurityManager ();
105- if (sm == null ) {
106- return action .run ();
107- } else {
108- return java .security .AccessController .doPrivileged (action , context );
109- }
100+ return java .security .AccessController .doPrivileged (action , context );
110101 }
111102
112103 /**
113104 * Performs the specified <code>PrivilegedExceptionAction</code> with
114- * privileges enabled. The action is performed with <i>all</i> of the
105+ * privileges enabled. The action is performed with <i>all</i> of the
115106 * permissions possessed by the caller's protection domain.
116107 * <p/>
117108 * If the action's <code>run</code> method throws an <i>unchecked</i>
118109 * exception, it will propagate through this method.
119110 *
120111 * @param action the action to be performed.
121112 * @return the value returned by the action's <code>run</code> method.
122- * @throws PrivilgedActionException the specified action's
113+ * @throws PrivilegedActionException the specified action's
123114 * <code>run</code> method threw a <i>checked</i> exception.
124115 * @see #doPrivileged(PrivilegedExceptionAction,AccessControlContext)
125116 * @see #doPrivileged(PrivilegedAction)
126117 */
127118 public static <T > T doPrivileged (PrivilegedExceptionAction <T > action )
128119 throws PrivilegedActionException {
129- SecurityManager sm = System .getSecurityManager ();
130- if (sm == null ) {
131- try {
132- return action .run ();
133- } catch (java .lang .RuntimeException e ) {
134- throw e ;
135- } catch (Exception e ) {
136- throw new PrivilegedActionException (e );
137- }
138- } else {
139- return java .security .AccessController .doPrivileged (action );
140- }
120+ return java .security .AccessController .doPrivileged (action );
141121 }
142122
143123
144124 /**
145125 * Performs the specified <code>PrivilegedExceptionAction</code> with
146126 * privileges enabled and restricted by the specified
147- * <code>AccessControlContext</code>. The action is performed with the
148- * intersection of the the permissions possessed by the caller's
127+ * <code>AccessControlContext</code>. The action is performed with the
128+ * intersection of the permissions possessed by the caller's
149129 * protection domain, and those possessed by the domains represented by the
150130 * specified <code>AccessControlContext</code>.
151131 * <p/>
@@ -166,19 +146,7 @@ public static <T> T doPrivileged(PrivilegedExceptionAction<T> action)
166146 public static <T > T doPrivileged (PrivilegedExceptionAction <T > action ,
167147 AccessControlContext context )
168148 throws PrivilegedActionException {
169-
170- SecurityManager sm = System .getSecurityManager ();
171- if (sm == null ) {
172- try {
173- return action .run ();
174- } catch (java .lang .RuntimeException e ) {
175- throw e ;
176- } catch (Exception e ) {
177- throw new PrivilegedActionException (e );
178- }
179- } else {
180- return java .security .AccessController .doPrivileged (action , context );
181- }
149+ return java .security .AccessController .doPrivileged (action , context );
182150 }
183151
184152 /**
0 commit comments