Remove SecurityManager usage

mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/config/BrokerConfig.java

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2000, 2017 Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation
+ * Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -470,7 +470,7 @@
  * // accesscontrol classes/properties imq.accesscontrol.file.properties=class,filename,dirpath
  * imq.accesscontrol.file.class=com.sun.messaging.jmq.jmsserver.auth.acl.JMQFileAccessControlModel
  *
- * imq.accesscontrol.jaas.properties=class,permissionFactory,policyProvider
+ * imq.accesscontrol.jaas.properties=class,permissionFactory
  * imq.accesscontrol.jaas.class=com.sun.messaging.jmq.jmsserver.auth.acl.JAASAccessControlModel
  *
  * // logging classes imq.log.file.class=com.sun.messaging.jmq.util.log.FileLogHandler
@@ -686,7 +686,7 @@ public class BrokerConfig extends UpdateProperties {
             + ".user_repository.jaas.class=com.sun.messaging.jmq.jmsserver.auth.jaas.UserRepositoryImpl\n" + IMQ
             + ".accesscontrol.file.properties=class,filename,dirpath,url\n" + IMQ
             + ".accesscontrol.file.class=com.sun.messaging.jmq.jmsserver.auth.acl.JMQFileAccessControlModel\n" + IMQ
-            + ".accesscontrol.jaas.properties=class,permissionFactory,permissionFactoryProvide,policyProvider\n" + IMQ
+            + ".accesscontrol.jaas.properties=class,permissionFactory,permissionFactoryProvide\n" + IMQ
             + ".accesscontrol.jaas.class=com.sun.messaging.jmq.jmsserver.auth.acl.JAASAccessControlModel\n" + IMQ
             + ".log.file.class=com.sun.messaging.jmq.util.log.FileLogHandler\n" + IMQ + ".log.console.class=com.sun.messaging.jmq.util.log.StreamLogHandler\n"
             + IMQ + ".log.syslog.class=com.sun.messaging.jmq.util.log.SysLogHandler\n" + IMQ

mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.java

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2000, 2017 Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2021, 2022 Contributors to the Eclipse Foundation
+ * Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -452,8 +452,6 @@ private BrokerResources(ResourceBundle rb) {
     public static final String I_RM_DST_NOTFOUND_INSTORE = "B1304";
     public static final String I_AUTHENTICATE_USER_AS = "B1305";
     public static final String I_AUTHENTICATE_AS_USER = "B1306";
-    public static final String I_SET_DEFAULT_SECURITY_MANAGER = "B1307";
-    public static final String I_SET_JAVA_POLICY_PROVIDER = "B1308";
     public static final String I_NO_NONRECOVERY_TXNACK_TO_ROLLBACK = "B1309";
     public static final String I_NO_MORE_TXNACK_TO_ROLLBACK = "B1310";
     public static final String I_REMOTE_TXN_PRESUMED_ROLLBACK = "B1311";
@@ -1746,7 +1744,6 @@ private BrokerResources(ResourceBundle rb) {
     public static final String X_REPLACE_PROPS_FOR_REPLACE_MSG = "B4442";
     public static final String X_CLEANUP_MSG_CLOSE_SESSION = "B4443";
     public static final String X_CANNOT_DELIVER_MESSAGE_TO_CONSUMER = "B4444";
-    public static final String X_SERVICE_TYPE_NOT_FOUND_FOR_SERVICE = "B4445";
     public static final String X_PU_SERVICE_REBIND = "B4446";
     public static final String X_CREATE_CONNECTION_FOR_USER_IN_SERVICE = "B4447";
     public static final String X_JDBC_DRIVER_SET_LOGIN_TIMEOUT = "B4448";

mq/main/mq-broker/broker-comm/src/main/resources/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.properties

@@ -1,6 +1,6 @@
 #
 # Copyright (c) 2000, 2017 Oracle and/or its affiliates. All rights reserved.
-# Copyright (c) 2021, 2022 Contributors to the Eclipse Foundation
+# Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Eclipse Public License v. 2.0, which is available at
@@ -941,8 +941,6 @@ B1304=Unable to remove destination {0} from store because of not found in store:
 
 B1305=Authenticating user {0} as {1}
 B1306=Authenticating {0} as user {1}
-B1307=Set default security manager
-B1308=Set Java policy provider to {0}
 B1309=No non-recovery transaction acks to roll back for remote transaction {0}
 B1310=No more transaction acks to roll back for remote transaction {0}
 B1311=Presumed rollback for remote transaction {0} from {1}
@@ -3163,7 +3161,6 @@ B4442=Exception in replacing properties for replacement of message {0}: {1}
 B4443=Exception in cleanup message {0} on closing session {1}: {2}
 B4444=Can not deliver message {0} to consumer {1}
 #{0} is a string
-B4445=Can not find service type for service {0}
 B4446=Exception occurred while rebinding port unification service to address {0}
 B4447=Failed to create connection for user {0} in service {1}: {2}
 #{0}, {1} are strings

mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/Broker.java

@@ -533,15 +533,6 @@ private int _start(boolean inProcess, Properties propsFromCommandLine, boolean i
                 return 0;
             }
 
-            try {
-                AccessController.setSecurityManagerIfneed();
-            } catch (Exception e) {
-                logger.logStack(Logger.ERROR, e.getMessage(), e);
-                if (failStartThrowable != null) {
-                    failStartThrowable.initCause(e);
-                }
-                return (1);
-            }
             if (!MQAuthenticator.authenticateCMDUserIfset()) {
                 logger.log(Logger.INFO, BrokerResources.I_SHUTDOWN_BROKER);
                 if (failStartThrowable != null) {

mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/AccessController.java

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2000, 2017 Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2021, 2022 Contributors to the Eclipse Foundation
+ * Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -19,9 +19,7 @@
 
 import java.util.List;
 import java.util.Properties;
-import java.util.Iterator;
 import java.security.Principal;
-import java.security.Policy;
 import java.security.AccessControlException;
 import javax.security.auth.Subject;
 import javax.security.auth.Refreshable;
@@ -32,8 +30,6 @@
 import com.sun.messaging.jmq.jmsserver.resources.BrokerResources;
 import com.sun.messaging.jmq.jmsserver.config.BrokerConfig;
 import com.sun.messaging.jmq.jmsserver.util.BrokerException;
-import com.sun.messaging.jmq.jmsserver.service.ServiceManager;
-import com.sun.messaging.jmq.jmsserver.auth.acl.JAASAccessControlModel;
 import com.sun.messaging.jmq.util.StringUtil;
 import com.sun.messaging.jmq.auth.api.server.*;
 
@@ -81,7 +77,6 @@ public class AccessController {
     public static final String BAD_AUTHTYPE = "client";
 
     private String authType = AUTHTYPE_BASIC;
-    private String accesscontrolType = "";
     private String userRepository = "";
 
     private boolean accessControlEnabled = true;
@@ -148,14 +143,6 @@ private void setAuthType(String authType) {
         this.authType = authType;
     }
 
-    private void setAccessControlType(String t) {
-        this.accesscontrolType = t;
-    }
-
-    public String getAccessControlType() {
-        return accesscontrolType;
-    }
-
     public String getUserRepository() {
         return userRepository;
     }
@@ -280,7 +267,6 @@ private static void loadProps(AccessController ac) throws BrokerException {
                 throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_TYPE_NOT_DEFINED));
             }
         } else {
-            ac.setAccessControlType(value);
             ac.getAuthProperties().setProperty(PROP_ACCESSCONTROL_TYPE, value);
             getProps(ac.getAuthProperties(), PROP_ACCESSCONTROL_PREFIX, value, null, null);
             getProps(ac.getAuthProperties(), PROP_ACCESSCONTROL_PREFIX, value, PROP_ACCESSCONTROL_AREA, serviceName);
@@ -448,80 +434,4 @@ public synchronized void checkDestinationPermission(String serviceName, String s
     }
 
     // private static final String DEFAULT_POLICY_FILENAME = "broker.policy";
-
-    /** @throws SecurityException */
-    public static void setSecurityManagerIfneed() throws BrokerException {
-
-        boolean need = false;
-        String svcname = null;
-        String svctype = null;
-        AccessController ac = null;
-        // BrokerConfig bcfg = Globals.getConfig();
-        Logger logger = Globals.getLogger();
-
-        String pp = null, svcpp = null;
-        List activesvcs = ServiceManager.getAllActiveServiceNames();
-        Iterator itr = activesvcs.iterator();
-        while (itr.hasNext()) {
-            svcname = (String) itr.next();
-            svctype = ServiceManager.getServiceTypeString(svcname);
-            if (svctype == null) {
-                throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_SERVICE_TYPE_NOT_FOUND_FOR_SERVICE, svcname));
-            }
-
-            ac = AccessController.getInstance(svcname, ServiceType.getServiceType(svctype));
-            if (!ac.isAccessControlEnabled()) {
-                continue;
-            }
-            if (ac.getAccessControlType().equals(JAASAccessControlModel.TYPE)) {
-                need = true;
-                svcpp = ac.getAuthProperties().getProperty(AccessController.PROP_ACCESSCONTROL_PREFIX + JAASAccessControlModel.PROP_POLICY_PROVIDER);
-                if (pp == null) {
-                    pp = svcpp;
-                    continue;
-                }
-                if (svcpp == null) {
-                    continue;
-                }
-                if (!pp.equals(svcpp)) {
-                    throw new BrokerException("XI18N - Multiple Java policy providers is not allowed:" + pp + ", " + svcpp);
-                }
-            }
-        }
-        if (!need) {
-            return;
-        }
-
-        Policy ppc = null;
-        if (pp != null) {
-            try {
-                ppc = (Policy) Class.forName(pp).getDeclaredConstructor().newInstance();
-            } catch (Exception e) {
-                throw new BrokerException(e.getClass().getName() + ": " + e.getMessage() + " - " + AccessController.PROP_ACCESSCONTROL_PREFIX
-                        + JAASAccessControlModel.PROP_POLICY_PROVIDER + "=" + pp);
-            }
-        }
-
-        synchronized (System.class) {
-            if (System.getSecurityManager() == null) {
-                String val = System.getProperty("java.security.policy");
-                if (val == null) {//NOPMD
-                    /*
-                     * logger.log(logger.INFO, "Set java.security.policy to MQ default policy file");
-                     * System.setProperty("java.security.policy",
-                     * "file:"+Globals.getInstanceEtcDir()+File.separator+DEFAULT_POLICY_FILENAME);
-                     */
-                } else {
-                    logger.log(logger.INFO, "java.security.policy=" + val);
-                }
-                System.setSecurityManager(new SecurityManager());
-                logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_SET_DEFAULT_SECURITY_MANAGER));
-            }
-        }
-        if (ppc != null) {
-            logger.log(logger.INFO, AccessController.PROP_ACCESSCONTROL_PREFIX + JAASAccessControlModel.PROP_POLICY_PROVIDER + "=" + pp);
-            Policy.setPolicy(ppc);
-            logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_SET_JAVA_POLICY_PROVIDER, ppc.getClass().getName()));
-        }
-    }
 }

mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/acl/JAASAccessControlModel.java

@@ -41,7 +41,6 @@ public class JAASAccessControlModel implements AccessControlModel {
     public static final String TYPE = "jaas";
 
     public static final String PROP_PERMISSION_FACTORY = TYPE + ".permissionFactory";
-    public static final String PROP_POLICY_PROVIDER = TYPE + ".policyProvider";
 
     private Logger logger = Globals.getLogger();
 
@@ -68,15 +67,10 @@ public void initialize(String type, Properties authProperties) {
         Properties authProps = authProperties;
 
         String pfclass = authProps.getProperty(AccessController.PROP_ACCESSCONTROL_PREFIX + PROP_PERMISSION_FACTORY);
-        String ppclass = authProps.getProperty(AccessController.PROP_ACCESSCONTROL_PREFIX + PROP_POLICY_PROVIDER);
         try {
             if (pfclass != null) {
                 permFactory = (PermissionFactory) Class.forName(pfclass).getDeclaredConstructor().newInstance();
             }
-            // if (ppclass != null) policyProvider = (Policy)Class.forName(ppclass).newInstance();
-            if (ppclass != null) {
-                Class.forName(ppclass).getDeclaredConstructor().newInstance();
-            }
         } catch (Exception e) {
             logger.logStack(Logger.ERROR, e.getMessage(), e);
             throw new AccessControlException(e.getClass().getName() + ": " + e.getMessage());