quarkusio · gastaldi · Apr 18, 2024 · Apr 17, 2024
diff --git a/...ty-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/DelegatingLdapContext.java b/...ty-ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/DelegatingLdapContext.java
@@ -1,7 +1,5 @@
 package io.quarkus.elytron.security.ldap;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Hashtable;
 
 import javax.naming.Binding;
@@ -26,7 +24,6 @@
 
 import org.wildfly.common.Assert;
 import org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory;
-import org.wildfly.security.manager.action.SetContextClassLoaderAction;
 
 class DelegatingLdapContext implements LdapContext {
 
@@ -46,7 +43,7 @@ interface CloseHandler {
     }
 
     // for needs of newInstance()
-    private DelegatingLdapContext(DirContext delegating, SocketFactory socketFactory) throws NamingException {
+    private DelegatingLdapContext(DirContext delegating, SocketFactory socketFactory) {
         this.delegating = delegating;
         this.closeHandler = null; // close handler should not be applied to copy
         this.socketFactory = socketFactory;
@@ -488,10 +485,10 @@ private ClassLoader getSocketFactoryClassLoader() {
     }
 
     private ClassLoader setClassLoaderTo(final ClassLoader targetClassLoader) {
-        return doPrivileged(new SetContextClassLoaderAction(targetClassLoader));
+        final Thread currentThread = Thread.currentThread();
+        final ClassLoader original = currentThread.getContextClassLoader();
+        currentThread.setContextClassLoader(targetClassLoader);
+        return original;
     }
 
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run();
-    }
 }
diff --git a/...ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/QuarkusDirContextFactory.java b/...ldap/runtime/src/main/java/io/quarkus/elytron/security/ldap/QuarkusDirContextFactory.java
@@ -1,7 +1,5 @@
 package io.quarkus.elytron.security.ldap;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.time.Duration;
 import java.util.Hashtable;
 
@@ -15,7 +13,6 @@
 import javax.security.auth.callback.PasswordCallback;
 
 import org.wildfly.security.auth.realm.ldap.DirContextFactory;
-import org.wildfly.security.manager.action.SetContextClassLoaderAction;
 
 public class QuarkusDirContextFactory implements DirContextFactory {
     //    private static final ElytronMessages log = Logger.getMessageLogger(ElytronMessages.class, "org.wildfly.security");
@@ -142,10 +139,10 @@ public void returnContext(DirContext context) {
     }
 
     private ClassLoader setClassLoaderTo(final ClassLoader targetClassLoader) {
-        return doPrivileged(new SetContextClassLoaderAction(targetClassLoader));
+        final Thread currentThread = Thread.currentThread();
+        final ClassLoader original = currentThread.getContextClassLoader();
+        currentThread.setContextClassLoader(targetClassLoader);
+        return original;
     }
 
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run();
-    }
 }
diff --git a/...c/main/java/io/quarkus/hibernate/validator/runtime/ArcConstraintValidatorFactoryImpl.java b/...c/main/java/io/quarkus/hibernate/validator/runtime/ArcConstraintValidatorFactoryImpl.java
@@ -1,7 +1,5 @@
 package io.quarkus.hibernate.validator.runtime;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.IdentityHashMap;
 import java.util.Map;
 
@@ -34,7 +32,7 @@ public class ArcConstraintValidatorFactoryImpl implements ConstraintValidatorFac
             }
             return instance;
         }
-        return run(NewInstance.action(key, "ConstraintValidator"));
+        return NewInstance.action(key, "ConstraintValidator").run();
     }
 
     @Override
@@ -45,13 +43,4 @@ public void releaseInstance(ConstraintValidator<?, ?> instance) {
         }
     }
 
-    /**
-     * Runs the given privileged action, using a privileged block if required.
-     * <p>
-     * <b>NOTE:</b> This must never be changed into a publicly available method to avoid execution of arbitrary
-     * privileged actions within HV's protection domain.
-     */
-    private <T> T run(PrivilegedAction<T> action) {
-        return System.getSecurityManager() != null ? AccessController.doPrivileged(action) : action.run();
-    }
 }
diff --git a/...-client/runtime/src/main/java/io/quarkus/restclient/runtime/QuarkusRestClientBuilder.java b/...-client/runtime/src/main/java/io/quarkus/restclient/runtime/QuarkusRestClientBuilder.java
@@ -17,11 +17,9 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.security.AccessController;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivilegedAction;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -397,7 +395,7 @@ public <T> T build(Class<T> aClass) throws IllegalStateException, RestClientDefi
      * @return list of proxy hosts
      */
     private List<String> getProxyHostsAsRegex() {
-        String noProxyHostsSysProps = getSystemProperty("http.nonProxyHosts", null);
+        String noProxyHostsSysProps = System.getProperty("http.nonProxyHosts", null);
         if (noProxyHostsSysProps == null) {
             noProxyHostsSysProps = "localhost|127.*|[::1]";
         } else {
@@ -414,7 +412,7 @@ private List<String> getProxyHostsAsRegex() {
      */
     private boolean useURLConnection() {
         if (useURLConnection == null) {
-            String defaultToURLConnection = getSystemProperty(
+            String defaultToURLConnection = System.getProperty(
                     "org.jboss.resteasy.microprofile.defaultToURLConnectionHttpClient", "false");
             useURLConnection = defaultToURLConnection.equalsIgnoreCase("true");
         }
@@ -820,13 +818,6 @@ private static BeanManager getBeanManager() {
         }
     }
 
-    private String getSystemProperty(String key, String def) {
-        if (System.getSecurityManager() == null) {
-            return System.getProperty(key, def);
-        }
-        return AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty(key, def));
-    }
-
     private final MpClientBuilderImpl builderDelegate;
 
     private final ConfigurationWrapper configurationWrapper;

diff --git a/...ime/src/main/java/io/quarkus/smallrye/graphql/runtime/spi/QuarkusClassloadingService.java b/...ime/src/main/java/io/quarkus/smallrye/graphql/runtime/spi/QuarkusClassloadingService.java
@@ -1,9 +1,5 @@
 package io.quarkus.smallrye.graphql.runtime.spi;
 
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
 import graphql.schema.PropertyDataFetcherHelper;
 import io.smallrye.graphql.execution.Classes;
 import io.smallrye.graphql.spi.ClassloadingService;
@@ -38,12 +34,10 @@ public Class<?> loadClass(String className) {
             if (Classes.isPrimitive(className)) {
                 return Classes.getPrimativeClassType(className);
             } else {
-                return AccessController.doPrivileged((PrivilegedExceptionAction<Class<?>>) () -> {
-                    ClassLoader cl = classLoader == null ? Thread.currentThread().getContextClassLoader() : classLoader;
-                    return loadClass(className, cl);
-                });
+                ClassLoader cl = classLoader == null ? Thread.currentThread().getContextClassLoader() : classLoader;
+                return loadClass(className, cl);
             }
-        } catch (PrivilegedActionException | ClassNotFoundException pae) {
+        } catch (ClassNotFoundException pae) {
             throw new RuntimeException("Can not load class [" + className + "]", pae);
         }
     }

diff --git a/...t-projects/bootstrap/app-model/src/main/java/io/quarkus/bootstrap/util/PropertyUtils.java b/...t-projects/bootstrap/app-model/src/main/java/io/quarkus/bootstrap/util/PropertyUtils.java
@@ -5,8 +5,6 @@
 import java.io.Writer;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -40,32 +38,12 @@ public static String getUserHome() {
 
     public static String getProperty(final String name, String defValue) {
         assert name != null : "name is null";
-        final SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            return AccessController.doPrivileged(new PrivilegedAction<String>() {
-                @Override
-                public String run() {
-                    return System.getProperty(name, defValue);
-                }
-            });
-        } else {
-            return System.getProperty(name, defValue);
-        }
+        return System.getProperty(name, defValue);
     }
 
     public static String getProperty(final String name) {
         assert name != null : "name is null";
-        final SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            return AccessController.doPrivileged(new PrivilegedAction<String>() {
-                @Override
-                public String run() {
-                    return System.getProperty(name);
-                }
-            });
-        } else {
-            return System.getProperty(name);
-        }
+        return System.getProperty(name);
     }
 
     public static final Boolean getBooleanOrNull(String name) {

diff --git a/...ojects/tools/registry-client/src/main/java/io/quarkus/registry/config/PropertiesUtil.java b/...ojects/tools/registry-client/src/main/java/io/quarkus/registry/config/PropertiesUtil.java
@@ -1,7 +1,5 @@
 package io.quarkus.registry.config;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Locale;
 
 public class PropertiesUtil {
@@ -26,32 +24,12 @@ public static String getUserHome() {
 
     public static String getProperty(final String name, String defValue) {
         assert name != null : "name is null";
-        final SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            return AccessController.doPrivileged(new PrivilegedAction<String>() {
-                @Override
-                public String run() {
-                    return System.getProperty(name, defValue);
-                }
-            });
-        } else {
-            return System.getProperty(name, defValue);
-        }
+        return System.getProperty(name, defValue);
     }
 
     public static String getProperty(final String name) {
         assert name != null : "name is null";
-        final SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            return AccessController.doPrivileged(new PrivilegedAction<String>() {
-                @Override
-                public String run() {
-                    return System.getProperty(name);
-                }
-            });
-        } else {
-            return System.getProperty(name);
-        }
+        return System.getProperty(name);
     }
 
     public static final Boolean getBooleanOrNull(String name) {