Remove SecurityManager

cdi/src/main/java/io/smallrye/config/inject/ConfigExtension.java

@@ -20,7 +20,6 @@
 import static io.smallrye.config.ConfigMappings.ConfigClassWithPrefix.configClassWithPrefix;
 import static io.smallrye.config.inject.ConfigProducer.isClassHandledByConfigProducer;
 import static io.smallrye.config.inject.InjectionMessages.formatInjectionPoint;
-import static io.smallrye.config.inject.SecuritySupport.getContextClassLoader;
 import static java.util.stream.Collectors.toSet;
 
 import java.lang.reflect.ParameterizedType;
@@ -183,7 +182,8 @@ protected void registerCustomBeans(@Observes AfterBeanDiscovery abd, BeanManager
     }
 
     protected void validate(@Observes AfterDeploymentValidation adv) {
-        SmallRyeConfig config = ConfigProvider.getConfig(getContextClassLoader()).unwrap(SmallRyeConfig.class);
+        SmallRyeConfig config = ConfigProvider.getConfig(Thread.currentThread().getContextClassLoader())
+                .unwrap(SmallRyeConfig.class);
         Set<String> configNames = StreamSupport.stream(config.getPropertyNames().spliterator(), false).collect(toSet());
         for (InjectionPoint injectionPoint : getConfigPropertyInjectionPoints()) {
             Type type = injectionPoint.getType();

cdi/src/main/java/io/smallrye/config/inject/ConfigMappingInjectionBean.java

@@ -1,7 +1,5 @@
 package io.smallrye.config.inject;
 
-import static io.smallrye.config.inject.SecuritySupport.getContextClassLoader;
-
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Type;
 import java.util.Collections;
@@ -52,7 +50,7 @@ public T create(final CreationalContext<T> creationalContext) {
             }
         }
 
-        SmallRyeConfig config = ConfigProvider.getConfig(getContextClassLoader()).unwrap(SmallRyeConfig.class);
+        SmallRyeConfig config = ConfigProvider.getConfig().unwrap(SmallRyeConfig.class);
         return config.getConfigMapping(getBeanClass(), prefix);
     }
 

cdi/src/main/java/io/smallrye/config/inject/ConfigProducer.java

@@ -15,8 +15,6 @@
  */
 package io.smallrye.config.inject;
 
-import static io.smallrye.config.inject.SecuritySupport.getContextClassLoader;
-
 import java.lang.reflect.Type;
 import java.util.*;
 import java.util.function.Supplier;
@@ -42,7 +40,7 @@
 public class ConfigProducer {
     @Produces
     protected SmallRyeConfig getConfig() {
-        return ConfigProvider.getConfig(getContextClassLoader()).unwrap(SmallRyeConfig.class);
+        return ConfigProvider.getConfig().unwrap(SmallRyeConfig.class);
     }
 
     @Dependent

cdi/src/main/java/io/smallrye/config/inject/ConfigPropertiesInjectionBean.java

@@ -1,7 +1,5 @@
 package io.smallrye.config.inject;
 
-import static io.smallrye.config.inject.SecuritySupport.getContextClassLoader;
-
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Type;
 import java.util.Collections;
@@ -47,7 +45,7 @@ public T create(final CreationalContext<T> creationalContext) {
             }
         }
 
-        SmallRyeConfig config = ConfigProvider.getConfig(getContextClassLoader()).unwrap(SmallRyeConfig.class);
+        SmallRyeConfig config = ConfigProvider.getConfig().unwrap(SmallRyeConfig.class);
         return config.getConfigMapping(getBeanClass(), prefix);
     }
 

cdi/src/main/java/io/smallrye/config/inject/SecuritySupport.java

@@ -13,35 +13,17 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package io.smallrye.config.inject;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-import io.smallrye.config._private.ConfigLogging;
-
 /**
  * @author <a href="http://jmesnil.net/">Jeff Mesnil</a> (c) 2018 Red Hat inc.
  */
+@Deprecated(forRemoval = true)
 class SecuritySupport {
     private SecuritySupport() {
     }
 
     static ClassLoader getContextClassLoader() {
-        if (System.getSecurityManager() == null) {
-            return Thread.currentThread().getContextClassLoader();
-        } else {
-            return AccessController.doPrivileged((PrivilegedAction<ClassLoader>) () -> {
-                ClassLoader tccl = null;
-                try {
-                    tccl = Thread.currentThread().getContextClassLoader();
-                } catch (SecurityException ex) {
-                    ConfigLogging.log.failedToRetrieveClassloader(ex);
-                }
-                return tccl;
-            });
-        }
+        return Thread.currentThread().getContextClassLoader();
     }
-
 }

implementation/src/main/java/io/smallrye/config/AbstractLocationConfigSourceLoader.java

@@ -88,7 +88,7 @@ protected List<ConfigSource> loadConfigSources(final String location, final int
     }
 
     protected List<ConfigSource> loadConfigSources(final String[] locations, final int ordinal) {
-        return loadConfigSources(locations, ordinal, SecuritySupport.getContextClassLoader());
+        return loadConfigSources(locations, ordinal, Thread.currentThread().getContextClassLoader());
     }
 
     protected List<ConfigSource> loadConfigSources(final String[] locations, final int ordinal, final ClassLoader classLoader) {
@@ -136,7 +136,7 @@ protected List<ConfigSource> tryFileSystem(final URI uri, final int ordinal) {
 
     protected List<ConfigSource> tryClassPath(final URI uri, final int ordinal, final ClassLoader classLoader) {
         final List<ConfigSource> configSources = new ArrayList<>();
-        final ClassLoader useClassloader = classLoader != null ? classLoader : SecuritySupport.getContextClassLoader();
+        final ClassLoader useClassloader = classLoader != null ? classLoader : Thread.currentThread().getContextClassLoader();
         try {
             consumeAsPaths(useClassloader, uri.getPath(), new ConfigSourcePathConsumer(ordinal, configSources));
         } catch (IOException e) {

implementation/src/main/java/io/smallrye/config/ConfigMappingGenerator.java

@@ -56,8 +56,6 @@
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
@@ -89,8 +87,7 @@ public class ConfigMappingGenerator {
     private static final Pattern ARRAY_FORMAT_REGEX = Pattern.compile("([<;])L(.*)\\[];");
 
     static {
-        usefulDebugInfo = Boolean.parseBoolean(AccessController.doPrivileged(
-                (PrivilegedAction<String>) () -> System.getProperty("io.smallrye.config.mapper.useful-debug-info")));
+        usefulDebugInfo = Boolean.parseBoolean(System.getProperty("io.smallrye.config.mapper.useful-debug-info"));
     }
 
     private static final String I_CLASS = getInternalName(Class.class);

implementation/src/main/java/io/smallrye/config/Converters.java

@@ -116,7 +116,7 @@ private Converters() {
     static final Converter<Class<?>> CLASS_CONVERTER = BuiltInConverter.of(6,
             newTrimmingConverter(newEmptyValueConverter(value -> {
                 try {
-                    return Class.forName(value, true, SecuritySupport.getContextClassLoader());
+                    return Class.forName(value, true, Thread.currentThread().getContextClassLoader());
                 } catch (ClassNotFoundException e) {
                     throw ConfigMessages.msg.classConverterNotFound(e, value);
                 }

implementation/src/main/java/io/smallrye/config/EnvConfigSource.java

@@ -21,10 +21,8 @@
 import static io.smallrye.config.common.utils.StringUtil.replaceNonAlphanumericByUnderscores;
 import static io.smallrye.config.common.utils.StringUtil.toLowerCaseAndDotted;
 import static java.lang.Character.toLowerCase;
-import static java.security.AccessController.doPrivileged;
 
 import java.io.Serializable;
-import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -109,12 +107,7 @@ boolean hasPropertyName(final String propertyName) {
      * instantiated in the heap.
      */
     private static Map<String, String> getEnvProperties() {
-        return doPrivileged(new PrivilegedAction<Map<String, String>>() {
-            @Override
-            public Map<String, String> run() {
-                return new HashMap<>(System.getenv());
-            }
-        });
+        return new HashMap<>(System.getenv());
     }
 
     private static int getEnvOrdinal(final Map<String, String> properties, final int ordinal) {

implementation/src/main/java/io/smallrye/config/ImplicitConverters.java

@@ -17,6 +17,7 @@
 
 import java.io.ObjectStreamException;
 import java.io.Serializable;
+import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Executable;
 import java.lang.reflect.InvocationTargetException;
@@ -74,9 +75,9 @@ static <T> Converter<T> getConverter(Class<? extends T> clazz) {
 
     private static <T> Converter<T> getConverterFromConstructor(Class<? extends T> clazz, Class<? super String> paramType) {
         try {
-            final Constructor<? extends T> declaredConstructor = SecuritySupport.getDeclaredConstructor(clazz, paramType);
+            final Constructor<? extends T> declaredConstructor = clazz.getDeclaredConstructor(paramType);
             if (!isAccessible(declaredConstructor)) {
-                SecuritySupport.setAccessible(declaredConstructor, true);
+                ((AccessibleObject) declaredConstructor).setAccessible(true);
             }
             return new ConstructorConverter<>(declaredConstructor);
         } catch (NoSuchMethodException e) {
@@ -96,7 +97,7 @@ private static <T> Converter<T> getConverterFromStaticMethod(Class<? extends T>
                 return null;
             }
             if (!isAccessible(method)) {
-                SecuritySupport.setAccessible(method, true);
+                ((AccessibleObject) method).setAccessible(true);
             }
             return new StaticMethodConverter<>(clazz, method);
         } catch (NoSuchMethodException e) {

implementation/src/main/java/io/smallrye/config/SecuritySupport.java

@@ -13,84 +13,29 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package io.smallrye.config;
 
 import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.Constructor;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.util.Arrays;
-
-import io.smallrye.config._private.ConfigLogging;
 
 /**
  * @author <a href="http://jmesnil.net/">Jeff Mesnil</a> (c) 2018 Red Hat inc.
  */
+@Deprecated(forRemoval = true)
 class SecuritySupport {
     private SecuritySupport() {
     }
 
     static ClassLoader getContextClassLoader() {
-        if (System.getSecurityManager() == null) {
-            return Thread.currentThread().getContextClassLoader();
-        } else {
-            return AccessController.doPrivileged((PrivilegedAction<ClassLoader>) () -> {
-                ClassLoader tccl = null;
-                try {
-                    tccl = Thread.currentThread().getContextClassLoader();
-                } catch (SecurityException ex) {
-                    ConfigLogging.log.failedToRetrieveClassloader(ex);
-                }
-                return tccl;
-            });
-        }
+        return Thread.currentThread().getContextClassLoader();
     }
 
     static void setAccessible(AccessibleObject object, boolean flag) {
-        if (System.getSecurityManager() == null) {
-            object.setAccessible(flag);
-        } else {
-            AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
-
-                try {
-                    object.setAccessible(flag);
-                } catch (SecurityException ex) {
-                    ConfigLogging.log.failedToSetAccessible(ex, object.toString());
-                }
-                return null;
-            });
-        }
+        object.setAccessible(flag);
     }
 
     static <T> Constructor<? extends T> getDeclaredConstructor(Class<T> clazz, Class<?>... paramTypes)
             throws NoSuchMethodException {
-        if (System.getSecurityManager() == null) {
-            return clazz.getDeclaredConstructor(paramTypes);
-        } else {
-            try {
-                return AccessController.doPrivileged((PrivilegedExceptionAction<Constructor<? extends T>>) () -> {
-                    Constructor<? extends T> constructor = null;
-                    try {
-                        constructor = clazz.getDeclaredConstructor(paramTypes);
-
-                    } catch (SecurityException ex) {
-                        ConfigLogging.log.failedToRetrieveDeclaredConstructor(ex, clazz.toString(),
-                                Arrays.toString(paramTypes));
-                    }
-                    return constructor;
-                });
-            } catch (PrivilegedActionException e) {
-                Exception e2 = e.getException();
-                if (e2 instanceof NoSuchMethodException) {
-                    throw (NoSuchMethodException) e2;
-                } else {
-                    throw new RuntimeException(e2);
-                }
-            }
-        }
+        return clazz.getDeclaredConstructor(paramTypes);
     }
-
 }

implementation/src/main/java/io/smallrye/config/SmallRyeConfigBuilder.java

@@ -75,7 +75,7 @@ public class SmallRyeConfigBuilder implements ConfigBuilder {
     private ConfigValidator validator = ConfigValidator.EMPTY;
     private final Map<String, String> defaultValues = new HashMap<>();
     private final MappingBuilder mappingsBuilder = new MappingBuilder();
-    private ClassLoader classLoader = SecuritySupport.getContextClassLoader();
+    private ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
     private boolean addDiscoveredCustomizers = false;
     private boolean addDefaultSources = false;
     private boolean addSystemSources = false;

implementation/src/main/java/io/smallrye/config/SmallRyeConfigFactory.java

@@ -14,14 +14,9 @@
  */
 public abstract class SmallRyeConfigFactory {
     /**
-     * Construct a new instance. Callers will be checked for the {@code getClassLoader}
-     * {@link RuntimePermission}.
+     * Construct a new instance.
      */
     protected SmallRyeConfigFactory() {
-        final SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new RuntimePermission("getClassLoader"));
-        }
     }
 
     /**