Remove all security manager and java security references (#14801)

* Remove all security manager and java security references, these are noops in JDK24+.

Author: dweiss

build-tools/build-infra/src/main/groovy/lucene.validation.ecj-lint.gradle

@@ -1,3 +1,5 @@
+import com.diffplug.gradle.spotless.SpotlessApply
+
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
@@ -74,6 +76,8 @@ def lintTasks = sourceSets.collect { SourceSet sourceSet ->
     dependsOn sourceSet.compileClasspath
     dependsOn ecjConfiguration
 
+    mustRunAfter tasks.withType(SpotlessApply)
+
     // The inputs are all source files from the sourceSet.
     inputs.files sourceSet.allSource.asFileTree
 

build-tools/build-infra/src/main/groovy/lucene.validation.spotless-java.gradle

@@ -32,6 +32,7 @@ configure(allprojects) { prj ->
         lineEndings = LineEnding.UNIX
         endWithNewline()
         googleJavaFormat(deps.versions.googleJavaFormat.get())
+        removeUnusedImports()
 
         // Apply to all Java sources
         target("src/**/*.java")

dev-tools/scripts/addBackcompatIndexes.py

@@ -60,7 +60,7 @@ def create_and_add_index(source: str, indextype: str, index_version: scriptutil.
     "dvupdates": "testCreateIndexWithDocValuesUpdates",
     "emptyIndex": "testCreateEmptyIndex",
   }[indextype]
-  gradle_args = " ".join(["-Ptests.useSecurityManager=false", "-p lucene/%s" % module, "test", "--tests TestGenerateBwcIndices.%s" % test, "-Dtests.bwcdir=%s" % temp_dir, "-Dtests.codec=default"])
+  gradle_args = " ".join(["-p lucene/%s" % module, "test", "--tests TestGenerateBwcIndices.%s" % test, "-Dtests.bwcdir=%s" % temp_dir, "-Dtests.codec=default"])
   base_dir = os.getcwd()
   bc_index_file = os.path.join(temp_dir, filename)
 

lucene/CHANGES.txt

@@ -64,6 +64,9 @@ Changes in Runtime Behavior
 Other
 ---------------------
 
+* GITHUB#14801: Removed all security manager and java.security-related code, which is effectively dead
+  in Java 24+. (Dawid Weiss)
+
 * GITHUB#14229: Bump minimum required Java version to 25
 
 * GITHUB#14564: Remove abstractions from MMapDirectory as we need no MR-JAR anymore.  (Uwe Schindler)

lucene/backward-codecs/src/test/org/apache/lucene/backward_index/TestGenerateBwcIndices.java

@@ -39,7 +39,7 @@ public class TestGenerateBwcIndices extends LuceneTestCase {
   // To generate backcompat indexes with the current default codec, run the following gradle
   // command:
   //  gradlew test -Ptests.bwcdir=/path/to/store/indexes -Ptests.codec=default
-  //               -Ptests.useSecurityManager=false --tests TestGenerateBwcIndices --max-workers=1
+  //               --tests TestGenerateBwcIndices --max-workers=1
   //
   // Also add testmethod with one of the index creation methods below, for example:
   //    -Ptestmethod=testCreateCFS

lucene/core/src/java/org/apache/lucene/util/Constants.java

@@ -16,11 +16,8 @@
  */
 package org.apache.lucene.util;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Locale;
 import java.util.Optional;
-import java.util.logging.Logger;
 import org.apache.lucene.store.ReadAdvice;
 
 /** Some useful constants. */
@@ -166,36 +163,10 @@ private static boolean hasFastScalarFMA() {
           .orElse(ReadAdvice.RANDOM);
 
   private static String getSysProp(String property) {
-    try {
-      return doPrivileged(() -> System.getProperty(property));
-    } catch (
-        @SuppressWarnings("unused")
-        SecurityException se) {
-      logSecurityWarning(property);
-      return null;
-    }
+    return System.getProperty(property);
   }
 
   private static String getSysProp(String property, String def) {
-    try {
-      return doPrivileged(() -> System.getProperty(property, def));
-    } catch (
-        @SuppressWarnings("unused")
-        SecurityException se) {
-      logSecurityWarning(property);
-      return def;
-    }
-  }
-
-  private static void logSecurityWarning(String property) {
-    var log = Logger.getLogger(Constants.class.getName());
-    log.warning("SecurityManager prevented access to system property: " + property);
-  }
-
-  // Extracted to a method to be able to apply the SuppressForbidden annotation
-  @SuppressWarnings("removal")
-  @SuppressForbidden(reason = "security manager")
-  private static <T> T doPrivileged(PrivilegedAction<T> action) {
-    return AccessController.doPrivileged(action);
+    return System.getProperty(property, def);
   }
 }

lucene/core/src/java/org/apache/lucene/util/NamedThreadFactory.java

@@ -48,15 +48,8 @@ public NamedThreadFactory(String threadNamePrefix) {
             threadPoolNumber.getAndIncrement());
   }
 
-  @SuppressWarnings("removal")
-  @SuppressForbidden(reason = "security manager")
   private static ThreadGroup getThreadGroup() {
-    final SecurityManager s = System.getSecurityManager();
-    if (s != null) {
-      return s.getThreadGroup();
-    } else {
-      return Thread.currentThread().getThreadGroup();
-    }
+    return Thread.currentThread().getThreadGroup();
   }
 
   private static String checkPrefix(String prefix) {

lucene/core/src/java/org/apache/lucene/util/RamUsageEstimator.java

@@ -19,9 +19,6 @@
 import java.lang.reflect.Array;
 import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
-import java.security.AccessControlException;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.text.DecimalFormat;
 import java.text.DecimalFormatSymbols;
 import java.util.Collection;
@@ -541,15 +538,7 @@ public static long shallowSizeOfInstance(Class<?> clazz) {
 
     // Walk type hierarchy
     for (; clazz != null; clazz = clazz.getSuperclass()) {
-      final Class<?> target = clazz;
-      final Field[] fields;
-      try {
-        fields = doPrivileged((PrivilegedAction<Field[]>) target::getDeclaredFields);
-      } catch (
-          @SuppressWarnings("removal")
-          AccessControlException e) {
-        throw new RuntimeException("Can't access fields of class: " + target, e);
-      }
+      final Field[] fields = clazz.getDeclaredFields();
 
       for (Field f : fields) {
         if (!Modifier.isStatic(f.getModifiers())) {
@@ -560,13 +549,6 @@ public static long shallowSizeOfInstance(Class<?> clazz) {
     return alignObjectSize(size);
   }
 
-  // Extracted to a method to give the SuppressForbidden annotation the smallest possible scope
-  @SuppressWarnings("removal")
-  @SuppressForbidden(reason = "security manager")
-  private static <T> T doPrivileged(PrivilegedAction<T> action) {
-    return AccessController.doPrivileged(action);
-  }
-
   /** Return shallow size of any <code>array</code>. */
   private static long shallowSizeOfArray(Object array) {
     long size = NUM_BYTES_ARRAY_HEADER;

lucene/core/src/java/org/apache/lucene/util/VirtualMethod.java

@@ -17,8 +17,6 @@
 package org.apache.lucene.util;
 
 import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
@@ -60,11 +58,6 @@
  *    VirtualMethod.compareImplementationDistance(this.getClass(), oldMethod, newMethod) > 0);
  * </pre>
  *
- * <p>It is important to use {@link AccessController#doPrivileged(PrivilegedAction)} for the actual
- * call to get the implementation distance because the subclass may be in a different package. The
- * static constructors do not need to use {@code AccessController} because it just initializes our
- * own method reference. The caller should have access to all declared members in its own class.
- *
  * <p>{@link #getImplementationDistance} returns the distance of the subclass that overrides this
  * method. The one with the larger distance should be used preferable. This way also more
  * complicated method rename scenarios can be handled (think of 2.9 {@code TokenStream}

lucene/core/src/java24/org/apache/lucene/internal/vectorization/PanamaVectorizationProvider.java

@@ -18,16 +18,13 @@
 
 import java.io.IOException;
 import java.lang.foreign.MemorySegment;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Locale;
 import java.util.logging.Logger;
 import jdk.incubator.vector.FloatVector;
 import org.apache.lucene.codecs.hnsw.FlatVectorsScorer;
 import org.apache.lucene.store.IndexInput;
 import org.apache.lucene.store.MemorySegmentAccessInput;
 import org.apache.lucene.util.Constants;
-import org.apache.lucene.util.SuppressForbidden;
 
 /** A vectorization provider that leverages the Panama Vector API. */
 final class PanamaVectorizationProvider extends VectorizationProvider {
@@ -36,28 +33,12 @@ final class PanamaVectorizationProvider extends VectorizationProvider {
   // would get called before we have a chance to perform sanity checks around the vector API in the
   // constructor of this class. Put them in PanamaVectorConstants instead.
 
-  // Extracted to a method to be able to apply the SuppressForbidden annotation
-  @SuppressWarnings("removal")
-  @SuppressForbidden(reason = "security manager")
-  private static <T> T doPrivileged(PrivilegedAction<T> action) {
-    return AccessController.doPrivileged(action);
-  }
-
   private final VectorUtilSupport vectorUtilSupport;
 
   PanamaVectorizationProvider() {
     // hack to work around for JDK-8309727:
-    try {
-      doPrivileged(
-          () ->
-              FloatVector.fromArray(
-                  FloatVector.SPECIES_PREFERRED,
-                  new float[FloatVector.SPECIES_PREFERRED.length()],
-                  0));
-    } catch (SecurityException se) {
-      throw new UnsupportedOperationException(
-          "We hit initialization failure described in JDK-8309727: " + se);
-    }
+    FloatVector.fromArray(
+        FloatVector.SPECIES_PREFERRED, new float[FloatVector.SPECIES_PREFERRED.length()], 0);
 
     if (PanamaVectorConstants.PREFERRED_VECTOR_BITSIZE < 128) {
       throw new UnsupportedOperationException(