Merge pull request #344 from orphan-oss/feature/deprecate-sm

Marks classes related to SecurityManager as deprecated

src/main/java/ognl/OgnlRuntime.java

@@ -297,15 +297,19 @@ public class OgnlRuntime {
      * Users that have their own Security Manager implementations and no intention to use the OGNL SecurityManager
      * sandbox may choose to use the 'forceDisableOnInit' flag option for performance reasons (avoiding overhead
      * involving the system property security checks - when that feature will not be used).
+     * @deprecated will removed in 3.5.x
      */
+    @Deprecated
     static final String OGNL_SECURITY_MANAGER = "ognl.security.manager";
     static final String OGNL_SM_FORCE_DISABLE_ON_INIT = "forceDisableOnInit";
 
     /**
      * Hold environment flag state associated with OGNL_SECURITY_MANAGER.  See
      * {@link OgnlRuntime#OGNL_SECURITY_MANAGER} for more details.
      * Default: false (if not set).
+     * @deprecated will be removed in 3.5.x
      */
+    @Deprecated
     private static final boolean _disableOgnlSecurityManagerOnInit;
 
     static {
@@ -357,6 +361,10 @@ public class OgnlRuntime {
     private static final PrimitiveTypes primitiveTypes = new PrimitiveTypes();
     private static final PrimitiveDefaults primitiveDefaults = new PrimitiveDefaults();
 
+    /**
+     * @deprecated will be removed in 3.5.x
+     */
+    @Deprecated
     static SecurityManager securityManager = System.getSecurityManager();
     static final EvaluationPool _evaluationPool = new EvaluationPool();
 
@@ -741,7 +749,9 @@ public static Class<?>[] getParameterTypes(Constructor<?> constructor) throws Ca
      * Gets the SecurityManager that OGNL uses to determine permissions for invoking methods.
      *
      * @return SecurityManager for OGNL
+     * @deprecated will be removed in 3.5.x
      */
+    @Deprecated
     public static SecurityManager getSecurityManager() {
         return securityManager;
     }
@@ -750,7 +760,9 @@ public static SecurityManager getSecurityManager() {
      * Sets the SecurityManager that OGNL uses to determine permissions for invoking methods.
      *
      * @param value SecurityManager to set
+     * @deprecated will be removed in 3.5.x
      */
+    @Deprecated
     public static void setSecurityManager(SecurityManager value) {
         securityManager = value;
     }
@@ -3012,7 +3024,9 @@ public static boolean getUseStricterInvocationValue() {
      *
      * @return true if OGNL SecurityManager was disabled on initialization, false otherwise.
      * @since 3.1.25
+     * @deprecated will be removed in 3.5.x
      */
+    @Deprecated
     public static boolean getDisableOgnlSecurityManagerOnInitValue() {
         return _disableOgnlSecurityManagerOnInit;
     }

src/main/java/ognl/security/OgnlSecurityManager.java

@@ -40,7 +40,9 @@
  * execution finished.</p>
  *
  * @since 3.1.24
+ * @deprecated will be removed in 3.5.x
  */
+@Deprecated
 public class OgnlSecurityManager extends SecurityManager {
 
     private static final String OGNL_SANDBOX_CLASS_NAME = "ognl.security.UserMethod";

src/main/java/ognl/security/OgnlSecurityManagerFactory.java

@@ -32,7 +32,9 @@
  * Builds and provides a JVM wide singleton shared thread-safe with all permissions granted security manager for ognl
  *
  * @since 3.1.24
+ * @deprecated will be removed in 3.5.x
  */
+@Deprecated
 public class OgnlSecurityManagerFactory extends SecureClassLoader {
 
     private static volatile Object ognlSecurityManager;

src/main/java/ognl/security/UserMethod.java

@@ -25,7 +25,9 @@
  * A signature for {@link OgnlSecurityManager#isAccessDenied(java.security.Permission)}. Also executes user methods with not any permission.
  *
  * @since 3.1.24
+ * @deprecated will be removed in 3.5.x
  */
+@Deprecated
 public class UserMethod implements PrivilegedExceptionAction<Object> {
 
     private final Object target;