Fix jakartaee#443 Remove references to the SecurityManager and associated APIs

Author: markt-asf

api/src/main/java/jakarta/servlet/ServletContext.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022 Oracle and/or its affiliates and others.
+ * Copyright (c) 1997, 2023 Oracle and/or its affiliates and others.
  * All rights reserved.
  * Copyright 2004 The Apache Software Foundation
  *
@@ -1245,8 +1245,6 @@ public interface ServletContext {
      *
      * @return the class loader of the web application represented by this ServletContext
      *
-     * @throws SecurityException if a security manager denies access to the requested class loader
-     *
      * @since Servlet 3.0
      */
     public ClassLoader getClassLoader();

api/src/main/java/jakarta/servlet/http/Cookie.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2021 Oracle and/or its affiliates and others.
+ * Copyright (c) 1997, 2023 Oracle and/or its affiliates and others.
  * All rights reserved.
  * Copyright 2004 The Apache Software Foundation
  *
@@ -19,8 +19,6 @@
 package jakarta.servlet.http;
 
 import java.io.Serializable;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.text.MessageFormat;
 import java.util.Collections;
 import java.util.Locale;
@@ -76,12 +74,8 @@ public class Cookie implements Cloneable, Serializable {
     private static final ResourceBundle lStrings = ResourceBundle.getBundle(LSTRING_FILE);
 
     static {
-        boolean enforced = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
-            @Override
-            public Boolean run() {
-                return Boolean.valueOf(System.getProperty("org.glassfish.web.rfc2109_cookie_names_enforced", "true"));
-            }
-        });
+        boolean enforced = Boolean.valueOf(System.getProperty("org.glassfish.web.rfc2109_cookie_names_enforced", "true"));
+
         if (enforced) {
             TSPECIALS = "/()<>@,;:\\\"[]?={} \t";
         } else {

spec/src/main/asciidoc/servlet-spec-body.adoc

@@ -5,7 +5,7 @@
 :sectnums!:
 == Jakarta Servlet Specification, Version {spec-version}
 
-Copyright (c) 2022 Contributors to the Eclipse Foundation.
+Copyright (c) 2023 Contributors to the Eclipse Foundation.
 
 Eclipse is a registered trademark of the Eclipse Foundation. Jakarta
 is a trademark of the Eclipse Foundation. Oracle and Java are
@@ -221,12 +221,8 @@ servlet, may modify responses produced by servlets before sending them
 to the clients, or may respond to requests without delivering them to
 the servlet under the compliance with RFC 7234.
 
-A servlet container may place security
-restrictions on the environment in which a servlet executes. These
-restrictions may be placed using the permission architecture defined
-by the Java platform. For example some application servers may limit the
-creation of a `Thread` object to insure that other components of the
-container are not negatively impacted.
+A servlet container may place security restrictions on the environment in which
+a servlet executes.
 
 Java SE 11 is the minimum version of the
 underlying Java platform with which servlet containers must be built.
@@ -8569,6 +8565,9 @@ Clarify the behaviour of `getDateHeader()` and `getIntHeader()` when multiple
 headers with the same name are present in the `HttpServletRequest`. The expected
 behaviour is aligned with `getHeader()`. 
 
+link:https://github.com/eclipse-ee4j/servlet-api/issues/443[Issue 443]::
+Remove references to the SecurityManager and associated APIs.
+
 link:https://github.com/eclipse-ee4j/servlet-api/issues/453[Issue 453]::
 Add a security warning and a clarification of canonicalization requirements to
 all `ServletContext` methods that accept a path parameter.