RFR: 8338411: Implement JEP 486: Permanently Disable the Security Manager [v2]

Sean Mullan mullan at openjdk.org
Tue Oct 29 12:51:59 UTC 2024 

On Sun, 27 Oct 2024 00:15:24 GMT, Brent Christian <bchristi at openjdk.org> wrote:

>> Sean Mullan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 97 commits:
>> 
>>  - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411
>>  - Change apiNote to deprecated annotation on checkAccess methods. Change method dedescription to "Does nothing".
>>  - Sanitize the class descriptions of DelegationPermission and ServicePermission
>>    by removing text that refers to granting permissions, but avoid changes that
>>    affect the API specification, such as the description and format of input
>>    parameters.
>>  - Restored methods in RMIConnection to throw SecurityExceptions again but
>>    with adjusted text that avoids the word "permission".
>>  - Add text to class description of MBeanServer stating that implementations
>>    may throw SecurityException if authorization doesn't allow access to resource.
>>  - Restore text about needing permissions from the desktop environment in the
>>    getPixelColor and createScreenCapture methods.
>>  - Add api note to getClassContext to use StackWalker instead and
>>    add DROP_METHOD_INFO option to StackWalker.
>>  - Change checkAccess() methods to be no-ops, rather than throwing
>>    SecurityException.
>>  - Merge
>>  - Merge
>>  - ... and 87 more: https://git.openjdk.org/jdk/compare/f50bd0d9...f89d9d09
>
> src/java.prefs/share/classes/java/util/prefs/AbstractPreferences.java line 93:
> 
>> 91:  * static {@link ThreadLocal} instance.  Authors of such implementations are
>> 92:  * <i>strongly</i> encouraged to determine the user at the time preferences
>> 93:  * are accessed (for example by the {@link #get(String,String)} or {@link
> 
> Most of this seems like it will remain applicable. Of course we won't suggest throwing `SecurityException`. But users not having sufficient OS-level privileges will still need to be addressed, yes?

This text was restored. See https://github.com/openjdk/jdk/pull/21498/commits/66145173cce201b655845144daa209a75ad5964a

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/21498#discussion_r1820732961

More information about the nio-dev mailing list