Proposal: Remove support for running JavaFX with the security manager
Kevin Rushforth
kevin.rushforth at oracle.com
Thu Oct 10 11:55:01 UTC 2024
Yes. I will file the follow-up bugs listed in the PR soon, and the first
of these will be to remove all calls to doPrivileged. My plan is to file
an umbrella task with separate bugs for each module that can then be
split and done in parallel by different developers.
-- Kevin
On 10/9/2024 5:17 PM, John Hendrikx wrote:
>
> Does this mean all the ugly AccessController.doPrivileged code can be
> simplified?
>
> --John
>
> On 09/10/2024 16:22, Kevin Rushforth wrote:
>> I just took the PR out of Draft, so it is now ready for review.
>>
>> -- Kevin
>>
>>
>> On 10/2/2024 8:20 AM, Kevin Rushforth wrote:
>>>> I suspect people who are using SecurityManager with JavaFX are
>>>> still on java8.
>>>
>>> Very likely.
>>>
>>> -- Kevin
>>>
>>>
>>> On 10/2/2024 7:58 AM, Andy Goryachev wrote:
>>>>
>>>> Good riddance! I suspect people who are using SecurityManager with
>>>> JavaFX are still on java8.
>>>>
>>>> -andy
>>>>
>>>> *From: *openjfx-dev <openjfx-dev-retn at openjdk.org> on behalf of
>>>> Kevin Rushforth <kevin.rushforth at oracle.com>
>>>> *Date: *Wednesday, October 2, 2024 at 07:46
>>>> *To: *openjfx-dev <openjfx-dev at openjdk.org>
>>>> *Subject: *Proposal: Remove support for running JavaFX with the
>>>> security manager
>>>>
>>>> The Java Security Manager was deprecated for removal in JDK 17 by JEP
>>>> 411 [1]. The next step in the evolution of removing the security
>>>> manager
>>>> is to permanently disable it as proposed by candidate JEP 486 [2].
>>>> Once
>>>> this is done, System::getSecurityManager will unconditionally return
>>>> null, System::setSecurityManager will unconditionally throw
>>>> UnsupportedOperationException, and running "java -Dsecurity.manager"
>>>> will cause the VM to exit with a fatal error. This will either
>>>> happen in
>>>> JDK 24 (likely) or 25 (in case it misses 24). Either way, it will soon
>>>> be gone.
>>>>
>>>> I propose to remove support for running JavaFX applications with a
>>>> security manager in JavaFX 24. Any JavaFX application that uses a
>>>> security manager will necessarily need to use JDK 21.x LTS going
>>>> forward, and thus can similarly use JavaFX 21.x LTS. See
>>>> JDK-8341090 [3].
>>>>
>>>> Comments?
>>>>
>>>> -- Kevin
>>>>
>>>> [1] https://openjdk.org/jeps/411
>>>> [2] https://openjdk.org/jeps/486
>>>> [3] https://bugs.openjdk.org/browse/JDK-8341090
>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/openjfx-dev/attachments/20241010/9c626df6/attachment-0001.htm>
More information about the openjfx-dev
mailing list