RFR release notes for multiple enhancements: krb5, SASL, JAAS, policytool
Weijun Wang
weijun.wang at oracle.com
Thu Jan 19 02:40:33 UTC 2017
Hi All
Please review the following release notes. For each one, I've listed the
JBS URL for the release-note task, the original bug (in parentheses),
the synopsis, and the intended release note text:
https://bugs.openjdk.java.net/browse/JDK-8173011
(https://bugs.openjdk.java.net/browse/JDK-8029995)
accept yes/no for boolean krb5.conf settings
krb5.conf now accepts "yes" or "no" for boolean-valued settings.
https://bugs.openjdk.java.net/browse/JDK-8173012
(https://bugs.openjdk.java.net/browse/JDK-8044085)
Access ExtendedGSSContext.inquireSecContext() result through SASL
The output of `ExtendedGSSContext.inquireSecContext()` is now
available as negotiated properties for the SASL GSSAPI mechanism using
the name "com.sun.security.jgss.inquiretype.<type_name>", where
"type_name" is the string form of the `InquireType` enum parameter in
lower case, for example,
"com.sun.security.jgss.inquiretype.krb5_get_session_key_ex" for the
session key of an established Kerberos 5 security context.
https://bugs.openjdk.java.net/browse/JDK-8173014
(https://bugs.openjdk.java.net/browse/JDK-8047789)
auth.login.LoginContext needs to be updated to work with modules
After this change, besides including the necessary methods
(`initialize`, `login`, `logout`, `commit`, `abort`), any login module
must implement the `LoginModule` interface. Otherwise a `LoginException`
will thrown when the login module is used.
https://bugs.openjdk.java.net/browse/JDK-8173015
(https://bugs.openjdk.java.net/browse/JDK-8056174)
New APIs for jar signing
A new `jdk.security.jarsigner.JarSigner` API is added to the
`jdk.jartool` module which can be used to sign a jar file.
https://bugs.openjdk.java.net/browse/JDK-8173016
(https://bugs.openjdk.java.net/browse/JDK-8147400)
Deprecate policytool
The policytool is moved to the `jdk.policytool` and deprecated.
https://bugs.openjdk.java.net/browse/JDK-8173017
(https://bugs.openjdk.java.net/browse/JDK-8157848)
Deprecate the javax.security.auth.Policy API with forRemoval=true
The `javax.security.auth.Policy` class has been deprecated since JDK
1.4 and superseded/replaced by java.security.Policy. It is now marked
`forRemoval=true` and will be removed in a future release.
Thanks
Max
More information about the security-dev
mailing list