RFR release notes for multiple enhancements: krb5, SASL, JAAS, policytool
Jamil Nimeh
jamil.j.nimeh at oracle.com
Thu Jan 19 22:26:04 UTC 2017
Hi Max, just one nit for JDK-8044085:
The release note is one sentence, but it is a bit of a run-on. It might
be worth breaking it up into two sentences, the first for the
description and the second containing the example.
Aside from that they look good to me.
--Jamil
On 1/18/2017 6:40 PM, Weijun Wang wrote:
> Hi All
>
> Please review the following release notes. For each one, I've listed
> the JBS URL for the release-note task, the original bug (in
> parentheses), the synopsis, and the intended release note text:
>
> https://bugs.openjdk.java.net/browse/JDK-8173011
> (https://bugs.openjdk.java.net/browse/JDK-8029995)
> accept yes/no for boolean krb5.conf settings
>
> krb5.conf now accepts "yes" or "no" for boolean-valued settings.
>
> https://bugs.openjdk.java.net/browse/JDK-8173012
> (https://bugs.openjdk.java.net/browse/JDK-8044085)
> Access ExtendedGSSContext.inquireSecContext() result through SASL
>
> The output of `ExtendedGSSContext.inquireSecContext()` is now
> available as negotiated properties for the SASL GSSAPI mechanism using
> the name "com.sun.security.jgss.inquiretype.<type_name>", where
> "type_name" is the string form of the `InquireType` enum parameter in
> lower case, for example,
> "com.sun.security.jgss.inquiretype.krb5_get_session_key_ex" for the
> session key of an established Kerberos 5 security context.
>
> https://bugs.openjdk.java.net/browse/JDK-8173014
> (https://bugs.openjdk.java.net/browse/JDK-8047789)
> auth.login.LoginContext needs to be updated to work with modules
>
> After this change, besides including the necessary methods
> (`initialize`, `login`, `logout`, `commit`, `abort`), any login module
> must implement the `LoginModule` interface. Otherwise a
> `LoginException` will thrown when the login module is used.
>
> https://bugs.openjdk.java.net/browse/JDK-8173015
> (https://bugs.openjdk.java.net/browse/JDK-8056174)
> New APIs for jar signing
>
> A new `jdk.security.jarsigner.JarSigner` API is added to the
> `jdk.jartool` module which can be used to sign a jar file.
>
> https://bugs.openjdk.java.net/browse/JDK-8173016
> (https://bugs.openjdk.java.net/browse/JDK-8147400)
> Deprecate policytool
>
> The policytool is moved to the `jdk.policytool` and deprecated.
>
> https://bugs.openjdk.java.net/browse/JDK-8173017
> (https://bugs.openjdk.java.net/browse/JDK-8157848)
> Deprecate the javax.security.auth.Policy API with forRemoval=true
>
> The `javax.security.auth.Policy` class has been deprecated since
> JDK 1.4 and superseded/replaced by java.security.Policy. It is now
> marked `forRemoval=true` and will be removed in a future release.
>
> Thanks
> Max
More information about the security-dev
mailing list