[External] : Re: JEP 411, removal of finalizers, a path forward.

Ron Pressler ron.pressler at oracle.com
Tue Aug 3 08:48:44 UTC 2021



> On 3 Aug 2021, at 06:48, Peter Firmstone <peter.firmstone at zeus.net.au> wrote:
> 
> 
> We can still use these without an SM, Policy or Permissions for authorization decisions, as mentioned previously I'd replace the inherited thread context with an unprivileged context, and also allow the stack walk to be disabled for people only using Subject.
> 

I think what you mean is that you can envision using the same API points for a different, but reasonably similar 
role to the one they have. But that would mean changing the behaviour of existing classes, possibly making some
final classes non-final, in non-trivial ways. 

> 
> Just performed a search for java.security.AccessController on GitHub, got 1,398,418 results for Java:
> 

The plan is to degrade these into no-ops until such time as most of those usages disappear, not to imbue
those lines of code with new meaning. The actual removal of the API elements might be a long way off,
but, becoming no-ops before then, the JDK and libraries will be free to remove those usages.




More information about the security-dev mailing list