JEP411: Missing use-case: Monitoring / restricting libraries

[Ron Pressler]

> On 12 May 2021, at 21:46, Peter Tribble <peter.tribble at gmail.com> wrote:
> 
> We're (partly, at least) in that group. We can't block the access from outside
> the JVM (and we are containerized with restricted permissions already) because
> some accesses are legitimate - something outside the JVM doesn't know when
> the JVM is executing a particular piece of code, so we toggle the Security Manager
> on and off depending on context.
> 
> And here's the thing; there isn't really anything in the proposal that addresses this
> use case, or offers an alternate way forward.

Could you describe what your use-case is in the most precise way you can?

That there are useful applications of the Security Manager out there is certain; the same
was certainly also true for Applets. The problem is that the total good that the Security
Manager contributes does not justify the high cost of its maintenance. The more we can
understand what people use it for and how, the better we are able to judge how much we
should afford to put into some simpler replacement. Having said that, it is certainly 
possible that some of the millions of Java developers out there will be disappointed. We
try to direct our resources where they’d do the most good, and when we can, try to find
a solution for small groups that are harmed by such budgeting.

— Ron