Updates to JEP 411: Deprecate the Security Manager for Removal
Alex Buckley
alex.buckley at oracle.com
Fri May 21 17:23:24 UTC 2021
A further point is that `-Djava.security.manager=allow` has been
special-cased since JDK 12:
- RFE:
https://bugs.openjdk.java.net/browse/JDK-8191053
- Compatibility review:
https://bugs.openjdk.java.net/browse/JDK-8203316
- Release note:
https://www.oracle.com/java/technologies/javase/12-relnote-issues.html#JDK-8191053
(I saw that Netbeans has run into trouble under JEP 411 because some
code does not recognize `allow`, and treats it as a class name:
https://issues.apache.org/jira/browse/NETBEANS-5703)
Alex
On 5/19/2021 6:48 AM, Sean Mullan wrote:
> Thanks for those that have taken the time to review JEP 411 [1]. The JEP
> has been updated today with a few changes, the most significant which is
> the addition of a new section titled "Future Work" [2] which lists
> related potential enhancements and works in progress.
>
> Other smaller changes have been made throughout the JEP, including:
>
> - The "Alternate JAAS APIs" section has been removed and replaced with
> a smaller section in the Description section with a pointer to a JBS
> issue with more details.
>
> - Changes have been made to the Motivation section to improve some of
> the wording and add more details.
>
> - A new item named "Preserve the Security Manager API for extension by
> custom Security Managers that wish to intercept, log, and veto access to
> resources" has been added to the Alternatives section, as this has been
> a topic of discussion since the JEP has been published.
>
> - RMISecurityException has been removed from the list of APIs to be
> deprecated for removal, and
> java.util.concurrent.Executors::{privilegedCallable,
> privilegedCallableUsingCurrentClassLoader, privilegedThreadFactory} have
> been added.
>
> Thanks,
> Sean
>
> [1] https://openjdk.java.net/jeps/411
> [2] https://openjdk.java.net/jeps/411#Future-Work
More information about the security-dev
mailing list