A possible JEP to replace SecurityManager after JEP 411

David Lloyd david.lloyd at redhat.com
Fri Apr 8 16:04:10 UTC 2022


On Fri, Apr 8, 2022 at 10:14 AM Sean Mullan <sean.mullan at oracle.com> wrote:
>
> Ok, thanks for some clarification on the proposal.
>
> How many applications currently depend on the SM for this type of usage?
> What other alternate models have you considered?

There are some number of customers and users within our user base who
rely on SM for certain security certifications or requirements. The
alternative would be to attempt to reframe these certifications or
requirements on a case by case basis to exclude SM, which might or
might not be less work than preserving it.

> In general, I think authorization is best done at a higher layer within
> the application and not via low-level SM callouts. Authorize the subject
> first and if not acceptable, prevent the operation or API from being
> called in the first place. Once the operation is in motion, you have
> already taken a greater risk that something might go wrong.

The low level authorization checks would be in addition to the high
level checks that we already perform. But I understand your position.

>  > I hope this clarifies things. Like I said, "no" is an acceptable
>  > answer for us but I would be remiss if I didn't ensure that the "no"
>  > was based on an accurate understanding of what we are proposing, so
>  > hopefully this helps.
>
> It does help, but not enough to change my previous stance.

OK, thanks for the feedback.

-- 
- DML • he/him




More information about the security-dev mailing list