Updates to JEP 411: Deprecate the Security Manager for Removal

Alex Buckley alex.buckley at oracle.com
Fri May 21 17:23:24 UTC 2021

A further point is that `-Djava.security.manager=allow` has been 
special-cased since JDK 12:

- RFE:

- Compatibility review:

- Release note:

(I saw that Netbeans has run into trouble under JEP 411 because some 
code does not recognize `allow`, and treats it as a class name: 


On 5/19/2021 6:48 AM, Sean Mullan wrote:
> Thanks for those that have taken the time to review JEP 411 [1]. The JEP 
> has been updated today with a few changes, the most significant which is 
> the addition of a new section titled "Future Work" [2] which lists 
> related potential enhancements and works in progress.
> Other smaller changes have been made throughout the JEP, including:
>   - The "Alternate JAAS APIs" section has been removed and replaced with 
> a smaller section in the Description section with a pointer to a JBS 
> issue with more details.
>   - Changes have been made to the Motivation section to improve some of 
> the wording and add more details.
>   - A new item named "Preserve the Security Manager API for extension by 
> custom Security Managers that wish to intercept, log, and veto access to 
> resources" has been added to the Alternatives section, as this has been 
> a topic of discussion since the JEP has been published.
>   - RMISecurityException has been removed from the list of APIs to be 
> deprecated for removal, and 
> java.util.concurrent.Executors::{privilegedCallable, 
> privilegedCallableUsingCurrentClassLoader, privilegedThreadFactory} have 
> been added.
> Thanks,
> Sean
> [1] https://openjdk.java.net/jeps/411
> [2] https://openjdk.java.net/jeps/411#Future-Work

More information about the jdk-dev mailing list