Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jacc-dev] Policy is deprecated for removal in JDK 17


The class is deprecated for removal in JDK 17 (as part of the security manager removal JEP).

Policy plays a central role in Jakarta Authorization, although in my opinion it has always been a questionable choice to reuse this specific class in Jakarta EE. Policy normally handles code-based security permissions, while Jakarta Authorization only deals with subject-based ones.

With Policy to be removed, we need to create a replacement for it, and at the least deprecate its current usage.

This will obviously have a very big impact on Jakarta Authorization, though I think doing it in a way that's conceptually compatible with how things are done today should be quite doable.

We essentially need:

1. A replacement class for Policy
2. A replacement mechanism to set/get the current Policy


Kind regards,
Arjan Tijms

Back to the top