[jacc-dev] Policy is deprecated for removal in JDK 17

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jacc-dev] Policy is deprecated for removal in JDK 17

From: arjan tijms <arjan.tijms@xxxxxxxxx>
Date: Fri, 30 Jul 2021 14:49:51 +0200
Delivered-to: jacc-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jacc-dev/>
List-help: <mailto:jacc-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jacc-dev>, <mailto:jacc-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jacc-dev>, <mailto:jacc-dev-request@eclipse.org?subject=unsubscribe>

Hi,

The java.security.Policy class is deprecated for removal in JDK 17 (as part of the security manager removal JEP).

Policy plays a central role in Jakarta Authorization, although in my opinion it has always been a questionable choice to reuse this specific class in Jakarta EE. Policy normally handles code-based security permissions, while Jakarta Authorization only deals with subject-based ones.

With Policy to be removed, we need to create a replacement for it, and at the least deprecate its current usage.

This will obviously have a very big impact on Jakarta Authorization, though I think doing it in a way that's conceptually compatible with how things are done today should be quite doable.

We essentially need:

1. A replacement class for Policy

2. A replacement mechanism to set/get the current Policy

Thoughts?

Kind regards,

Arjan Tijms

Prev by Date: [jacc-dev] Do you plan to move your TCK tests out of the Platform TCK project for Jakarta EE 10+?
Next by Date: [jacc-dev] Migrating repos to https://github.com/jakartaee
Previous by thread: [jacc-dev] Do you plan to move your TCK tests out of the Platform TCK project for Jakarta EE 10+?
Next by thread: [jacc-dev] Migrating repos to https://github.com/jakartaee
Index(es):
- Date
- Thread

Breadcrumbs