Re: [jakartaee-platform-dev] [External] : Reduce emphasis on security ma

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jakartaee-platform-dev] [External] : Reduce emphasis on security manager in EE 10?

From: Scott Marlow <smarlow@xxxxxxxxxx>
Date: Wed, 18 Aug 2021 05:36:53 -0400
Delivered-to: jakartaee-platform-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jakartaee-platform-dev/>
List-help: <mailto:jakartaee-platform-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=unsubscribe>

On Tue, Aug 17, 2021, 4:46 PM Scott Marlow <smarlow@xxxxxxxxxx> wrote:

On 8/17/21 2:14 PM, Lukas Jungmann wrote:

Hi,

On 7/29/21 3:51 PM, arjan tijms wrote:

Hi,

The Jakarta Platform has a very strong emphasis on the security manager, especially when it comes to TCK testing. A lot (or everything?) is tested with the security manager enabled, and constituent specs and implementations have to comply with that.

As the security manager has been deprecated for removal in JDK 17, I wonder if we should not start taking the first steps in EE 10 to anticipate for this, even though EE 10 is not targeting JDK 17.

Perhaps we could start with making security manager enabled TCK runs optional?

It looks like this got buried here - have you had a chance to discuss this with Scott (cc'ed), ie through different channel, already?

I think that he tests that specifically require the security manager are under { ejb30/sec, connector, servlet, securityapi }.

Do we know which JDK classes will definitely be removed along with the security manager? The TCK doesn't have a good way to deal with missing security manager related classes.

https://openjdk.java.net/jeps/411 does mention the classes/methods to be removed.

I believe that our tck process document should be updated to allow a service release to address a new JDK release so that we could consider changing the EE 10 tcks if needed for JDK 18.

Another option could be separating use of security manager classes to be in optional tests. This may be difficult to do without refactoring the involved tests to separate testing of security manager from testing of other technologies.

Another option could be to delay dealing with JDK 18+ changes until a later EE release.

thanks,
--lukas

Kind regards,
Arjan

_______________________________________________
jakartaee-platform-dev mailing list
jakartaee-platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://urldefense.com/v3/__https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev__;!!ACWV5N9M2RV99hQ!dg74znjhBmn8jZ5FrmxPZx8H-Krvvh1j0v6o293w_B8kx04mdIcrnm8_s1IXoFlyrjw$

References:
- [jakartaee-platform-dev] Reduce emphasis on security manager in EE 10?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] [External] : Reduce emphasis on security manager in EE 10?
  - From: Lukas Jungmann
- Re: [jakartaee-platform-dev] [External] : Reduce emphasis on security manager in EE 10?
  - From: Scott Marlow

Prev by Date: Re: [jakartaee-platform-dev] Pattern for designating certain standlone TCK tests as EE-only?
Next by Date: Re: [jakartaee-platform-dev] [External] : Reduce emphasis on security manager in EE 10?
Previous by thread: Re: [jakartaee-platform-dev] [External] : Reduce emphasis on security manager in EE 10?
Next by thread: Re: [jakartaee-platform-dev] [External] : Reduce emphasis on security manager in EE 10?
Index(es):
- Date
- Thread

Breadcrumbs