I thought about the same thing this morning at the Jakarta Platform call. I did some research during the call and found that Authorization 3.0 removes references to the Java security manager, but still uses Permissions. The big change in 3.0 is to add
our own Policy class in Jakarta instead of using java.security.Policy.
Looking at the platform specification changes that I made last week, I may have removed too many things if permissions.xml can be used for Jakarta Authorization permissions as well as Java security permissions. Examples that I see for permissions.xml are
all Java security permissions though and permissions.xml is not discussed in the Authorization specification at all.
- If permissions.xml is also used for Jakarta Authorization permissions, then permissions xsd should remain for Jakarta EE 11 and I should revert some of the Platform specification updates that I made last week.
- If permissions.xml is NOT applicable to Jakarta Authorization permissions, then I agree that permissions XSD file for EE 11 can be removed and the one remaining reference to permissions.xml can be removed from the Platform specification.
Hopefully someone more knowledgeable about Jakarta Authorization like Arjan can provide additional information.
Jared Anderson
WebSphere Jakarta Delivery lead
jhanders@xxxxxxxxxx
-----Original Message-----
Subject: [EXTERNAL] [jakartaee-platform-dev] Safe to remove permissions.xsd?
Date: 07/09/2024 04:31:10 PM
Greetings Programs, With the removal of the Security Manager content from the Platform spec in commit fa33ec3, I believe the corresponding descriptor `permissions. xsd` can also be removed. This issue seeks to confirm with the community if this
_______________________________________________
jakartaee-platform-dev mailing list
|