[
https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531967#comment-17531967
]
Richard N. Hillegas commented on DERBY-7138:
--------------------------------------------
Attaching derby-7138-15-aa-mostRemainingReferences.diff. This patch removes
most remaining references to the SecurityManager in the code. Most of the
removed references appeared in comments. There are a few more references which
require a little work to remove. Other than that, the remaining references are
in comments which explain the presence of methods which only exist because they
were once needed by permissions management.
With this patch, tests pass cleanly with both the classpath and modulepath.
Touches the following files:
{noformat}
M
java/org.apache.derby.engine/org/apache/derby/iapi/services/cache/ClassSize.java
M java/org.apache.derby.engine/org/apache/derby/iapi/types/SqlXmlUtil.java
M
java/org.apache.derby.engine/org/apache/derby/impl/services/bytecode/d_BCValidate.java
M
java/org.apache.derby.engine/org/apache/derby/impl/services/reflect/JarLoader.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/util/SecurityCheck.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/util/TestRoutines.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/junit/TestConfiguration.java
{noformat}
> Remove references to the Java Security Manager
> ----------------------------------------------
>
> Key: DERBY-7138
> URL: https://issues.apache.org/jira/browse/DERBY-7138
> Project: Derby
> Issue Type: Task
> Components: Build tools, Documentation
> Affects Versions: 10.16.0.0
> Reporter: Richard N. Hillegas
> Assignee: Richard N. Hillegas
> Priority: Major
> Attachments: DerbyServerTest.java, Z.java,
> derby-3547-01-aa-policyGenerator.diff,
> derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff,
> derby-7138-02-ab-moveMethodsToTestConfiguration.diff,
> derby-7138-03-aa-removePermissionsTests.diff,
> derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff,
> derby-7138-05-aa-removeSecurityManager.diff,
> derby-7138-06-aa-removeSecurityManagerSetup.diff,
> derby-7138-07-aa-removePrivilegeBlocksFromTests.diff,
> derby-7138-08-aa-removePolicyFiles.diff,
> derby-7138-09-aa-removeMostProductPrivilegeFiles.diff,
> derby-7138-10-aa-removeRemainingPrivilegeBlocks.diff,
> derby-7138-11-aa-miscCleanup.diff,
> derby-7138-12-aa-SYSCS_RELOAD_SECURITY_POLICY.diff,
> derby-7138-13-aa-adjustUserDocumentation.diff,
> derby-7138-13-aa-adjustUserDocumentation.tar,
> derby-7138-14-aa-removeMoreDocReferences-1.tar,
> derby-7138-14-aa-removeMoreDocReferences.diff,
> derby-7138-14-aa-removeMoreDocReferences.tar, postSecurityManager.html
>
>
> The Open JDK team has deprecated the Java Security Manager and indicated that
> it will be removed in a future release of Java. See
> https://openjdk.java.net/jeps/411. In an email thread titled "protecting
> security-sensitive operations on multi-tenant servers" on the
> security-...@openjdk.java.net mailing list, Alan Bateman indicated that
> developers should containerize their applications instead.
> This issue tracks work needed to remove Derby's references to the Java
> Security Manager.
> At a minimum, the following work needs to be done:
> o The tests should be adjusted so that they don't install a SecurityManager.
> o References to the SecurityManager should be removed from product code.
> o We should remove the SecurityManager section of the Derby Security Guide.
> In its place, we should recommend that developers containerize their Derby
> applications.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
