On Wed, 12 Jun 2024 14:01:40 GMT, Kevin Walls <kev...@openjdk.org> wrote:
>> JMX uses APIs related to the Security Mananger which are deprecated. Use of >> AccessControlContext will be removed when Security Manager is removed. >> >> Until then, updates are needed to not require setting >> -Djava.security.manager=allow to use JMX authentication. > > Kevin Walls has updated the pull request incrementally with one additional > commit since the last revision: > > udpates test/jdk/javax/management/remote/mandatory/notif/policy.negative line 7: > 5: permission javax.management.MBeanPermission "[domain:type=NB,name=2]", > "addNotificationListener"; > 6: permission javax.management.MBeanPermission "*", > "removeNotificationListener"; > 7: permission javax.security.auth.AuthPermission "doAs"; I suspect that this means a doPrivileged is missing somewhere. We should not require the application to posess new permissions. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/19624#discussion_r1636573141
