[
https://issues.apache.org/jira/browse/OFBIZ-12865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17805971#comment-17805971
]
Jacques Le Roux commented on OFBIZ-12865:
-----------------------------------------
This may be useful later: bottom of
https://stackoverflow.com/questions/76280573/jdk-17-java-security-is-deprecated
Regarding alternative approaches, JEP411 (which your link links to) states
"Security is better achieved by providing integrity at lower levels of the Java
Platform — by, for example, strengthening module boundaries (JEP 403) to
prevent access to JDK implementation details, and hardening the implementation
itself — and by isolating the entire Java runtime from sensitive resources via
out-of-process mechanisms such as containers and hypervisors." Consider
modifying your question to clarify specific concerns over Security Manager's
removal. What would be lost? –
May 19, 2023 at 7:33
> java.security.AccessController is deprecated
> --------------------------------------------
>
> Key: OFBIZ-12865
> URL: https://issues.apache.org/jira/browse/OFBIZ-12865
> Project: OFBiz
> Issue Type: Task
> Affects Versions: Upcoming Branch
> Reporter: Danny Trunk
> Assignee: Jacques Le Roux
> Priority: Minor
>
> java.security.AccessController has been deprecated and marked for removal
> since Java 17. There's no replacement, so I don't know exactly how to solve
> this deprecation warning.
>
> Class is used here:
> https://github.com/apache/ofbiz-framework/blob/46701da3c3cffa5b4b3adea384050efb7b6179ef/framework/common/src/main/java/org/apache/ofbiz/common/authentication/AuthHelper.java#L132
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
