Hello, I do like to restrict the permissions granted, especially for client deployments.
in a related note: why is JavaFX shipped by default as an extension? Or better asked, how is the admin in the future supposed to maintain a minimum JRE? Randomly deleting extension jars? Would it be better to ship the JAR only in a dir where they CAN be added to the classpath, but are not by default (similiar to javadb/derby). Gruss Bernd Am Tue, 22 Apr 2014 12:39:57 -0700 schrieb Mandy Chung <mandy.ch...@oracle.com>: > This change proposes to remove granting all permissions for > extensions as the default and implements the principle of least > privilege.In JDK 9, we want to reduce the privileges of as many > system classes as possible. > > http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8040059/webrev.00/ > > This patch has reduced the zipfs, localedata and cldrdata to grant > the permissions they require. It grants AllPermission to other jar > files in the lib/ext directory shipped with JDK and this change is > intended to enable the component teams to identify the minimum > permissions and fix any issue, if any. > > Libraries installed in the extensions directory depending on > AllPermission granted by default are impacted. Making this change > as early in JDK 9 allows us to identify any customer impacted by this > change. > > Mandy >
