A further point is that `-Djava.security.manager=allow` has been
special-cased since JDK 12:
- RFE:
https://bugs.openjdk.java.net/browse/JDK-8191053
- Compatibility review:
https://bugs.openjdk.java.net/browse/JDK-8203316
- Release note:
https://www.oracle.com/java/technologies/javase/12-relnote-issues.html#JDK-8191053
(I saw that Netbeans has run into trouble under JEP 411 because some
code does not recognize `allow`, and treats it as a class name:
https://issues.apache.org/jira/browse/NETBEANS-5703)
Alex
On 5/19/2021 6:48 AM, Sean Mullan wrote:
Thanks for those that have taken the time to review JEP 411 [1]. The JEP
has been updated today with a few changes, the most significant which is
the addition of a new section titled "Future Work" [2] which lists
related potential enhancements and works in progress.
Other smaller changes have been made throughout the JEP, including:
- The "Alternate JAAS APIs" section has been removed and replaced with
a smaller section in the Description section with a pointer to a JBS
issue with more details.
- Changes have been made to the Motivation section to improve some of
the wording and add more details.
- A new item named "Preserve the Security Manager API for extension by
custom Security Managers that wish to intercept, log, and veto access to
resources" has been added to the Alternatives section, as this has been
a topic of discussion since the JEP has been published.
- RMISecurityException has been removed from the list of APIs to be
deprecated for removal, and
java.util.concurrent.Executors::{privilegedCallable,
privilegedCallableUsingCurrentClassLoader, privilegedThreadFactory} have
been added.
Thanks,
Sean
[1] https://openjdk.java.net/jeps/411
[2] https://openjdk.java.net/jeps/411#Future-Work
