> On 3 Aug 2021, at 06:48, Peter Firmstone <peter.firmst...@zeus.net.au> wrote:
>
>
> We can still use these without an SM, Policy or Permissions for authorization
> decisions, as mentioned previously I'd replace the inherited thread context
> with an unprivileged context, and also allow the stack walk to be disabled
> for people only using Subject.
>
I think what you mean is that you can envision using the same API points for a
different, but reasonably similar
role to the one they have. But that would mean changing the behaviour of
existing classes, possibly making some
final classes non-final, in non-trivial ways.
>
> Just performed a search for java.security.AccessController on GitHub, got
> 1,398,418 results for Java:
>
The plan is to degrade these into no-ops until such time as most of those
usages disappear, not to imbue
those lines of code with new meaning. The actual removal of the API elements
might be a long way off,
but, becoming no-ops before then, the JDK and libraries will be free to remove
those usages.
