Move java.security.sasl to be defined by the platform class loader and ideally also grant with the specific permissions. One option would be granting with AllPermissions in JDK 9 and then update the required permissions in an update release.