-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P2
-
Affects Version/s: 9
-
Component/s: security-libs
-
Verified
Classes loaded from the extensions directory are no longer granted `AllPermission` by default. See JDK-8040059.
A custom `java.security.Policy` provider that was using the extensions mechanism may be depending on the policy grant statement that had previously granted it `AllPermission`. If the policy provider does anything that requires a permission check, the local policy file may need to be adjusted to grant those permissions.
Also, custom policy providers are loaded by the system class loader. The `classpath` may need to be configured to allow the provider to be located.
A custom `java.security.Policy` provider that was using the extensions mechanism may be depending on the policy grant statement that had previously granted it `AllPermission`. If the policy provider does anything that requires a permission check, the local policy file may need to be adjusted to grant those permissions.
Also, custom policy providers are loaded by the system class loader. The `classpath` may need to be configured to allow the provider to be located.