Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8353649

Deprecate security permission classes for removal

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 25
    • security-libs
    • None
    • behavioral
    • minimal
    • Use of these classes outside of the Security Manager should be extremely rare. The implementations of these classes are not being modified or degraded.
    • Java API
    • SE

      Summary

      Deprecate the security permission classes for removal.

      Problem

      Now that JEP 486 has been integrated into JDK 24 and the Security Manager is permanently disabled, the following permission classes in the security libraries area can be deprecated for removal as they are no longer useful: java.security.UnresolvedPermission, javax.net.ssl.SSLPermission, javax.security.auth.AuthPermission, javax.security.auth.PrivateCredentialPermission, javax.security.auth.kerberos.DelegationPermission, javax.security.auth.kerberos.ServicePermission, com.sun.security.jgss.InquireSecContextPermission.

      java.security.AllPermission is not being deprecated, as it is used outside of the Security Manager framework by some technologies such as JBoss/Wildfly.

      Solution

      Terminally deprecate the security permission classes by annotating them with @Deprecated(since="25", forRemoval=true). Change the @apiNote in the classes to an @deprecated annotation with the following text: "This permission cannot be used for controlling access to resources as the Security Manager is no longer supported."

      Specification

      See attached apidiff.

            mullan Sean Mullan
            mullan Sean Mullan
            Roger Riggs
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: