Deprecate all SecurityManager usages in API/Spec in light of JEP-411 and Java 17

jakartaee / authentication

Jakarta Authentication

https://eclipse.org/ee4j/jaspic

Other

24 stars 33 forks source link

Deprecate all SecurityManager usages in API/Spec in light of JEP-411 and Java 17 #138

Closed joakime closed 2 years ago

joakime commented 2 years ago

JEP-411 - https://openjdk.java.net/jeps/411

The Java SecurityManager is dead, it is not supported in Java 17, and will be removed in the next Java release.

Jakarta Authentication should remove the related SecurityManager usages and requirements.

Example: jakarta.security.auth.message.config.AuthConfigFactory.checkPermission(Permission) should be removed.

https://github.com/jakartaee/authentication/blob/master/api/src/main/java/jakarta/security/auth/message/config/AuthConfigFactory.java#L157

darranl commented 2 years ago

FYI the following was created at the platform level regarding deprecation and subsequent removal: https://github.com/eclipse-ee4j/jakartaee-platform/issues/406

joakime commented 2 years ago

Interesting, shame there's not much meat on that platform level issue.

arjantijms commented 2 years ago

@joakime @darranl I'll deprecate the public static permissions that are used to protect the static getFactory and setFactory methods. We can remove the method you indicated as well as those permissions in a next version, perhaps even in a .1 maintenance update between EE 10 and EE 11.