Closed arjantijms closed 1 year ago
Is there a platform view of whether running under a security manager is support for Jakarta EE 10?
@markt-asf There basically is. I brought this to the attention of the platform team in a platform call, and there was consensus for putting out the statement that running under a security manager is at least deprecated.
Patching in @ivargrimstad
In case we don't outright remove it, there are maybe two alternative options:
AccessController
is deprecated and will be removed in the future.AccessController
actually called. It's still referenced in the code then, but that's a step up from actually calling it.AFAIK the intention is for AccessController
to continue to exist in the JDK for a while after removal, it will just become a no-op, so I think we can leave this for now. There is a huge amount of existing code that references AccessController
so I don't think it is going to completely disappear for a while.
AFAIK the intention is for AccessController to continue to exist in the JDK for a while after removal,
I hope so, although at the moment it does seem to trigger warnings being logged. So that's why at least for the APIs it may not be a bad idea to disable the checks via a switch. Then again, maybe the warning can be disabled by the same kind of switch (at the JDK level).
The Cookie class uses the
AccessController
, which is marked for removal in JDK 17:Shall we already remove this for Servlet 6.0.0 / Jakarta EE 10?