On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Please review this change to terminally deprecate the following security > related permission classes: `java.security.AllPermission`, > `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`, > `javax.security.auth.AuthPermission`, > `javax.security.auth.PrivateCredentialPermission`, > `javax.security.auth.kerberos.DelegationPermission`, > `javax.security.auth.kerberos.ServicePermission`, > `com.sun.security.jgss.InquireSecContextPermission`. These classes were only > useful in conjunction with the Security Manager, which is no longer supported. I agree with most of these, however the permissions infrastructure *itself* is still used for user-level authorization (at least in WildFly/JBoss middleware, and I would assume other places as well). Part of this infrastructure does rely on `AllPermission` and its `PermissionCollection`. I don't see a reason to deprecate `AllPermission` before deprecating `Permission` itself. ------------- PR Comment: https://git.openjdk.org/jdk/pull/24445#issuecomment-2778791218
