People believed Java Serialization was secure for a long time, I had
arguments about that too, long before it was public knowledge, until it
wasn't, then it couldn't be fixed fast enough to keep up with
vulnerabilities.
You nonchalantly plan to remove the SM infrastructure while blocking us
f
Please undeprecate DomainController interface, AccessController,
AccessControlContext and Subject methods, while removing the remaining
methods in JEP411.
Just document that these methods don't do anything by default, and use
the null object pattern where appropriate.
Deprecation is causing
Maybe I had the wrong Subject?
I'm still trying to figure out how to migrate before removal of
deprecated API's.
1. Our software architecture is designed and currently relies on
classes in JEP411 for authorisation decisions.
2. It's not possible for our software to have security bolted on a
I don't think I'm really asking for much here. JEP411's plan will
destroy our ability to manage user and service authorization in our
existing software, at least cut us a little slack. I wish we built our
software on some other authorization API, unfortunately we didn't.
We're just trying t
Hello OpenJDK folk,
SecurityManager, AccessController and AccessControlContext will be
removed in a future version of Java.
Just briefly: Our software is heavily dependant on Java's Authorization
framework, we use ProtectionDomain's to represent remote services for
authorization decisions.
