People believed Java Serialization was secure for a long time, I had
arguments about that too, long before it was public knowledge, until it
wasn't, then it couldn't be fixed fast enough to keep up with
vulnerabilities.
You nonchalantly plan to remove the SM infrastructure while blocking us
f
Please undeprecate DomainController interface, AccessController,
AccessControlContext and Subject methods, while removing the remaining
methods in JEP411.
Just document that these methods don't do anything by default, and use
the null object pattern where appropriate.
Deprecation is causing
Maybe I had the wrong Subject?
I'm still trying to figure out how to migrate before removal of
deprecated API's.
1. Our software architecture is designed and currently relies on
classes in JEP411 for authorisation decisions.
2. It's not possible for our software to have security bolted on a
