Would the OpenJDK team consider the following?
Where SecurityManager is invoked directly now, such as:
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm != null)
sm.checkPermission(new RuntimePermission("setFactory"));
Can we change these routines to the simpler form:
newRuntimePermission("setFactory").checkGuard(null);
This will give us more time to transition to a replacement authorization
layer.
We can instrument the Permission#checkGuard method, this will assist us
to utilise existing Permission check hooks after SecurityManager is
removed. Longer term we will need to maintain our own instrumentation
hooks, but this will go a long way towards giving us a head start, by
leveraging the existing.
--
Regards,
Peter Firmstone
