[jira] [Closed] (DERBY-7138) Remove references to the Java Security Manager

Fri, 13 May 2022 09:45:07 -0700 


     [ 
https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Richard N. Hillegas closed DERBY-7138.
--------------------------------------

> Remove references to the Java Security Manager
> ----------------------------------------------
>
>                 Key: DERBY-7138
>                 URL: https://issues.apache.org/jira/browse/DERBY-7138
>             Project: Derby
>          Issue Type: Task
>          Components: Build tools, Documentation
>    Affects Versions: 10.16.0.0
>            Reporter: Richard N. Hillegas
>            Assignee: Richard N. Hillegas
>            Priority: Major
>             Fix For: 10.16.0.0
>
>         Attachments: DerbyServerTest.java, Z.java, 
> derby-3547-01-aa-policyGenerator.diff, 
> derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff, 
> derby-7138-02-ab-moveMethodsToTestConfiguration.diff, 
> derby-7138-03-aa-removePermissionsTests.diff, 
> derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff, 
> derby-7138-05-aa-removeSecurityManager.diff, 
> derby-7138-06-aa-removeSecurityManagerSetup.diff, 
> derby-7138-07-aa-removePrivilegeBlocksFromTests.diff, 
> derby-7138-08-aa-removePolicyFiles.diff, 
> derby-7138-09-aa-removeMostProductPrivilegeFiles.diff, 
> derby-7138-10-aa-removeRemainingPrivilegeBlocks.diff, 
> derby-7138-11-aa-miscCleanup.diff, 
> derby-7138-12-aa-SYSCS_RELOAD_SECURITY_POLICY.diff, 
> derby-7138-13-aa-adjustUserDocumentation.diff, 
> derby-7138-13-aa-adjustUserDocumentation.tar, 
> derby-7138-14-aa-removeMoreDocReferences-1.tar, 
> derby-7138-14-aa-removeMoreDocReferences.diff, 
> derby-7138-14-aa-removeMoreDocReferences.tar, 
> derby-7138-16-aa-removeMoreReferences.diff, 
> derby-7138-17-ab-securityExceptions.diff, 
> derby-7138-18-aa-moreSecurityExceptions.diff, 
> derby-7138-19-aa-privilegedActions.diff, derby-7138-20-aa-fixJavadoc.diff, 
> postSecurityManager.html, releaseNote.html
>
>
> The Open JDK team has deprecated the Java Security Manager and indicated that 
> it will be removed in a future release of Java. See 
> https://openjdk.java.net/jeps/411. In an email thread titled "protecting 
> security-sensitive operations on multi-tenant servers" on the 
> security-...@openjdk.java.net mailing list, Alan Bateman indicated that 
> developers should containerize their applications instead.
> This issue tracks work needed to remove Derby's references to the Java 
> Security Manager.
> At a minimum, the following work needs to be done:
> o The tests should be adjusted so that they don't install a SecurityManager.
> o References to the SecurityManager should be removed from product code.
> o We should remove the SecurityManager section of the Derby Security Guide. 
> In its place, we should recommend that developers containerize their Derby 
> applications.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to