Le 22/09/16 à 16:56, Steve Moyer a écrit :
> During the birds-of-a-feather session titled "OpenJDK Security Group:
> Discussion and Q&A" on Tuesday night, there were relatively detailed
> discussions of what changes (plus and minus) might be made in OpenJDK 9 and
> 10. Once the module system (Jigsaw) is in place, there are also plans to
> eliminate many of the restricted Sun classes and to hide others.
> Those of us who have been careful not to use these restricted classes, we've
> often recreated the code (in some facsimile). Part of the discussion also
> focused on which classes would be useful to the community if they were made
> public. Since there is Kerberos protocol code in the Kerberos implementation
> of the LoginContext and LDAP protocol code underlying JNDI connections to
> LDAP, these are potential candidates.
> The OpenJDK security group asked us to provide a list of what classes (or
> packages of classes) might be useful to the community. Here are some of the
> packages we discussed:
> - GSSAPI Enhancements with more public methods (this is planned)
> - SSLEngine (enhance and make more methods public)
> - ASN.1
> - BER
> So ... what other categories of classes would be useful? The Apache
> Directory project obviously maintains code that performs the same functions -
> wouldn't it be nice if the JDK itself took over some of the low-level
> protocol code (especially where it already exists). If we collect a list in
> this email thread I'd be happy to pass it along.
FTR, ASN.1 classes would be a bit problematic, as it all depend on the
used encoding. BER, that is a different story.
We don't use JNDI (except in places where we need to convert JNDI to
Kerberos is definitively something we use and would love to have
improved features in teh JDK.
And if they decided to rewrite SSLEngine, I would have only one thing to
say : Hourrah !