[jira] [Updated] (DERBY-7138) Remove references to the Java Security Manager
[ https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Richard N. Hillegas updated DERBY-7138: --- Attachment: derby-7138-03-aa-removePermissionsTests.diff > Remove references to the Java Security Manager > -- > > Key: DERBY-7138 > URL: https://issues.apache.org/jira/browse/DERBY-7138 > Project: Derby > Issue Type: Task > Components: Build tools, Documentation >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: > derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff, > derby-7138-02-ab-moveMethodsToTestConfiguration.diff, > derby-7138-03-aa-removePermissionsTests.diff > > > The Open JDK team has deprecated the Java Security Manager and indicated that > it will be removed in a future release of Java. See > https://openjdk.java.net/jeps/411. In an email thread titled "protecting > security-sensitive operations on multi-tenant servers" on the > security-...@openjdk.java.net mailing list, Alan Bateman indicated that > developers should containerize their applications instead. > This issue tracks work needed to remove Derby's references to the Java > Security Manager. > At a minimum, the following work needs to be done: > o The tests should be adjusted so that they don't install a SecurityManager. > o References to the SecurityManager should be removed from product code. > o We should remove the SecurityManager section of the Derby Security Guide. > In its place, we should recommend that developers containerize their Derby > applications. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7138) Remove references to the Java Security Manager
[
https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17516148#comment-17516148
]
Richard N. Hillegas commented on DERBY-7138:
Attaching derby-7138-03-aa-removePermissionsTests.diff. This patch removes
tests which obviously only exercise Derby's use of the SecurityManager. With
this patch, the tests pass cleanly with both the classpath and module path.
{noformat}
D
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/derbynet/_Suite.java
D
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/engine/ShutdownWithoutDeregisterPermissionTest.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/engine/_Suite.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/LuceneSuite.java
D
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/LuceneSupportPermsTest.java
D
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java
D
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
D
java/org.apache.derby.tests/org/apache/derbyTesting/unitTests/junit/AssertFailureTest.java
D
java/org.apache.derby.tests/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.java
D
java/org.apache.derby.tests/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/unitTests/junit/_Suite.java
Remove tests which just exercise the SecurityManager.
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/LuceneJarLoadingTest.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/LuceneSupportTest.java
Relocate some methods out of the deleted LuceneSupportPermsTest.
{noformat}
> Remove references to the Java Security Manager
> --
>
> Key: DERBY-7138
> URL: https://issues.apache.org/jira/browse/DERBY-7138
> Project: Derby
> Issue Type: Task
> Components: Build tools, Documentation
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments:
> derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff,
> derby-7138-02-ab-moveMethodsToTestConfiguration.diff,
> derby-7138-03-aa-removePermissionsTests.diff
>
>
> The Open JDK team has deprecated the Java Security Manager and indicated that
> it will be removed in a future release of Java. See
> https://openjdk.java.net/jeps/411. In an email thread titled "protecting
> security-sensitive operations on multi-tenant servers" on the
> security-...@openjdk.java.net mailing list, Alan Bateman indicated that
> developers should containerize their applications instead.
> This issue tracks work needed to remove Derby's references to the Java
> Security Manager.
> At a minimum, the following work needs to be done:
> o The tests should be adjusted so that they don't install a SecurityManager.
> o References to the SecurityManager should be removed from product code.
> o We should remove the SecurityManager section of the Derby Security Guide.
> In its place, we should recommend that developers containerize their Derby
> applications.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (DERBY-7138) Remove references to the Java Security Manager
[ https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17516003#comment-17516003 ] ASF subversion and git services commented on DERBY-7138: Commit 1899495 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1899495 ] DERBY-7138: Move some methods and state from SecurityManagerSetup into TestConfiguration; commit derby-7138-02-ab-moveMethodsToTestConfiguration.diff. > Remove references to the Java Security Manager > -- > > Key: DERBY-7138 > URL: https://issues.apache.org/jira/browse/DERBY-7138 > Project: Derby > Issue Type: Task > Components: Build tools, Documentation >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: > derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff, > derby-7138-02-ab-moveMethodsToTestConfiguration.diff > > > The Open JDK team has deprecated the Java Security Manager and indicated that > it will be removed in a future release of Java. See > https://openjdk.java.net/jeps/411. In an email thread titled "protecting > security-sensitive operations on multi-tenant servers" on the > security-...@openjdk.java.net mailing list, Alan Bateman indicated that > developers should containerize their applications instead. > This issue tracks work needed to remove Derby's references to the Java > Security Manager. > At a minimum, the following work needs to be done: > o The tests should be adjusted so that they don't install a SecurityManager. > o References to the SecurityManager should be removed from product code. > o We should remove the SecurityManager section of the Derby Security Guide. > In its place, we should recommend that developers containerize their Derby > applications. -- This message was sent by Atlassian Jira (v8.20.1#820001)
