On Sat, Mar 23, 2019 at 10:45:34AM -0500, David Lloyd wrote: > On Fri, Mar 22, 2019 at 10:29 AM Nico Williams > <nico.willi...@twosigma.com> wrote: > > > > On Thu, Mar 21, 2019 at 10:17:36PM +0100, Michael Osipov wrote: > > > * header comment: Why do actually exclude NTLM from SPNEGO? Let SSPI work > > > as > > > it is intended to work. Means less code you have to maintain > > > > There's a few reasons: > > > > - NTLM doesn't have an OID, at least as I remember > > > > - the JDK's JGSS stuff is very Kerberos-specific, especially w/ regards > > to the ServicePermission stuff > > > > IMO JAAS (and with it, *Permission) should be removed with prejudice now > > that applet support has been removed. Perhaps stubs should be left > > behind for compatibility reasons, and all the doAs*() methods should > > just act as though permission is granted. > > I assume that you mean SecurityManager and AccessController as well > (which are not a part of JAAS AFAIK)?
Anything that's only used for applets.
