On 6/8/21 9:35 PM, Peter Firmstone wrote:
I would also like to request that all JDK modules be given ProtectionDomain's following SecurityManager deprecation. Currently some modules have null ProtectionDomain's to show they have AllPermission. However we don't grant AllPermission to code in practise, we like to grant certain Permission's to Principal's, not code, where the Principal is the source of data, indicating the user has been authenticated and we only grant what's necessary and no more.
As described in JEP 411, there are no plans to deprecate ProtectionDomain at this time.
--Sean
