> This is the implementation of JEP 486: Permanently Disable the Security > Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The > [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail the > main changes in the JEP and also includes an apidiff of the specification > changes. > > NOTE: the majority (~95%) of the changes in this PR are test updates > (removal/modifications) and API specification changes, the latter mostly to > remove `@throws SecurityException`. The remaining changes are primarily the > removal of the `SecurityManager`, `Policy`, `AccessController` and other > Security Manager API implementations. There is very little new code. > > The code changes can be broken down into roughly the following categories: > > 1. Degrading the behavior of Security Manager APIs to either throw Exceptions > by default or provide an execution environment that disallows access to all > resources by default. > 2. Changing hundreds of methods and constructors to no longer throw a > `SecurityException` if a Security Manager was enabled. They will operate as > they did in JDK 23 with no Security Manager enabled. > 3. Changing the `java` command to exit with a fatal error if a Security > Manager is enabled. > 4. Removing the hotspot native code for the privileged stack walk and the > inherited access control context. The remaining hotspot code and tests > related to the Security Manager will be removed immediately after integration > - see [JDK-8341916](https://bugs.openjdk.org/browse/JDK-8341916). > 5. Removing or modifying hundreds of tests. Many tests that tested Security > Manager behavior are no longer relevant and thus have been removed or > modified. > > There are a handful of Security Manager related tests that are failing and > are at the end of the `test/jdk/ProblemList.txt`, > `test/langtools/ProblemList.txt` and `test/hotspot/jtreg/ProblemList.txt` > files - these will be removed or separate bugs will be filed before > integrating this PR. > > Inside the JDK, we have retained calls to > `SecurityManager::getSecurityManager` and `AccessController::doPrivileged` > for now, as these methods have been degraded to behave the same as they did > in JDK 23 with no Security Manager enabled. After we integrate this JEP, > those calls will be removed in each area (client-libs, core-libs, security, > etc). > > I don't expect each reviewer to review all the code changes in this JEP. > Rather, I advise that you only focus on the changes for the area > (client-libs, core-libs, net, security, etc) that you are most f...
Sean Mullan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 230 commits: - Merge - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411 - Merge branch 'master' into jep486 - Merge branch 'master' into jep486 - Merge branch 'master' into jep486 - Merge branch 'master' into jep486 - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411 - Merge branch 'master' into jep486 - Move remaining JEP 486 failing tests into correct groups. - Move JEP 486 failing tests into hotspot_runtime group. - ... and 220 more: https://git.openjdk.org/jdk/compare/8a2a75e5...7c996a5e ------------- Changes: https://git.openjdk.org/jdk/pull/21498/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=21498&range=10 Stats: 68915 lines in 1889 files changed: 2475 ins; 62597 del; 3843 mod Patch: https://git.openjdk.org/jdk/pull/21498.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/21498/head:pull/21498 PR: https://git.openjdk.org/jdk/pull/21498