> This is the implementation of JEP 486: Permanently Disable the Security 
> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The 
> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail the 
> main changes in the JEP and also includes an apidiff of the specification 
> changes.
> 
> NOTE: the majority (~95%) of the changes in this PR are test updates 
> (removal/modifications) and API specification changes, the latter mostly to 
> remove `@throws SecurityException`. The remaining changes are primarily the 
> removal of the `SecurityManager`, `Policy`, `AccessController` and other 
> Security Manager API implementations. There is very little new code.
> 
> The code changes can be broken down into roughly the following categories:
> 
> 1. Degrading the behavior of Security Manager APIs to either throw Exceptions 
> by default or provide an execution environment that disallows access to all 
> resources by default.
> 2. Changing hundreds of methods and constructors to no longer throw a 
> `SecurityException` if a Security Manager was enabled. They will operate as 
> they did in JDK 23 with no Security Manager enabled.
> 3. Changing the `java` command to exit with a fatal error if a Security 
> Manager is enabled.
> 4. Removing the hotspot native code for the privileged stack walk and the 
> inherited access control context. The remaining hotspot code and tests 
> related to the Security Manager will be removed immediately after integration 
> - see [JDK-8341916](https://bugs.openjdk.org/browse/JDK-8341916).
> 5. Removing or modifying hundreds of tests. Many tests that tested Security 
> Manager behavior are no longer relevant and thus have been removed or 
> modified.
> 
> There are a handful of Security Manager related tests that are failing and 
> are at the end of the `test/jdk/ProblemList.txt`, 
> `test/langtools/ProblemList.txt` and `test/hotspot/jtreg/ProblemList.txt` 
> files - these will be removed or separate bugs will be filed before 
> integrating this PR. 
> 
> Inside the JDK, we have retained calls to 
> `SecurityManager::getSecurityManager` and `AccessController::doPrivileged` 
> for now, as these methods have been degraded to behave the same as they did 
> in JDK 23 with no Security Manager enabled. After we integrate this JEP, 
> those calls will be removed in each area (client-libs, core-libs, security, 
> etc).
> 
> I don't expect each reviewer to review all the code changes in this JEP. 
> Rather, I advise that you only focus on the changes for the area 
> (client-libs, core-libs, net, security, etc) that you are most f...

Sean Mullan has updated the pull request with a new target base due to a merge 
or a rebase. The pull request now contains 230 commits:

 - Merge
 - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411
 - Merge branch 'master' into jep486
 - Merge branch 'master' into jep486
 - Merge branch 'master' into jep486
 - Merge branch 'master' into jep486
 - Merge remote-tracking branch 'jdk-sandbox/jep486' into JDK-8338411
 - Merge branch 'master' into jep486
 - Move remaining JEP 486 failing tests into correct groups.
 - Move JEP 486 failing tests into hotspot_runtime group.
 - ... and 220 more: https://git.openjdk.org/jdk/compare/8a2a75e5...7c996a5e

-------------

Changes: https://git.openjdk.org/jdk/pull/21498/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=21498&range=10
  Stats: 68915 lines in 1889 files changed: 2475 ins; 62597 del; 3843 mod
  Patch: https://git.openjdk.org/jdk/pull/21498.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/21498/head:pull/21498

PR: https://git.openjdk.org/jdk/pull/21498

Reply via email to