You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Richard N. Hillegas (Jira)" <ji...@apache.org> on 2022/03/29 16:54:00 UTC

[jira] [Commented] (DERBY-7138) Remove references to the Java Security Manager

    [ https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17514191#comment-17514191 ] 

Richard N. Hillegas commented on DERBY-7138:
--------------------------------------------

Attaching derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff. This patch removes references to the SecurityManager from the old test harness. The old harness tests run cleanly with this patch.

{noformat}
M       java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/RunTest.java

Remove references to the SecurityManager. Don't install a SecurityManager when running old harness tests.
{noformat}


> Remove references to the Java Security Manager
> ----------------------------------------------
>
>                 Key: DERBY-7138
>                 URL: https://issues.apache.org/jira/browse/DERBY-7138
>             Project: Derby
>          Issue Type: Task
>          Components: Build tools, Documentation
>    Affects Versions: 10.16.0.0
>            Reporter: Richard N. Hillegas
>            Assignee: Richard N. Hillegas
>            Priority: Major
>         Attachments: derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff
>
>
> The Open JDK team has deprecated the Java Security Manager and indicated that it will be removed in a future release of Java. See https://openjdk.java.net/jeps/411. In an email thread titled "protecting security-sensitive operations on multi-tenant servers" on the security-dev@openjdk.java.net mailing list, Alan Bateman indicated that developers should containerize their applications instead.
> This issue tracks work needed to remove Derby's references to the Java Security Manager.
> At a minimum, the following work needs to be done:
> o The tests should be adjusted so that they don't install a SecurityManager.
> o References to the SecurityManager should be removed from product code.
> o We should remove the SecurityManager section of the Derby Security Guide. In its place, we should recommend that developers containerize their Derby applications.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)