You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by GitBox <gi...@apache.org> on 2022/09/21 18:51:06 UTC

[GitHub] [lucene] stevenschlansker opened a new issue, #11801: Remove usage of SecurityManager and AccessController

stevenschlansker opened a new issue, #11801:
URL: https://github.com/apache/lucene/issues/11801

   ### Description
   
   Java is removing the SecurityManager and AccessController.
   
   Running Lucene build under Java 17 emits a lot of warnings:
   
   ```
   WARNING: A command line option has enabled the Security Manager
   WARNING: The Security Manager is deprecated and will be removed in a future release
   ```
   
   In a future release, this will break the build. Lucene should remove all uses of SecurityManager and AccessController to work in future Java versions.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org

[GitHub] [lucene] rmuir commented on issue #11801: Remove usage of SecurityManager and AccessController

Posted by GitBox <gi...@apache.org>.

rmuir commented on issue #11801:
URL: https://github.com/apache/lucene/issues/11801#issuecomment-1254102841

   We use it to sandbox our tests, so we shouldn't remove it without replacement. Otherwise tests might interfere with each other which is not fun to debug.
   
   Additionally as a library, we need to support these APIs properly for applications that use the security manager (e.g. elasticsearch). We should support it as long as possible to give such apps time to "replace" as well.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org

[GitHub] [lucene] stevenschlansker commented on issue #11801: Remove usage of SecurityManager and AccessController

Posted by GitBox <gi...@apache.org>.

stevenschlansker commented on issue #11801:
URL: https://github.com/apache/lucene/issues/11801#issuecomment-1254120085

   > for the situation of being a library and needing to support apps that still rely on securitymanager, I don't see any immediate fix. because the only way to know the security code works, is to run our tests with security manager enabled...
   
   Yes, this is going to be a challenge. Some apps will want to be on Java Latest, which will not even have the types defined. Other apps will still run on Java 8, even 20 years later ;) , and supporting both will be tricky.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org

[GitHub] [lucene] rmuir commented on issue #11801: Remove usage of SecurityManager and AccessController

Posted by GitBox <gi...@apache.org>.

rmuir commented on issue #11801:
URL: https://github.com/apache/lucene/issues/11801#issuecomment-1254139967

   I'm not worried, according to the JEP: https://openjdk.org/jeps/411
   ```
   In feature releases after Java 18, we will degrade other Security Manager APIs so that they remain in place but with limited or no functionality. For example, we may revise AccessController::doPrivileged simply to run the given action, or revise System::getSecurityManager always to return null. This will allow libraries that support the Security Manager and were compiled against previous Java releases to continue to work without change or even recompilation. We expect to remove the APIs once the compatibility risk of doing so declines to an acceptable level.
   ```
   
   So it seems these APIs will become "no-ops" first.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org

[GitHub] [lucene] rmuir commented on issue #11801: Remove usage of SecurityManager and AccessController

Posted by GitBox <gi...@apache.org>.

rmuir commented on issue #11801:
URL: https://github.com/apache/lucene/issues/11801#issuecomment-1254114559

   for the tests i have a couple ideas:
   * use forbidden-apis more aggressively to statically prevent tests from doing stuff we don't want. Actually more powerful for our use-case in a lot of ways, e.g. we should ban `Thread.sleep()` :)
   * add `mockfs` layer to enforce tests only write to their own unique directory. Enforcing the filesystem access is isolated is key, but this should work almost as well as security manager (we don't have many dependencies using the old `java.io` etc that would bypass it)
   
   for the situation of being a library and needing to support apps that still rely on securitymanager, I don't see any immediate fix. because the only way to know the security code works, is to run our tests with security manager enabled...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org