ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaikiran Pai <jaiki...@apache.org>
Subject Re: Impact of Java SecurityManager being deprecated for removal post Java 17
Date Thu, 19 Aug 2021 08:53:42 GMT
Hello Stefan,

On 19/08/21 1:15 pm, Stefan Bodewig wrote:
> On 2021-08-05, Jaikiran Pai wrote:
>
>> Ant project will be impacted by this. Ant provides a "permissions"
>> type[1] whose whole goal is to integrate with the Java SecurityManager
>> to allow users to configure the necessary security permissions. With
>> the SecurityManager and the APIs potentially gone after Java 17, we
>> can no longer support this. One additional point to note here is that,
>> Ant also uses the SecurityManager APIs even when "permissions" type is
>> not involved, at least in the "java" task and the "junit" task, where
>> we setup a SecurityManager with very minimal permissions.
> At a cursory glance I only see JUnitTask and ExecuteJava deal with the
> SecurityManager if permissions have been defined. Where else do we use
> one?

 From what I see in the Java task code[1], the "execute()" method of 
that task calls, "checkConfiguration()"[2] method, which in a non-forked 
mode, creates a Permissions instance if no explicit permissions has been 
configured[3]. After this is done, when it then calls the ExecuteJava 
class it finds this non-null Permissions instance and ends up setting up 
the SecurityManager using the security manager APIs[4]. Effectively, 
even if users haven't configured any permissions, we end up using a 
security manager.


[1] 
https://github.com/apache/ant/blob/master/src/main/org/apache/tools/ant/taskdefs/Java.java

[2] 
https://github.com/apache/ant/blob/master/src/main/org/apache/tools/ant/taskdefs/Java.java#L142

[3] 
https://github.com/apache/ant/blob/master/src/main/org/apache/tools/ant/taskdefs/Java.java#L205

[4] 
https://github.com/apache/ant/blob/master/src/main/org/apache/tools/ant/taskdefs/ExecuteJava.java#L215


-Jaikiran



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message