ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaikiran Pai <>
Subject Re: Impact of Java SecurityManager being deprecated for removal post Java 17
Date Thu, 19 Aug 2021 08:53:42 GMT
Hello Stefan,

On 19/08/21 1:15 pm, Stefan Bodewig wrote:
> On 2021-08-05, Jaikiran Pai wrote:
>> Ant project will be impacted by this. Ant provides a "permissions"
>> type[1] whose whole goal is to integrate with the Java SecurityManager
>> to allow users to configure the necessary security permissions. With
>> the SecurityManager and the APIs potentially gone after Java 17, we
>> can no longer support this. One additional point to note here is that,
>> Ant also uses the SecurityManager APIs even when "permissions" type is
>> not involved, at least in the "java" task and the "junit" task, where
>> we setup a SecurityManager with very minimal permissions.
> At a cursory glance I only see JUnitTask and ExecuteJava deal with the
> SecurityManager if permissions have been defined. Where else do we use
> one?

 From what I see in the Java task code[1], the "execute()" method of 
that task calls, "checkConfiguration()"[2] method, which in a non-forked 
mode, creates a Permissions instance if no explicit permissions has been 
configured[3]. After this is done, when it then calls the ExecuteJava 
class it finds this non-null Permissions instance and ends up setting up 
the SecurityManager using the security manager APIs[4]. Effectively, 
even if users haven't configured any permissions, we end up using a 
security manager.






To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message