Skip to content

Fix warnings about java security manager #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix warnings about java security manager #152

wants to merge 1 commit into from
+5 −15

Conversation

mgaffigan
Copy link
Contributor

Fixes javac build warnings present on Java 8 and Java 17.

Split from #148

@mgaffigan
Remove legacy Java Security Manager use, since JWS and Applets are dead
d142466 
Signed-off-by: Mitch Gaffigan <mitch.gaffigan@comcast.net>
@mgaffigan mgaffigan mentioned this pull request Jul 29, 2025
Merged
@mgaffigan
Copy link
Contributor Author

mgaffigan commented Jul 29, 2025
edited
Loading

@tonygermano, I think this is still safe to merge. JWS was removed in Java 11, and is non-default in Java 8. That's 10-years+ of this being a non-default issue.

@kpalang kpalang requested review from a team, kayyagari, gibson9583, kpalang and jonbartels and removed request for a team August 1, 2025 12:06
@tonygermano
Copy link
Member

@tonygermano, I think this is still safe to merge. JWS was removed in Java 11, and is non-default in Java 8. That's 10-years+ of this being a non-default issue.

Java WebStart utilized the SecurityManager, but SecurityManager is not a JWS specific technology. Some of these changes modify server classes as well as client classes.

I'm not saying that we shouldn't do this, only that we need to do it carefully. The technology is deprecated, but not dead, and someone could be using it (potentially with 2nd- or 3rd-party libraries.) There is no positive impact to this change other than removing a few compiler warnings, and there are potential negative impacts if we put it in the next release without giving adequate warning that it will be removed.

I appreciate you splitting it off from #148, which Kaur merged earlier today.

@mgaffigan mgaffigan mentioned this pull request Aug 1, 2025
Open
@mgaffigan
Copy link
Contributor Author

Can you comment on what conceivable use that might be that these five spots are sufficient? My experience with restricted trust environments is that such things are more prevalent in the codebase, and require frequent maintenance. I normally agree with a cautionary stance, but it's a dead technology that is disabled by default and spews warnings at runtime if enabled on the current release (Java 17). If someone has so custom an environment that they are using this, a line in the release notes is probably sufficient.

Regardless, it's a lot easier to say "there should be no warnings" not "ignore the JSM" warnings, so I've submitted #154 until this can merge.

@NicoPiel
Copy link

NicoPiel commented Sep 3, 2025
edited
Loading

someone could be using it (potentially with 2nd- or 3rd-party libraries.)

Yes, but it's not feasible for OIE to consider every possible deprecated use-case of disabled-by-default technology, right? Getting rid of stuff like this will only facilitate getting of Mirth's rat tail of ancient dependencies and technologies in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kayyagari kayyagari Awaiting requested review from kayyagari kayyagari was automatically assigned from OpenIntegrationEngine/maintainers

@gibson9583 gibson9583 Awaiting requested review from gibson9583 gibson9583 was automatically assigned from OpenIntegrationEngine/maintainers

@kpalang kpalang Awaiting requested review from kpalang kpalang was automatically assigned from OpenIntegrationEngine/maintainers

@jonbartels jonbartels Awaiting requested review from jonbartels jonbartels was automatically assigned from OpenIntegrationEngine/maintainers

At least 3 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mgaffigan @tonygermano @NicoPiel