Fix warnings about java security manager #152
Conversation
Signed-off-by: Mitch Gaffigan <mitch.gaffigan@comcast.net>
|
@tonygermano, I think this is still safe to merge. JWS was removed in Java 11, and is non-default in Java 8. That's 10-years+ of this being a non-default issue. |
kpalang
requested review from
a team,
kayyagari,
gibson9583,
kpalang and
jonbartels
and removed request for
a team
Java WebStart utilized the SecurityManager, but SecurityManager is not a JWS specific technology. Some of these changes modify server classes as well as client classes. I'm not saying that we shouldn't do this, only that we need to do it carefully. The technology is deprecated, but not dead, and someone could be using it (potentially with 2nd- or 3rd-party libraries.) There is no positive impact to this change other than removing a few compiler warnings, and there are potential negative impacts if we put it in the next release without giving adequate warning that it will be removed. I appreciate you splitting it off from #148, which Kaur merged earlier today. |
|
Can you comment on what conceivable use that might be that these five spots are sufficient? My experience with restricted trust environments is that such things are more prevalent in the codebase, and require frequent maintenance. I normally agree with a cautionary stance, but it's a dead technology that is disabled by default and spews warnings at runtime if enabled on the current release (Java 17). If someone has so custom an environment that they are using this, a line in the release notes is probably sufficient. Regardless, it's a lot easier to say "there should be no warnings" not "ignore the JSM" warnings, so I've submitted #154 until this can merge. |
Fixes javac build warnings present on Java 8 and Java 17.
Split from #148