Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Design and implement replacement for Policy #99

Open
arjantijms opened this issue Sep 10, 2021 · 4 comments
Open

Design and implement replacement for Policy #99

arjantijms opened this issue Sep 10, 2021 · 4 comments
Milestone
3.0

Comments

@arjantijms
Copy link
Contributor

The java.security.Policy class is currently deprecated for removal as part of https://openjdk.java.net/jeps/411 that deprecates the entire security manager.

Jakarta Authorization uses Policy as an entry into its authorization modules; meaning the container calls methods on Policy in order to interact with these. As Policy is going to be removed, this has a big impact on this API.

The best course of action is likely to create a replacement class for Policy containing exactly the methods a container would normally call. These are essentially the implies method and the "getPermissions" method.
@arjantijms
Copy link
Contributor Author

See also jakartaee/platform#406

@arjantijms arjantijms mentioned this issue Dec 15, 2021
Open
@starksm64
Copy link

It does not seem likely we can address this issue for EE10.

@arjantijms
Copy link
Contributor Author

It does not seem likely we can address this issue for EE10.

Very, very unfortunately indeed not, but it is what it is. This will have to be addressed in the next major version then.

@arjantijms arjantijms mentioned this issue Nov 7, 2023
Open
@arjantijms
Copy link
Contributor Author

These are essentially the implies method and the "getPermissions" method.

A typical pattern for using the Policy is as follows:

    boolean checkPermission(Permission permissionToBeChecked, Set<Principal> principals) {
        return policy.implies(newProtectionDomain(principals), permissionToBeChecked);
    }

Where newProtectionDomain is implemented as follows:

    private ProtectionDomain newProtectionDomain(Set<Principal> principalSet) {
        return new ProtectionDomain(
                emptyCodeSource,
                null,
                null,
                principalSet == null ? null : (Principal[]) principalSet.toArray(new Principal[0]));
    }

The new implies method only really needs the collection of Principal and the Permission to be checked. We could also opt to name the method 'checkPermission`, but for the initial draft we may want to stay close to the original and keep using 'implies'.

arjantijms added a commit to arjantijms/authorization that referenced this issue Nov 21, 2023
@arjantijms
Policy replacement as per jakartaee#99
f35c847 
Signed-off-by: Arjan Tijms <arjan.tijms@omnifish.ee>
@arjantijms arjantijms added this to the 3.0 milestone Nov 21, 2023
arjantijms added a commit that referenced this issue Nov 21, 2023
@arjantijms
Merge pull request #131 from arjantijms/99_policy_replacement
c674038 
Policy replacement as per #99
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
2 participants
@starksm64 @arjantijms