JDK-8159528 : Deprivilege java.security.jgss, jdk.security.jgss and jdk.security.auth
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss
  • Affected Version: 9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-06-14
  • Updated: 2016-08-05
  • Resolved: 2016-07-31
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9 b130Fixed
Related Reports
Blocks :  
Relates :  
Relates :  
Description
Move java.security.jgss, jdk.security.jgss, jdk.security.auth to the platform class loader. 

It could start with AllPermission and define the fine-grained permissions in as a follow up RFE.
Comments
Note that the permission grants for de-privileged modules must go in jdk/src/java.base/share/lib/security/default.policy and not jdk/src/java.base/share/conf/security/java.policy. See JDK-8159752 for more information.
29-07-2016

Without JDK-8159752, a lot of tests need to updated to read permissions granted to modules. While updating all of them by changing "-Djava.security.policy==" to "-Djava.security.policy=" could help, it is a noise to this code change. The new option could picks up ~/.java.policy on test machines, which could lead to strange behaviors.
27-07-2016

FC Extension Request: description of remaining work: done. in code review risk level: minimal brief justification: part of modularization best estimate of the date by which the feature will be complete: Jul 29, 2016
13-07-2016