JDK-8161506 : Deprecate pre-1.2 SecurityManager methods and fields with forRemoval=true
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-07-15
  • Updated: 2017-08-21
  • Resolved: 2016-08-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
9 b130Fixed
Related Reports
CSR :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8162613 :  
Several deprecated methods and fields in SecurityManager are only for use in implementations prior to JDK 1.2. Each of them have been deprecated since JDK 1.2 and are brittle and should not be used in modern implementations. They should be marked with forRemoval=true to indicate they will be removed in a subsequent JDK major release. It is no longer necessary to retain support for pre-1.2 SecurityManager implementations and removing these methods will clean up the SecurityManager class and eliminate the potential for them to be used incorrectly or insecurely. 

The forRemoval=true attribute should be added to the inCheck field, and the getInCheck, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, inClass, and inClassLoader methods.

The checkMemberAccess method is also a pre-1.2 deprecated method, but it has already been marked with forRemoval=true as part of JDK-8145468.
FC Extension Request Remaining work: Wait for CCC approval and request a public review of the code changes. Risk level: low. These methods have been deprecated since 1.2 and have replacements. The fix is only doc changes. Justification: These SecurityManager methods are brittle and error-prone, and have been deprecated since 1.2. They should be marked for removal and removed in the next major release. Estimated completion date: August 12