Summary
-------
Remove the javax.security.auth.Policy API.
Problem
-------
The API has been deprecated since 1.4 and marked forRemoval=true in JDK 10.
Solution
--------
Remove the API and related permission target names and system properties.
Specification
-------------
Remove the src/java.base/share/classes/javax/security/auth/Policy.java file.
Remove some AuthPermission target names:
diff --git a/src/java.base/share/classes/javax/security/auth/AuthPermission.java b/src/java.base/share/classes/javax/security/auth/AuthPermission.java
--- a/src/java.base/share/classes/javax/security/auth/AuthPermission.java
+++ b/src/java.base/share/classes/javax/security/auth/AuthPermission.java
@@ -32,7 +32,7 @@
*
* <p> The target name is the name of a security configuration parameter
* (see below). Currently the {@code AuthPermission} object is used to
- * guard access to the {@link Policy}, {@link Subject},
+ * guard access to the {@link Subject},
* {@link javax.security.auth.login.LoginContext}, and
* {@link javax.security.auth.login.Configuration} objects.
*
@@ -121,21 +121,6 @@
* {@code LoginContext}.
* </pre>
*
- * <p> {@code javax.security.auth.Policy} has been
- * deprecated in favor of {@code java.security.Policy}.
- * Therefore, the following target names have also been deprecated:
- *
- * <pre>
- * getPolicy - allow the caller to retrieve the system-wide
- * Subject-based access control policy.
- *
- * setPolicy - allow the caller to set the system-wide
- * Subject-based access control policy.
- *
- * refreshPolicy - allow the caller to refresh the system-wide
- * Subject-based access control policy.
- * </pre>
- *
* @implNote
* Implementations may define additional target names, but should use naming
* conventions such as reverse domain name notation to avoid name clashes.
Remove some system properties:
* auth.policy.provider
* cache.auth.policy
* java.security.auth.policy
* auth.policy.url.<n>