JDK-8353728 : Deprecate core library permission classes for removal
  • Type: CSR
  • Component: core-libs
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 25
  • Submitted: 2025-04-04
  • Updated: 2025-04-07
  • Resolved: 2025-04-07
Related Reports
CSR :  
JDK-8353641 - Deprecate core library permission classes for removal
Description
Summary
-------

Permission classes used by the now removed Security Manager are deprecated for removal including FilePermission, LinkPermission, LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission, and SerializablePermission.

Problem
-------
Now that JEP 486 has been integrated and the Security Manager is permanently disabled, the following permission classes in the core libraries are no longer useful: FilePermission, LinkPermission, LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission, SerializablePermission.

Solution
--------

The classes and methods should be deprecated for removal to generate warnings for any use of the classes in libraries or applications.

Specification
-------------

For the classes FilePermission, LinkPermission, LoggingPermission, PropertyPermission, ReflectPermission, RuntimePermission, and SerializablePermission,
each class adds the annotation indicating the deprecation for removal.

`@Deprecated(since="25", orRemoval = true)`

The '@apiNote'  in each class is changed to '@deprecated' so that the javadoc for each class includes the text:

`Deprecated, for removal: This API element is subject to removal in a future version.`

The existing text describing the deprecation is retained:

` This permission cannot be used for controlling access to resources as the Security Manager is no longer supported.`
Comments
Moving updated request to Approved.
07-04-2025
Attach a patch for the deprecated notices on the permission classes.
07-04-2025
Moving to Provisional, not Approved. [~rriggs], please also include a diff of the changes in situ before re-Finalizing the request.
04-04-2025