On 04/18/2014 05:44 PM, Bill Burke wrote:
Late to the discussion, but this came up in conversations at
DevNation.
Are you sure you guys want to fully enable the Java security manager
going forward? Jboss has been around for, what 14 years now? How many
users/customers actually desire the Java Security Manager to be on by
default? Could it be a possibility that the majority of our
customers/users might freak out if they found that all of a sudden the
Java Security Manager is on when it has been off the last 14 years?
I don't know. Just seems to me that there is a lot of other cool ideas
that you guys have been discussing that might be more interesting to
wildfly's user base.
DML, Stefan Guilhen and I had a brainstorming session months ago before
the development of the security manager subsystem in WF8.
This session was mainly to address the permissions.xml requirement in EE7
https://blogs.oracle.com/SecuritEE/entry/java_ee_7_permission_declarations
During this session, we discussed the two options among many other
discussion items:
a) Enable Java Security Manager as default in WF8.
b) Create a custom JSM Policy implementation to replace the one in the JVM.
Both these options were immediately dropped as neither useful nor
necessary for
the WildFly community.
The Java Security Manager redesign happened around JDK 1.2 (applet era)
and has had no
major overhaul in the implementation. One change that may be useful is
the introduction of
a Policy SPI in JDK6:
http://docs.oracle.com/javase/6/docs/api/java/security/PolicySpi.html
JDK8 has limited doPrivileged:
http://openjdk.java.net/projects/jdk8/features#140
I agree with Stuart and Jason that enabling JSM by default is a terrible
idea.