We are using Java security classes in our project and in JDK 17 these are marked for removal. What is the alternative for these classes. We are using the following classes and methods in our project for Script policy security.
Security.setProperty(),
Policy.setPolicy(new ScriptPolicy(getClass().getClassLoader()));,
System.setSecurityManager(new SecurityManager());
Policies like
_groovyPermissions.add(new PropertyPermission("java.version", "read"));
_groovyPermissions.add(new PropertyPermission("java.vm.name", "read"));
_groovyPermissions.add(new PropertyPermission("groovy.*", "read"));
As per JDK 17 migration "https://docs.oracle.com/en/java/javase/17/migrate/migrating-jdk-8-later-jdk-releases.html#GUID-7DACC239-E71D-4B89-B582-201EA7CEBC38"
There is no alternative yet.
public class ScriptPolicy extends Policy
and
From this method, we are getting permissions.
protected void _addStaticPermissions()
{
_groovyPermissions.add(new PropertyPermission("java.version", "read"));
_groovyPermissions.add(new PropertyPermission("java.vm.name", "read"));
_groovyPermissions.add(new PropertyPermission("groovy.*", "read"));
}
This is the code where we assign the permissions to Policy.
if (System.getSecurityManager() == null) {
String restricted = Security.getProperty("package.access");
Security.setProperty("package.access",
restricted + "com.xyz");
Policy.setPolicy(new ScriptPolicy(getClass().getClassLoader()));
System.setSecurityManager(new SecurityManager());
}
Here some Java security classes, including policy, security, and SecurityManager, have been chosen for removal in JDK 17. The JDK does not presently offer a direct substitute for these classes. You can fix this by investigating third-party security libraries, which provide a variety of security features, such as Apache Shiro, Spring Security, or OWASP Java Encoder. These libraries might offer different ways to implement property rights, script policy security, and other security management features in your project.
I hope this can help you to get some solution in your project.