RFR 8191139: Remove deprecated javax.security.auth.Policy API

Sean Mullan sean.mullan at oracle.com
Fri Mar 2 18:52:35 UTC 2018

In the related CSR, you should also list the system/security properties 
that were only used with javax.security.auth.Policy and therefore are no 
longer necessary:

1. auth.policy.provider
2. cache.auth.policy (seems to have never been documented but I found a 
reference to it in some old IBM javadocs).
3. java.security.auth.policy
4. auth.policy.url.

For the 3rd/4th ones above, there is still some code in 
sun.security.provider.PolicyFile that looks for it, so it can be removed 
as part of this change now. Can you remove that and send an updated webrev?


On 2/24/18 4:15 AM, Weijun Wang wrote:
> Please take a review at
>    8191139: Remove deprecated javax.security.auth.Policy API
>    http://cr.openjdk.java.net/~weijun/8191139/webrev.00/
> Thanks
> Max

More information about the security-dev mailing list