Create a statement for EE10 and beyond regarding deprecation of SE SecurityManager #406
Labels
EE10
Issues being targeted for EE 10 platform specs
Comments
|
Example of problematic usage in an API (Jakarta REST as an example here) that will prevent the API to be consumable on the JDK where the Security Manager is removed. The below already causes many warnings on JDK 17: jakartaee/rest@08e4014#diff-57262a7b10c15465abcec01c609351e87fab25a4cbd548305df98416a5860133R189 cc @spericas |
|
As this breaks customers running with a new version of Java I disagree with deprecation and removal route mentioned above. It should be handled as TCK challenges against EE 8 and EE 9 and those tests should be excluded for those versions. And for EE 10+ those tests should immediately be removed. And for EE 8 and EE 9 errata statements should be made so a vendor is free to remove the functionality in their implementations. And for EE 10+ this functionality should not exist. |
This was referenced Sep 10, 2021
|
@mnriem I am implying removal of the SecurityManager related TCK tests in EE10 by the statement that "Removing TCK tests related to the SecurityManager would be another level.", meaning, another level of action to take in EE10. |
|
@starksm64 Thanks for the clarification. Note I have filed separate TCK challenges for EE 8 and EE 9 as this goes beyond the scope of just EE 10+. |
|
Here is a shared document for the statement: https://docs.google.com/document/d/1rZqimXJvkfFMxx_nxJ61buiTMcwhsWVVpXT65pjZzgI/edit?usp=sharing |
|
A WildFly user had created a thread in the OpenJDK security-dev list asking about what support the JVM would be providing for the removed features: It seems that the platform team needs to evaluate what are user usecases that would require some support at the JVM level because they could not easily be replaced. The concern is that Jakarta EE has users making use of the security manager, and the platform team needs to provide feedback to the OpenJDK team with regard to uses they may not have awareness of. |
Perhaps this needs to be looked at, and investigated why exactly a minimal OS in a virtual server, running the AS with a user with minimal privileges, and a restricted number of outgoing ports and hosts (outgoing firewall) can not do this. The concerns themselves as reported seem absolutely valid, there's no question about that. But just anecdotal in my own experience for the my own use cases I've always been able to mitigate those concerns using the above strategy. |
|
I'm sure that could be a way to mitigate the loss of the SecurityManager, but the problem is that Java EE/Jakarta EE have advocated the SecurityManager for decades and, the deployment environment and its configuration have never been part of EE. Users are rightly thinking WTF, you said the SecurityManager was a way to achieve more security, and now your expecting me to have non-portable cloud/OS configuration take care of this? This is definitely a rug pull move. The other mismatch in expectations that I feel EE still promotes is the notion of layers of trusted code where you have an application server that is trusted, and user code that has less trust. It is coming from the now outdated multi-tenancy notions of running an app server. AC.doPriviledged(...) is at the heart of this. |
|
In my opinion - I would kill it soon, because years ago I had to edit the policy file of SGES/SJAS9/GF even to make it work without exceptions (we used cluster, huge system); later we just disabled it, there was always 'yet something'. If we want a better security, we should at least use more QA checks (any usable, SpotBugs, SonarQube, PMD, basic Checkstyle ...) and fix all issues. Improve test coverage, etc. It is a huge amount of work, but I believe with much better effect on security (and everything) than maintaining SecurityManager forever. |
|
Candidate statement on deprecation of the SM for removal post EE10: |
|
This statement will incorporate #460 |
starksm64
added a commit
to starksm64/jakartaee-platform
that referenced
this issue
May 3, 2022
Signed-off-by: Scott M Stark <[email protected]>
|
We have added a statement that the SecurityManager is deprecated for removal as of EE10. |
edburns
pushed a commit
to azure-javaee/jakartaee-platform
that referenced
this issue
Mar 4, 2024
Signed-off-by: Kevin Sutter <[email protected]> Initial draft outline of the core profile specification Signed-off-by: Scott M Stark <[email protected]> Fix typo in CDI lite reference Signed-off-by: Scott M Stark <[email protected]> Initial draft outline of the core profile specification (jakartaee#356) * Initial draft outline of the core profile specification Signed-off-by: Scott M Stark <[email protected]> * Fix typo in CDI lite reference Signed-off-by: Scott M Stark <[email protected]> Prepare next development version (jakartaee#366) Signed-off-by: Ivar Grimstad <[email protected]> removal of managed beans spec content and build process Signed-off-by: Kevin Sutter <[email protected]> PNG to SVG images format conversion. Signed-off-by: Dmitri Cherkas <[email protected]> 1) Figure 5 converted from PNG to SVG, 2) margin of 5 mm is added to Figure 4, 3) Elements are aligned. Signed-off-by: Dmitri Cherkas <[email protected]> 1) Figure 6 converted from PNG to SVG, 2) error corrected in Figure 5. Signed-off-by: Dmitri Cherkas <[email protected]> Figure 7 in SVG format. Signed-off-by: Dmitri Cherkas <[email protected]> Figure 8 in SVG format. Signed-off-by: Dmitri Cherkas <[email protected]> References in the spec from png to svg are updated as requested. Signed-off-by: Dmitri Cherkas <[email protected]> JavaEEapplication_schema.svg conversion Signed-off-by: Dmitri Cherkas <[email protected]> JavaEEapplication_schema.svg errata corrige and other 3 images converted. Signed-off-by: Dmitri Cherkas <[email protected]> JavaEEapplication_schema.svg errata corrige and other 3 images converted. Signed-off-by: Dmitri Cherkas <[email protected]> JavaEEapplication-client_schema.svg errata corrige. Signed-off-by: Dmitri Cherkas <[email protected]> The next images convertion done. Signed-off-by: Dmitri Cherkas <[email protected]> Last images (Platform_Spec-24.svg, Platform_Spec-23.svg, Platform_Spec-21.svg, JavaEEapplication_DTD.svg) converted. Signed-off-by: Dmitri Cherkas <[email protected]> 1) Errata corrige for images 22, 23, 24; 2) all of the doc references updated to point at the svg files instead of the png files. Signed-off-by: Dmitri Cherkas <[email protected]> Begin work on the EE 10.0 specs Update asciidoc related dependencies, clean up warnings and add coreprofile spec generation Set version to 10.0 Signed-off-by: Scott M Stark <[email protected]> Remove applet requirements, jakartaee#298 Change Java SE 8 references to Java SE 11, jakartaee#331 Signed-off-by: Scott M Stark <[email protected]> Address comments from @kazumura Signed-off-by: Scott M Stark <[email protected]> Remove applet requirements, jakartaee#298, update Java SE jakartaee#331 (jakartaee#417) * Remove applet requirements, jakartaee#298 Change Java SE 8 references to Java SE 11, jakartaee#331 Signed-off-by: Scott M Stark <[email protected]> * Address comments from @kazumura Signed-off-by: Scott M Stark <[email protected]> Remove the Applet container from the diagram, jakartaee#298 Signed-off-by: starksm64 <[email protected]> Remove applet container from interoperability diagram Signed-off-by: starksm64 <[email protected]> Remove the managed bean spec generation that was readded in a PR merge. Signed-off-by: starksm64 <[email protected]> Fix the out of date img references that had been converted to svg, jakartaee#435 Signed-off-by: starksm64 <[email protected]> Various errata corriges. Signed-off-by: Dmitri Cherkas <[email protected]> Broken line at the start of 8.3. Class Loading Requirements paragraph. Signed-off-by: Dmitri Cherkas <[email protected]> Broken line at the end of 8.3.3. paragraph Signed-off-by: Dmitri Cherkas <[email protected]> Two errata corrige: 'Jakarta instead of Jaav' and '_multitier applications_' istead of 'multitier __ applications' Signed-off-by: Dmitri Cherkas <[email protected]> Update documentation regarding Java SE base level Start a dependency graph section in the specs Signed-off-by: starksm64 <[email protected]> Correct authentication label Signed-off-by: starksm64 <[email protected]> Add ejb, jta child dependencies Signed-off-by: starksm64 <[email protected]> Label cdi -> {jta, ejb} dependency with javadoc Signed-off-by: starksm64 <[email protected]> Update web profile dependencies to latest versions Signed-off-by: Scott M Stark <[email protected]> First pass at removing core profile requirements, jakartaee#413 Signed-off-by: starksm64 <[email protected]> Add clarification from ksutter. Signed-off-by: starksm64 <[email protected]> Move the JNDI/JTA requirements from Platform profiles section to Web profile Signed-off-by: starksm64 <[email protected]> Address comment from Edwin Signed-off-by: Scott M Stark <[email protected]> Further simplifications Signed-off-by: Scott M Stark <[email protected]> Update specification versions and related documents Signed-off-by: Scott M Stark <[email protected]> Add Jakarta Concurrency 3.0 Signed-off-by: Scott M Stark <[email protected]> Add Jakarta Concurrency Specification 3.0 to related docs Signed-off-by: Scott M Stark <[email protected]> Statement for jakartaee#460, jakartaee#406 Signed-off-by: Scott M Stark <[email protected]> Make the last paragraph a decision statement Signed-off-by: Scott M Stark <[email protected]> Add a future statement regarding JPMS, make clear there are no requirements currently jakartaee#425 Signed-off-by: Scott M Stark <[email protected]> Refine module-info.class description to clarify they are not standard Clarify vendor module-info.class contents can be different and may conflict with those in the spec project API jars. Add a statement about restrictions of using the jakarta package namespace, jakartaee#457 Signed-off-by: Scott M Stark <[email protected]> Just talk about the jakarta package name restrictions. Signed-off-by: Scott M Stark <[email protected]> Minor updates to core profile Signed-off-by: Scott M Stark <[email protected]> Link to working group about page Signed-off-by: Scott M Stark <[email protected]> Address some comments about core profile spec doc Signed-off-by: Scott M Stark <[email protected]> Fix the CDI spec link as there is no separate CDI Lite spec. Signed-off-by: Scott M Stark <[email protected]> Update the component spec versions Signed-off-by: Scott M Stark <[email protected]> Breakout the copyright section to a new document, jakartaee#499 Signed-off-by: Scott M Stark <[email protected]> Address review comments Signed-off-by: Scott M Stark <[email protected]> Order included specs by name drop the managed bean spec Signed-off-by: Scott M Stark <[email protected]> Minor updates to web profile and platform spec Signed-off-by: Scott M Stark <[email protected]> The requirements were really optional behaviors from other specs, so reorg those and add that CDI Java SE is not a requirement. Signed-off-by: Scott M Stark <[email protected]> Correct sorted ordering of required components Signed-off-by: Scott M Stark <[email protected]> Better ordering Signed-off-by: Scott M Stark <[email protected]> Address comments from scottmarlow Signed-off-by: Scott M Stark <[email protected]> Note managed beans are deprecated for removal, jakartaee#502 Signed-off-by: Scott M Stark <[email protected]> Follow through on removal of entity beans and embeddable EJB container Signed-off-by: Scott M Stark <[email protected]> Updated removed list to the EE 10 candidates Signed-off-by: Scott M Stark <[email protected]> Add Connectors 2.1 to to the list Update platform-spec.adoc (jakartaee#506) We added this commemoration for Jakarta EE 9. I guess it is appropriate to take it out from Jakarta EE 10 Update ApplicationProgrammingInterface.adoc Remove version numbers, provide reference to Application Programming Interface chapter for specific versions. Fixed Security Spec. name. Noted Web Services Metadata is moved to XML Web Services. Remove SOAP with Attachments version from table Order specifications alphabetically to match Profiles ordering Rename Server Pages Debugging to Debugging Support for Other Languages Signed-off-by: Scott M Stark <[email protected]> Address TBDs in platform spec Signed-off-by: Scott M Stark <[email protected]> Include the removed tech in the changes Signed-off-by: Scott M Stark <[email protected]> Address jakartaee#567, fix old specification version references. Signed-off-by: Scott M Stark <[email protected]> update profile names in CCR request template (jakartaee#649) Add a tck challenge template Simplifying spec generation switch to Asciidcotor pdf generation (remove docbook). Twick licence blocks to have a nice pdf version CDI-538 Section 3.8 on CDI 1.2 spec javax.security.Principal (now in 17.8) CDI-416 Typo on @PersistencContext Fix minor grammar mistakes Introduce new ref in EE for TCK Fix interceptors_ee.asciidoc file name. Cleaning source asciidoc files to have one sentence per line Migrating to Asciidoctor 1.5+ notation CDI-553 move notion of "security context" to EE part. CDI-545 observers can be only local bussines method. CDI-569 Add @ObservesAsync where the spec mention @observes Correct sources to match one sentence per line CDI-571 producer and disposer methods can be only local bussines method of EJB. (jakartaee#284) Correcting typos on Asciidoctor links CDI-555 remove the outdated wording linked to previous Java SE boot api CDI-500 Clarify @Intercepted bean metadata injection for EE components (jakartaee#318) additional fix - missing chapter id. (jakartaee#325) CDI-625 Make it clear when exactly are context init/destroy events fired (jakartaee#303) - add @BeforeDestroyed Few language updates (jakartaee#329) Nice to see text reviewer ;). Thx @tremes. CDI-667 introduce new chapter for trimmed bean archive in Java EE. (jakartaee#368) Cleaning Javadoc and typos remove unused import minor syntax update to java 8 CDI-495 What happens if an illegal bean type is found in the set of bean types (jakartaee#363) CDI-689 Typo or unclear message in 24.1.2 (jakartaee#382) CDI-690 Request Context Clarification (jakartaee#385) Clarify in core when request context is active, and change verbiage a bit to align to common term of context. change from javax.* to jakarta.* (jakartaee#414) Signed-off-by: Scott Marlow <[email protected]> Jakartify (jakartaee#444) * Jakartify definition Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify decorators Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify events Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify implementation Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify inheritance Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify inject Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify interceptors Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify intro Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify lifecycle Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify packaging Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify scopes Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify spi Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify core packaging Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify core spi Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify inject Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify resolution Signed-off-by: Ivar Grimstad <[email protected]> * Fix javax.* references to jakarta.* Signed-off-by: Ivar Grimstad <[email protected]> * Fix javax.annotation.ManagedBean reference in javadoc to jakarta.annotation.ManagedBean Signed-off-by: Ivar Grimstad <[email protected]> Fix the javax.servlet package usage Signed-off-by: Scott M Stark <[email protected]> Removal of deprecated APIs: BeanManager.fireEvent() Removal of deprecated APIs: @New comprehensive review and various Lite/Full split changes Rename files and chapter refereces to align with rest of the specification Bump CDI version to 4.1 and place EL integration API in a new supplemental artifact (jakartaee#644) * Fix remnants of BeanManager.fireEvent() removal * Centralize common Maven properties in the parent POM * Fix EL import version in bundle metadata * Bump CDI version to 4.1 * Place the EL integration API to ELAwareBeanManager in a new supplemental API artifact The existing EL integration API in `BeanManager` is deprecated for removal. Remove references to the removed jakarta.annotation.ManagedBean jakartaee#750 Signed-off-by: Scott M Stark <[email protected]> Move the CDI EE integration spec requirements to a new cdi-ee-spec directory Signed-off-by: Scott M Stark <[email protected]> The initial migration of the CDI component specification EE integration requirements, jakartaee#837 Signed-off-by: Scott M Stark <[email protected]> Add an approach to correct the missing cross-references. Signed-off-by: Scott M Stark <[email protected]> Add an approach to correct the missing cross-references. Signed-off-by: Scott M Stark <[email protected]>
edburns
added a commit
that referenced
this issue
Mar 29, 2024
* Managed Beans version should be 2.1-SNAPSHOT Signed-off-by: Kevin Sutter <[email protected]> Initial draft outline of the core profile specification Signed-off-by: Scott M Stark <[email protected]> Fix typo in CDI lite reference Signed-off-by: Scott M Stark <[email protected]> Initial draft outline of the core profile specification (#356) * Initial draft outline of the core profile specification Signed-off-by: Scott M Stark <[email protected]> * Fix typo in CDI lite reference Signed-off-by: Scott M Stark <[email protected]> Prepare next development version (#366) Signed-off-by: Ivar Grimstad <[email protected]> removal of managed beans spec content and build process Signed-off-by: Kevin Sutter <[email protected]> PNG to SVG images format conversion. Signed-off-by: Dmitri Cherkas <[email protected]> 1) Figure 5 converted from PNG to SVG, 2) margin of 5 mm is added to Figure 4, 3) Elements are aligned. Signed-off-by: Dmitri Cherkas <[email protected]> 1) Figure 6 converted from PNG to SVG, 2) error corrected in Figure 5. Signed-off-by: Dmitri Cherkas <[email protected]> Figure 7 in SVG format. Signed-off-by: Dmitri Cherkas <[email protected]> Figure 8 in SVG format. Signed-off-by: Dmitri Cherkas <[email protected]> References in the spec from png to svg are updated as requested. Signed-off-by: Dmitri Cherkas <[email protected]> JavaEEapplication_schema.svg conversion Signed-off-by: Dmitri Cherkas <[email protected]> JavaEEapplication_schema.svg errata corrige and other 3 images converted. Signed-off-by: Dmitri Cherkas <[email protected]> JavaEEapplication_schema.svg errata corrige and other 3 images converted. Signed-off-by: Dmitri Cherkas <[email protected]> JavaEEapplication-client_schema.svg errata corrige. Signed-off-by: Dmitri Cherkas <[email protected]> The next images convertion done. Signed-off-by: Dmitri Cherkas <[email protected]> Last images (Platform_Spec-24.svg, Platform_Spec-23.svg, Platform_Spec-21.svg, JavaEEapplication_DTD.svg) converted. Signed-off-by: Dmitri Cherkas <[email protected]> 1) Errata corrige for images 22, 23, 24; 2) all of the doc references updated to point at the svg files instead of the png files. Signed-off-by: Dmitri Cherkas <[email protected]> Begin work on the EE 10.0 specs Update asciidoc related dependencies, clean up warnings and add coreprofile spec generation Set version to 10.0 Signed-off-by: Scott M Stark <[email protected]> Remove applet requirements, #298 Change Java SE 8 references to Java SE 11, #331 Signed-off-by: Scott M Stark <[email protected]> Address comments from @kazumura Signed-off-by: Scott M Stark <[email protected]> Remove applet requirements, #298, update Java SE #331 (#417) * Remove applet requirements, #298 Change Java SE 8 references to Java SE 11, #331 Signed-off-by: Scott M Stark <[email protected]> * Address comments from @kazumura Signed-off-by: Scott M Stark <[email protected]> Remove the Applet container from the diagram, #298 Signed-off-by: starksm64 <[email protected]> Remove applet container from interoperability diagram Signed-off-by: starksm64 <[email protected]> Remove the managed bean spec generation that was readded in a PR merge. Signed-off-by: starksm64 <[email protected]> Fix the out of date img references that had been converted to svg, #435 Signed-off-by: starksm64 <[email protected]> Various errata corriges. Signed-off-by: Dmitri Cherkas <[email protected]> Broken line at the start of 8.3. Class Loading Requirements paragraph. Signed-off-by: Dmitri Cherkas <[email protected]> Broken line at the end of 8.3.3. paragraph Signed-off-by: Dmitri Cherkas <[email protected]> Two errata corrige: 'Jakarta instead of Jaav' and '_multitier applications_' istead of 'multitier __ applications' Signed-off-by: Dmitri Cherkas <[email protected]> Update documentation regarding Java SE base level Start a dependency graph section in the specs Signed-off-by: starksm64 <[email protected]> Correct authentication label Signed-off-by: starksm64 <[email protected]> Add ejb, jta child dependencies Signed-off-by: starksm64 <[email protected]> Label cdi -> {jta, ejb} dependency with javadoc Signed-off-by: starksm64 <[email protected]> Update web profile dependencies to latest versions Signed-off-by: Scott M Stark <[email protected]> First pass at removing core profile requirements, #413 Signed-off-by: starksm64 <[email protected]> Add clarification from ksutter. Signed-off-by: starksm64 <[email protected]> Move the JNDI/JTA requirements from Platform profiles section to Web profile Signed-off-by: starksm64 <[email protected]> Address comment from Edwin Signed-off-by: Scott M Stark <[email protected]> Further simplifications Signed-off-by: Scott M Stark <[email protected]> Update specification versions and related documents Signed-off-by: Scott M Stark <[email protected]> Add Jakarta Concurrency 3.0 Signed-off-by: Scott M Stark <[email protected]> Add Jakarta Concurrency Specification 3.0 to related docs Signed-off-by: Scott M Stark <[email protected]> Statement for #460, #406 Signed-off-by: Scott M Stark <[email protected]> Make the last paragraph a decision statement Signed-off-by: Scott M Stark <[email protected]> Add a future statement regarding JPMS, make clear there are no requirements currently #425 Signed-off-by: Scott M Stark <[email protected]> Refine module-info.class description to clarify they are not standard Clarify vendor module-info.class contents can be different and may conflict with those in the spec project API jars. Add a statement about restrictions of using the jakarta package namespace, #457 Signed-off-by: Scott M Stark <[email protected]> Just talk about the jakarta package name restrictions. Signed-off-by: Scott M Stark <[email protected]> Minor updates to core profile Signed-off-by: Scott M Stark <[email protected]> Link to working group about page Signed-off-by: Scott M Stark <[email protected]> Address some comments about core profile spec doc Signed-off-by: Scott M Stark <[email protected]> Fix the CDI spec link as there is no separate CDI Lite spec. Signed-off-by: Scott M Stark <[email protected]> Update the component spec versions Signed-off-by: Scott M Stark <[email protected]> Breakout the copyright section to a new document, #499 Signed-off-by: Scott M Stark <[email protected]> Address review comments Signed-off-by: Scott M Stark <[email protected]> Order included specs by name drop the managed bean spec Signed-off-by: Scott M Stark <[email protected]> Minor updates to web profile and platform spec Signed-off-by: Scott M Stark <[email protected]> The requirements were really optional behaviors from other specs, so reorg those and add that CDI Java SE is not a requirement. Signed-off-by: Scott M Stark <[email protected]> Correct sorted ordering of required components Signed-off-by: Scott M Stark <[email protected]> Better ordering Signed-off-by: Scott M Stark <[email protected]> Address comments from scottmarlow Signed-off-by: Scott M Stark <[email protected]> Note managed beans are deprecated for removal, #502 Signed-off-by: Scott M Stark <[email protected]> Follow through on removal of entity beans and embeddable EJB container Signed-off-by: Scott M Stark <[email protected]> Updated removed list to the EE 10 candidates Signed-off-by: Scott M Stark <[email protected]> Add Connectors 2.1 to to the list Update platform-spec.adoc (#506) We added this commemoration for Jakarta EE 9. I guess it is appropriate to take it out from Jakarta EE 10 Update ApplicationProgrammingInterface.adoc Remove version numbers, provide reference to Application Programming Interface chapter for specific versions. Fixed Security Spec. name. Noted Web Services Metadata is moved to XML Web Services. Remove SOAP with Attachments version from table Order specifications alphabetically to match Profiles ordering Rename Server Pages Debugging to Debugging Support for Other Languages Signed-off-by: Scott M Stark <[email protected]> Address TBDs in platform spec Signed-off-by: Scott M Stark <[email protected]> Include the removed tech in the changes Signed-off-by: Scott M Stark <[email protected]> Address #567, fix old specification version references. Signed-off-by: Scott M Stark <[email protected]> update profile names in CCR request template (#649) Add a tck challenge template Simplifying spec generation switch to Asciidcotor pdf generation (remove docbook). Twick licence blocks to have a nice pdf version CDI-538 Section 3.8 on CDI 1.2 spec javax.security.Principal (now in 17.8) CDI-416 Typo on @PersistencContext Fix minor grammar mistakes Introduce new ref in EE for TCK Fix interceptors_ee.asciidoc file name. Cleaning source asciidoc files to have one sentence per line Migrating to Asciidoctor 1.5+ notation CDI-553 move notion of "security context" to EE part. CDI-545 observers can be only local bussines method. CDI-569 Add @ObservesAsync where the spec mention @observes Correct sources to match one sentence per line CDI-571 producer and disposer methods can be only local bussines method of EJB. (#284) Correcting typos on Asciidoctor links CDI-555 remove the outdated wording linked to previous Java SE boot api CDI-500 Clarify @Intercepted bean metadata injection for EE components (#318) additional fix - missing chapter id. (#325) CDI-625 Make it clear when exactly are context init/destroy events fired (#303) - add @BeforeDestroyed Few language updates (#329) Nice to see text reviewer ;). Thx @tremes. CDI-667 introduce new chapter for trimmed bean archive in Java EE. (#368) Cleaning Javadoc and typos remove unused import minor syntax update to java 8 CDI-495 What happens if an illegal bean type is found in the set of bean types (#363) CDI-689 Typo or unclear message in 24.1.2 (#382) CDI-690 Request Context Clarification (#385) Clarify in core when request context is active, and change verbiage a bit to align to common term of context. change from javax.* to jakarta.* (#414) Signed-off-by: Scott Marlow <[email protected]> Jakartify (#444) * Jakartify definition Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify decorators Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify events Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify implementation Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify inheritance Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify inject Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify interceptors Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify intro Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify lifecycle Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify packaging Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify scopes Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify spi Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify core packaging Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify core spi Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify inject Signed-off-by: Ivar Grimstad <[email protected]> * Jakartify resolution Signed-off-by: Ivar Grimstad <[email protected]> * Fix javax.* references to jakarta.* Signed-off-by: Ivar Grimstad <[email protected]> * Fix javax.annotation.ManagedBean reference in javadoc to jakarta.annotation.ManagedBean Signed-off-by: Ivar Grimstad <[email protected]> Fix the javax.servlet package usage Signed-off-by: Scott M Stark <[email protected]> Removal of deprecated APIs: BeanManager.fireEvent() Removal of deprecated APIs: @New comprehensive review and various Lite/Full split changes Rename files and chapter refereces to align with rest of the specification Bump CDI version to 4.1 and place EL integration API in a new supplemental artifact (#644) * Fix remnants of BeanManager.fireEvent() removal * Centralize common Maven properties in the parent POM * Fix EL import version in bundle metadata * Bump CDI version to 4.1 * Place the EL integration API to ELAwareBeanManager in a new supplemental API artifact The existing EL integration API in `BeanManager` is deprecated for removal. Remove references to the removed jakarta.annotation.ManagedBean #750 Signed-off-by: Scott M Stark <[email protected]> Move the CDI EE integration spec requirements to a new cdi-ee-spec directory Signed-off-by: Scott M Stark <[email protected]> The initial migration of the CDI component specification EE integration requirements, #837 Signed-off-by: Scott M Stark <[email protected]> Add an approach to correct the missing cross-references. Signed-off-by: Scott M Stark <[email protected]> Add an approach to correct the missing cross-references. Signed-off-by: Scott M Stark <[email protected]> * On branch edburns-msft-redhat-cdi-integration-838 WIP Your branch is up to date with 'origin/edburns-msft-redhat-cdi-integration-838'. Changes to be committed: (use "git restore --staged <file>..." to unstage) new file: specification/src/main/asciidoc/shared-includes/IntegrationRequirements.adoc Changes not staged for commit: (use "git add/rm <file>..." to update what will be committed) (use "git restore <file>..." to discard changes in working directory) modified: specification/pom.xml deleted: specification/src/main/asciidoc/platform/IntegrationRequirements.adoc modified: specification/src/main/asciidoc/platform/Platform.adoc modified: specification/src/main/asciidoc/webprofile/WebProfile.adoc Signed-off-by: Ed Burns <[email protected]> * On branch edburns-msft-redhat-cdi-integration-838 Addresses #855 (review) from @arjantijms modified: specification/src/main/asciidoc/platform/cdi-ee-spec/implementation_ee.adoc Move this text to jakartaee/security#323 . Signed-off-by: Ed Burns <[email protected]> * On branch edburns-msft-redhat-cdi-integration-838 Put back the JTA related buitlt-in bean. modified: specification/src/main/asciidoc/platform/cdi-ee-spec/implementation_ee.adoc Signed-off-by: Ed Burns <[email protected]> --------- Signed-off-by: Scott M Stark <[email protected]> Signed-off-by: Ed Burns <[email protected]> Co-authored-by: Kevin Sutter <[email protected]> Co-authored-by: Ed Burns <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With the upcoming deprecation and ultimate remove of the java.lang.SecurityManager and most related APIs as described in: https://openjdk.java.net/jeps/411, we need a direction statement to guide specification teams.
Deprecation in EE10 with removal in EE11 would be one obvious choice. Removing TCK tests related to the SecurityManager would be another level.
The text was updated successfully, but these errors were encountered: