[
https://issues.apache.org/jira/browse/GEODE-10531?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang reassigned GEODE-10531:
------------------------------------
Assignee: Sai Boorlagadda (was: Jinwoo Hwang)
> Remove SecurityManager Usage from OSProcess.java - Java 21 Blocker
> ------------------------------------------------------------------
>
> Key: GEODE-10531
> URL: https://issues.apache.org/jira/browse/GEODE-10531
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Sai Boorlagadda
> Priority: Blocker
>
> h2. Summary
> Remove deprecated SecurityManager APIs from {{OSProcess.java}} that were
> marked for removal in Java 17 and already removed in Java 21. This issue
> blocks Java 21 migration.
> h2. Description
> The {{geode-logging}} module contains usage of {{java.lang.SecurityManager}}
> and {{System.getSecurityManager()}} APIs that have been deprecated for
> removal in Java 17 (JEP 411) and subsequently removed in Java 21.
> *Affected File:*
> {code:java}
> geode-logging/src/main/java/org/apache/geode/logging/internal/OSProcess.java:200
> {code}
> *Current Warnings:*
> {code:java}
> warning: [removal] SecurityManager in java.lang has been deprecated and
> marked for removal
> warning: [removal] getSecurityManager() in System has been deprecated and
> marked for removal
> {code}
> h2. Technical Details
> *Deprecated APIs:*
> * {{java.lang.SecurityManager}} (class)
> * {{java.lang.System.getSecurityManager()}} (method)
> *Deprecation Timeline:*
> * Deprecated: Java 17 (JEP 411 - September 2021)
> * Status: REMOVED in Java 21
> *Package:* {{org.apache.geode.logging.internal}}
> *Module:* {{geode-logging}}
> *Warning Type:* {{[removal]}}
> *Priority:* CRITICAL - Blocks Java 21 migration
> h2. Required Actions
> # Remove all {{SecurityManager}} references from {{OSProcess.java}}
> # Replace {{System.getSecurityManager()}} calls with modern security patterns
> # Refactor security checks to use alternative approaches (context-specific
> permissions, Java Security API, or application-level security)
> # Verify the code compiles with Java 17 without warnings
> # Ensure functionality is preserved after removal
> h2. How to Verify Warnings
> *Step 1:* Enable warnings in
> {{{}build-tools/scripts/src/main/groovy/warnings.gradle{}}}:
> {code:groovy}
> tasks.withType(JavaCompile) {
> options.compilerArgs << '-Xlint:unchecked' << '-Xlint:deprecation' <<
> '-Xlint:removal'
> options.deprecation = true
> }
> {code}
> *Step 2:* Build and check warnings:
> {code:bash}
> ./gradlew clean :geode-logging:compileJava --no-build-cache 2>&1 | grep
> "warning:"
> {code}
> *Step 3:* After fixing, restore original configuration:
> {code:bash}
> git checkout build-tools/scripts/src/main/groovy/warnings.gradle
> {code}
> h2. References
> * [JEP 411: Deprecate the Security Manager for
> Removal|https://openjdk.org/jeps/411]
> * [Java 17 Release Notes - Security Manager
> Deprecation|https://www.oracle.com/java/technologies/javase/17-relnote-issues.html#JDK-8199704]
> * [Migration Guide: Removing SecurityManager
> Usage|https://docs.oracle.com/en/java/javase/17/migrate/migrating-jdk-8-later-jdk-releases.html#GUID-7BB28E4D-99B3-4078-BDC4-FC24180CE82F]
> h2. Acceptance Criteria
> * All {{SecurityManager}} and {{System.getSecurityManager()}} references
> removed from {{OSProcess.java}}
> * Code compiles without {{[removal]}} warnings in Java 17
> * Code compiles successfully in Java 21
> * All existing tests pass
> * Security functionality is preserved or replaced with modern alternatives
> * No new security vulnerabilities introduced
> h2. Estimated Effort
> *Story Points:* 3
> *Time Estimate:* 2-4 hours
> h2. Impact
> *Risk:* CRITICAL - This is a Java 21 blocker. The code will not compile in
> Java 21 without this fix.
> *Scope:* 1 file, 1 location, 2 API references
> *Related Work:* Part of Java 17 warning cleanup effort (36 total warnings
> across 6 modules)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
