search

JEP 486: Permanently Disable the Security Manager

https://openjdk.org/jeps/486arrow-up-right <β€” here more info what replaces SecurityManager

Try to add 

System.setSecurityManager(new SecurityManager());

hashtag
πŸ” What the SecurityManager did

It allowed:

  • Fine-grained permission checks (file, network, reflection, etc.)

  • User-defined security policies via .policy files

  • Applet sandboxing (run untrusted code safely)

But it had major problems:

  • Too complex to configure

  • Often bypassed or misunderstood

  • Hard to test and debug

  • Didn't align with modern deployment (e.g. containers, microservices)

hashtag
βœ… What replaces it (functionally)?

Layer
Tool / Concept

OS Level

SELinux, seccomp, AppArmor

Container

Docker, Kubernetes, cgroups

JVM Level

JPMS (--limit-modules), custom agents

Build Level

JLink, JDeps to create minimized runtimes

Dev Level

Static analysis, sealed classes, final

PreviousJEP 485: Stream GatherersNextJEP 487: Scoped Values (Fourth Preview)

Last updated