Java
  • Java Workshops
    • JEPS
      • JEP 286: Local-Variable Type Inference
      • JEP 404: Generational Shenandoah
      • JEP 450 : Compact Object Headers i
      • JEP 472 : Prepare to Restrict the Use of JNI
      • JEP 475 : Late Barrier Expansion for G1
      • JEP 478 : Key Derivation Function API
      • JEP 479: Remove the Windows 32-bit x86 Port
      • JEP 483: Ahead-of-Time Class Loading & Linking
      • JEP 484: Class-File API
      • JEP 485: Stream Gatherers
      • JEP 486: Permanently Disable the Security Manager
      • JEP 487: Scoped Values (Fourth Preview)
      • JEP 488: Primitive Types in Patterns, instanceof, and switch (Second Preview)
      • JEP 489: Vector API (Ninth Incubator)
      • JEP 490: ZGC: Remove the Non-Generational Mode
      • JEP 491: Synchronize Virtual Threads without Pinning
      • JEP 492: Flexible Constructor Bodies (Third Preview)
      • JEP 494: Module Import Declarations (Second Preview)
      • JEP 495: Simple Source Files and Instance Main Methods (Fourth Preview)
      • JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
      • JEP 497: Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm
      • JEP 499: Structured Concurrency
      • JEP 501: Deprecate the 32-bit x86 Port for Removal
    • TODO
    • Workshops
      • JDK24 workshop
Powered by GitBook
On this page
  • 🔍 What the SecurityManager did
  • ✅ What replaces it (functionally)?
  1. Java Workshops
  2. JEPS

JEP 486: Permanently Disable the Security Manager

PreviousJEP 485: Stream GatherersNextJEP 487: Scoped Values (Fourth Preview)

Last updated 6 days ago

<— here more info what replaces SecurityManager

Try to add 

System.setSecurityManager(new SecurityManager());

🔍 What the SecurityManager did

It allowed:

  • Fine-grained permission checks (file, network, reflection, etc.)

  • User-defined security policies via .policy files

  • Applet sandboxing (run untrusted code safely)

But it had major problems:

  • Too complex to configure

  • Often bypassed or misunderstood

  • Hard to test and debug

  • Didn't align with modern deployment (e.g. containers, microservices)

✅ What replaces it (functionally)?

Layer
Tool / Concept

OS Level

SELinux, seccomp, AppArmor

Container

Docker, Kubernetes, cgroups

JVM Level

JPMS (--limit-modules), custom agents

Build Level

JLink, JDeps to create minimized runtimes

Dev Level

Static analysis, sealed classes, final

https://openjdk.org/jeps/486