Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Lift minimum JDK version to 21 and remove SecurityManager#2214

Open
holgerfriedrich wants to merge 3 commits intoapache:main from
holgerfriedrich:pr-secmgr-removal
Open

Lift minimum JDK version to 21 and remove SecurityManager #2214
holgerfriedrich wants to merge 3 commits intoapache:main from
holgerfriedrich:pr-secmgr-removal

Conversation

@holgerfriedrich
Copy link
Contributor

@holgerfriedrich holgerfriedrich commented Dec 30, 2025
edited
Loading

This is a first step to prepare the 4.5 branch for running with Java 25.
Starting Karaf in Java 25 does not yet work, as a few functions related to the SecurityManager have been deprecated long time ago and cannot be activated any longer via command line switches.
As a new API has been added in Java 18, I for new lift the minimum required version to Java 21 (LTS).

Maybe this is not the way to go - as there has been some discussions if we could introduce an abstraction layer to allow Java 17 as well.

  • Lift minimum JDK version to 21
  • Remove occurrences of SecurityManager, as getSecurityManager returns
    null since JDK 18
  • (削除) Disable JavaSecurityTest, Rework JavaSecurityTest #2082 (削除ここまで)
  • Enable verbose deprecation warnings
  • Replace getSubject and doAs calls
    ** getSubject can no longer be activated via JRE command line as
    SecurityManager has been removed in JDK 25.
    A replacement is available since Java 21.
    ** doAs was deprecated and is replaced by callAll.

For Java 25, another set of modifications is still needed and will be submitted as another PR.
Locally, I got Karaf compiling, passing the tests, and starting with Java 25. 🥳

@jbonofre jbonofre self-requested a review December 31, 2025 05:20
<libraries>
</libraries>
<javase>17</javase>
<javase>21</javase>
Copy link
Member

@jbonofre jbonofre Jan 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's require change on the karaf-maven-plugin and dependencies. I will create another PR (as planned) to tackle that.

holgerfriedrich reacted with thumbs up emoji
import static org.ops4j.pax.exam.CoreOptions.maven;
import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.*;

@Ignore("Disabled due to removal of SecurityManager. ref Apache Karaf GitHub issue #2082")
Copy link
Member

@jbonofre jbonofre Jan 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather remove the test (to avoid confusion) or refactor it instead of ignoring it.

Copy link
Contributor Author

@holgerfriedrich holgerfriedrich Jan 1, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, if I just remove the SecurityManager assertion, the test completes.
I am not sure if I get completely what this test was intended for (it checks that all bundles come up after applying a specific config - but how this was related to SecurityManager, I still don't get).

I pushed the change to ignore that no SecurityManager is there.

Copy link
Contributor Author

@jbonofre is there anying else open I should address?

Copy link
Member

jbonofre commented Jan 9, 2026

@holgerfriedrich I think this PR is pretty good, it just needs dependent PRs. I will tackle that.

* Lift minimum JDK version to 21
* Remove occurrences of SecurityManager, as getSecurityManager returns
 null since JDK 18
* Disable JavaSecurityTest, apache#2082
* Enable verbose deprecation warnings
Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
getSubject can no longer be activated via JRE command line as
SecurityManager has been removed in JDK 25.
A replacement is available since Java 21.
doAs was deprecated and is replaced by callAll.
Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
Signed-off-by: Holger Friedrich <mail@holger-friedrich.de>
Copy link
Member

@holgerfriedrich do you mind to share your email address with me ? I just realize that you didn't subscribe on the dev mailing list, and you are not on The ASF slack Karaf channel. Thanks !

holgerfriedrich reacted with thumbs up emoji

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbonofre jbonofre jbonofre left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Comments

AltStyle によって変換されたページ (->オリジナル) /