Does anyone really require Serializable Permission's?
If anyone wants to serialize a Permission or PermissionCollection, it's easy enough to serialize a list of strings, then parse those strings back into Permission objects.
It has a significant negative impact on Permission implementation code, the Permission spec states Permission's should be immutable, but often they are lazily initialized, in ConcurrentPolicyFile, each Permission must be initialized following construction to ensure safe publication, however we have no control over safe publication when a Permission is used by client code in permission checks.
https://github.com/pfirmstone/jdk-with-authorization/blob/8dcb3dabba59a45d704d44135fab989031b5ad79/src/java.base/share/classes/au/zeus/jdk/authorization/policy/PermissionGrant.java#L125
Does anyone really require Serializable Permission's?
If anyone wants to serialize a Permission or PermissionCollection, it's easy enough to serialize a list of strings, then parse those strings back into Permission objects.
It has a significant negative impact on Permission implementation code, the Permission spec states Permission's should be immutable, but often they are lazily initialized, in ConcurrentPolicyFile, each Permission must be initialized following construction to ensure safe publication, however we have no control over safe publication when a Permission is used by client code in permission checks.
https://github.com/pfirmstone/jdk-with-authorization/blob/8dcb3dabba59a45d704d44135fab989031b5ad79/src/java.base/share/classes/au/zeus/jdk/authorization/policy/PermissionGrant.java#L125