Peter Firmstone

Featured Author

I'm a family man who lives in Australia, we own and operate a small engineering company.

Stable, Secure, and Affordable Java

Azul Platform Core is the #1 Oracle Java alternative, offering OpenJDK support for more versions (including Java 6 & 7) and more configurations for the greatest business value and lowest TCO.

Jakarta EE 11: Beyond the Era of Java EE

This user guide provides a brief history of Java EE/Jakarta EE and a detailed overview of some of the specifications that will be updated in Jakarta EE 11.

Promoted Content

Step up your coding with the Continuous Feedback Udemy Course: Additional coupons are available

What do you know about the code changes that were just introduced into the codebase? When will you notice if something goes wrong?

Likes 0

Comments 4

Shares 0

Articles 2

Views 15,3K

JEP 411: What it Means for Java’s Security Model and Why You Should Apply the Principle of Least Privilege

Java, like most platforms or languages has layers of security. This article intends to look at Java's Authorization layer, which is unlike in other languages. We will also distinguish between two different ways this layer is typically utilized and why one is effective while the other isn't. Furthermore, we investigate why JEP 411 only considers the least effective method and hopefully we will increase awareness of the Principle of Least Privilege as it is applied to Java Authorization, improve adoption and encourage people to take advantage of the improved security it provides. We hope to prolong its support and possibly even improve it in future.

Jun 03 8,5K

Peter Firmstone

JEPs

Security

The Principle of Least Privilege and How JEP 411 Will Have a Negative Impact on Java Security

The SecurityManager and associated infrastructure are the foundations upon which to build secure software, but by themselves are insufficient for limiting users and Java software to the principles of least privilege.

JEP 411 removes the SecurityManager and AccessController.

In doing so, your library code will be able to run with the full permissions of its Java process, which is the same as running with none of the permission checks that were used to harden Java’s API.

If an attacker breaks into your Java process via some other vulnerability, they will be able to load their own byte codes, and pretty much do whatever the process permissions permits them and possibly more if your system has other vulnerabilities.

May 22 6,9K

Peter Firmstone

Security

JEPs

Retweet on Twitter Foojay.io Retweeted

So happy to see @OpenJDK uses #SonarCloud to guarantee High #CodeQuality for @java #Java25 @SonarSource

https://bugs.openjdk.org/browse/JDK-8357798

04:11 PM · February 16, 2026

Retweet on Twitter Foojay.io Retweeted

The hottest #Java unconference in the world is coming back 27-31 July 2026 (starting evening of 26th). Deep discussions about Java and life. We are making some seats available using a lottery system. Draw will be on Friday the 20th Feb. Sign up here: https://www.jcrete.org/lottery

08:45 PM · February 09, 2026

Retweet on Twitter Foojay.io Retweeted

Confession: I usually lose the Flow switching between Quality Gates and Code 📉😅

But I connected @claudeai + #SonarQube via #MCP

Verify & Fix vulnerabilities without touching the mouse.
Zero context switching. Pure flow. 🚀

https://foojay.io/today/claude-code-sonarqube-mcp/

#Java #AI @foojayio

03:56 PM · February 02, 2026