RFR: 8330542: Add jaxp-strict.properties in preparation for a secure by default configuration [v10]

[Alan Bateman]

On Sun, 19 May 2024 05:01:32 GMT, Joe Wang <joehw at openjdk.org> wrote:

>> Add two sample configuration files:
>> 
>>   jaxp-strict.properties: used to set strict configuration, stricter than jaxp.properties in previous versions such as JDK 22
>> 
>>>   jaxp-compat.properties: used to regain compatibility from any more restricted configuration than previous versions such as JDK 22
>> 
>> Updated on 5/16/2024
>> 
>> Design change:
>> The design is changed to include in the JDK two configuration files that are the default jaxp.properties and jaxp-strict.properties, instead of three, dropping jaxp-compat.properties.
>> 
>> Updated on 5/18/2024
>> 
>> Withdraw changes to jaxp.properties. The original idea was to match jaxp-strict.properties with regard to the properties. However, that change impact the configuration process, resulting in tests that verify the process to fail.
>
> Joe Wang has updated the pull request incrementally with one additional commit since the last revision:
> 
>   withdraw changes to jaxp.properties. The configuration process has not changed, changing the default configuration would result in many failures that test the process.

Looks good, just one comment on on the jaxp-strict.properties file text.

src/java.xml/share/conf/jaxp-strict.properties line 17:

> 15: #     java -Djava.xml.config.file=$JAVA_HOME/conf/jaxp-strict.properties
> 16: #
> 17: # The pathname to the configuration file must be valid. If it is not absolute,

I think it would be better to drop this paragraph or else just replace it with a sentence to say that the java.xml module description specifies the system property.

-------------

Marked as reviewed by alanb (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/18831#pullrequestreview-2065520089
PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1606350445