RFR 8087157: PKCS11 provider not instantiated with security manager
Valerie Peng
valerie.peng at oracle.com
Thu Jun 18 21:44:34 UTC 2015
Well, the othervm mode is needed not because of the cleanup/disable of
SecurityManager, but to ensure that SunPKCS11 provider is created under
a SecurityManager.
Without the othervm mode, the test will always pass even if the
necessary permission is not in java.policy because SunPKCS11 provider is
already created and present when this test is run. This is also a
surprise to me when I first run the regression test against the
before-fix java.policy and the test kept passing unexpectedly.
Valerie
On 6/16/2015 5:51 AM, Sean Mullan wrote:
> On 06/15/2015 04:54 PM, Valerie Peng wrote:
>> Sean,
>>
>> Given how trivial this is, I initially covered it in the fix for
>> 7191662.
>> However, fix for 7191662 took longer than anticipated to go in and now
>> SQE has filed a bug for this.
>> Thus, I separated this out into a separate webrev. Can u please take a
>> look?
>>
>> http://cr.openjdk.java.net/~valeriep/8087157/webrev.01/
>
> I am pretty sure you don't need to run the test in othervm mode, since
> jtreg agentvm mode should be able to cleanup/disable the
> SecurityManager so that the VM can be reused. You could double-check
> with Jon Gibbons to be sure. Otherwise, looks good.
>
> --Sean
>
More information about the security-dev
mailing list