RFR 8087157: PKCS11 provider not instantiated with security manager

Sean Mullan sean.mullan at oracle.com
Thu Jun 18 23:17:50 UTC 2015


On 06/18/2015 05:44 PM, Valerie Peng wrote:
> Well, the othervm mode is needed not because of the cleanup/disable of
> SecurityManager, but to ensure that SunPKCS11 provider is created under
> a SecurityManager.
>
> Without the othervm mode, the test will always pass even if the
> necessary permission is not in java.policy because SunPKCS11 provider is
> already created and present when this test is run. This is also a
> surprise to me when I first run the regression test against the
> before-fix java.policy and the test kept passing unexpectedly.

Ok, that makes sense now.

Thanks,
Sean

>
> Valerie
>
> On 6/16/2015 5:51 AM, Sean Mullan wrote:
>> On 06/15/2015 04:54 PM, Valerie Peng wrote:
>>> Sean,
>>>
>>> Given how trivial this is, I initially covered it in the fix for
>>> 7191662.
>>> However, fix for 7191662 took longer than anticipated to go in and now
>>> SQE has filed a bug for this.
>>> Thus, I separated this out into a separate webrev. Can u please take  a
>>> look?
>>>
>>> http://cr.openjdk.java.net/~valeriep/8087157/webrev.01/
>>
>> I am pretty sure you don't need to run the test in othervm mode, since
>> jtreg agentvm mode should be able to cleanup/disable the
>> SecurityManager so that the VM can be reused. You could double-check
>> with Jon Gibbons to be sure. Otherwise, looks good.
>>
>> --Sean
>>



More information about the security-dev mailing list