[15] RFR: 8191395: policy.allowSystemProperty and policy.expandProperties also apply to JAAS configurations

Sean Mullan sean.mullan at oracle.com
Wed Feb 5 15:31:02 UTC 2020


I added a sentence about policy.expandProperties to the ConfigFile class 
description. In the java.security file, I also clarified that setting 
the policy.allowSystemProperty to false (in addition to commenting it 
out) would disable the feature.

New webrev at http://cr.openjdk.java.net/~mullan/webrevs/8191395/webrev.01/
CSR: https://bugs.openjdk.java.net/browse/JDK-8238483

--Sean

On 1/31/20 10:42 AM, Sean Mullan wrote:
> On 1/30/20 7:27 PM, Weijun Wang wrote:
>> Looks fine. Does this require a CSR?
> 
> Hmm, I was on the fence about that. ConfigFile already mentions 
> policy.allowSystemProperty in the class description [1], so I think in 
> this case, we are just improving the documentation.
> 
> I can't find any JAAS reference to policy.expandProperties though. I 
> suppose we should file one then since this would be the first time it is 
> documented.
> 
> Let me draft up a CSR and reply back later.
> 
> --Sean
> 
> [1] 
> https://download.java.net/java/early_access/jdk14/docs/api/jdk.security.auth/com/sun/security/auth/login/ConfigFile.html 
> 
> 
>>
>> Thanks,
>> Max
>>
>>> On Jan 31, 2020, at 3:18 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>
>>> Please review this small change to the documentation of these two 
>>> security properties.
>>>
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8191395/webrev.00/
>>> bug: https://bugs.openjdk.java.net/browse/JDK-8191395
>>>
>>> Thanks,
>>> Sean
>>


More information about the security-dev mailing list