[15] RFR: 8191395: policy.allowSystemProperty and policy.expandProperties also apply to JAAS configurations
Sean Mullan
sean.mullan at oracle.com
Wed Feb 5 15:31:02 UTC 2020
I added a sentence about policy.expandProperties to the ConfigFile class
description. In the java.security file, I also clarified that setting
the policy.allowSystemProperty to false (in addition to commenting it
out) would disable the feature.
New webrev at http://cr.openjdk.java.net/~mullan/webrevs/8191395/webrev.01/
CSR: https://bugs.openjdk.java.net/browse/JDK-8238483
--Sean
On 1/31/20 10:42 AM, Sean Mullan wrote:
> On 1/30/20 7:27 PM, Weijun Wang wrote:
>> Looks fine. Does this require a CSR?
>
> Hmm, I was on the fence about that. ConfigFile already mentions
> policy.allowSystemProperty in the class description [1], so I think in
> this case, we are just improving the documentation.
>
> I can't find any JAAS reference to policy.expandProperties though. I
> suppose we should file one then since this would be the first time it is
> documented.
>
> Let me draft up a CSR and reply back later.
>
> --Sean
>
> [1]
> https://download.java.net/java/early_access/jdk14/docs/api/jdk.security.auth/com/sun/security/auth/login/ConfigFile.html
>
>
>>
>> Thanks,
>> Max
>>
>>> On Jan 31, 2020, at 3:18 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>
>>> Please review this small change to the documentation of these two
>>> security properties.
>>>
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8191395/webrev.00/
>>> bug: https://bugs.openjdk.java.net/browse/JDK-8191395
>>>
>>> Thanks,
>>> Sean
>>
More information about the security-dev
mailing list