RFR: 8270380: Change the default value of the java.security.manager system property to disallow
Weijun Wang
weijun at openjdk.java.net
Sat Aug 21 11:26:26 UTC 2021
On Fri, 20 Aug 2021 23:01:27 GMT, Lance Andersen <lancea at openjdk.org> wrote:
>> This change modifies the default value of the `java.security.manager` system property from "allow" to "disallow". This means unless it's explicitly set to "allow", any call to `System.setSecurityManager()` would throw an UOE.
>>
>> The `AllowSecurityManager.java` and `SecurityManagerWarnings.java` tests are updated to confirm this behavior change. Two other tests are updated because they were added after JDK-8267184 and do not have `-Djava.security.manager=allow` on its `@run` line even it they need to install one at runtime.
>
> src/java.base/share/classes/java/lang/SecurityManager.java line 128:
>
>> 126: * <th scope="row">null</th>
>> 127: * <td>None</td>
>> 128: * <td>Always throws {@code UnsupportedOperationException}</td>
>
> Not sure "Always" is needed, could just be "Throws UOE"
This is the same as the existing words for "disallow".
-------------
PR: https://git.openjdk.java.net/jdk/pull/5204
More information about the security-dev
mailing list