RFR: 8270380: Change the default value of the java.security.manager system property to disallow

David Holmes dholmes at openjdk.java.net
Mon Aug 23 10:27:33 UTC 2021

On Fri, 20 Aug 2021 22:44:34 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> This change modifies the default value of the `java.security.manager` system property from "allow" to "disallow". This means unless it's explicitly set to "allow", any call to `System.setSecurityManager()` would throw an UOE.
> The `AllowSecurityManager.java` and `SecurityManagerWarnings.java` tests are updated to confirm this behavior change. Two other tests are updated because they were added after JDK-8267184 and do not have `-Djava.security.manager=allow` on its `@run` line even it they need to install a `SecurityManager` at runtime.

Thanks for the clarification @AlanBateman . @wangweij my apologies as I misunderstood the affect this change was going to have on the existing warnings - which is none.



PR: https://git.openjdk.java.net/jdk/pull/5204

More information about the security-dev mailing list