RFR: 8270380: Change the default value of the java.security.manager system property to disallow

Weijun Wang weijun at openjdk.java.net
Mon Aug 23 12:15:32 UTC 2021


On Mon, 23 Aug 2021 03:22:18 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

> Would this then allow the security manager to be used? In other words, can the value of `java.security.manager` be changed dynamically at runtime or is it restricted to be set only at launch time (via command line arugment `-Djava.security.manager`)?

Whether to allow a SecurityManager to be installed later is determined at system initialization time, so there is no use to set it to "allow" inside a program. See https://github.com/openjdk/jdk/blob/3a690240336bda8582a15ca52f4dcb78be323dcd/src/java.base/share/classes/java/lang/System.java#L2191

The spec in `SecurityManager.java` uses the words "if the Java virtual machine **is started with** the java.security.manager system property..." to describe this.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5204



More information about the security-dev mailing list