RFR: 8270380: Change the default value of the java.security.manager system property to disallow
Jaikiran Pai
jpai at openjdk.java.net
Mon Aug 23 12:46:31 UTC 2021
On Mon, 23 Aug 2021 12:09:42 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> > Would this then allow the security manager to be used? In other words, can the value of `java.security.manager` be changed dynamically at runtime or is it restricted to be set only at launch time (via command line arugment `-Djava.security.manager`)?
>
> Whether to allow a SecurityManager to be installed later is determined at system initialization time, so there is no use to set it to "allow" inside a program. See
>
> https://github.com/openjdk/jdk/blob/3a690240336bda8582a15ca52f4dcb78be323dcd/src/java.base/share/classes/java/lang/System.java#L2191
>
> The spec in `SecurityManager.java` uses the words "if the Java virtual machine **is started with** the java.security.manager system property..." to describe this.
Thank you for that clarification @wangweij.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5204
More information about the security-dev
mailing list