RFR: 8270380: Change the default value of the java.security.manager system property to disallow

Weijun Wang weijun at openjdk.java.net
Tue Sep 28 18:31:36 UTC 2021


On Tue, 31 Aug 2021 02:05:06 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This change modifies the default value of the `java.security.manager` system property from "allow" to "disallow". This means unless it's explicitly set to "allow", any call to `System.setSecurityManager()` would throw an UOE.
>> 
>> The `AllowSecurityManager.java` and `SecurityManagerWarnings.java` tests are updated to confirm this behavior change. Two other tests are updated because they were added after JDK-8267184 and do not have `-Djava.security.manager=allow` on its `@run` line even it they need to install a `SecurityManager` at runtime.
>> 
>> Please note that this code change requires jtreg to be upgraded to 6.1, where a security manager [will not be set](https://bugs.openjdk.java.net/browse/CODETOOLS-7902990).
>
> New commit pushed. Sections added.

> @wangweij This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

Still waiting for jtreg upgraded to 6.1.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5204



More information about the security-dev mailing list