RFR: 8155246: Throw error if default java.security file is missing [v2]
Alan Bateman
alanb at openjdk.org
Wed Aug 10 14:07:38 UTC 2022
On Wed, 10 Aug 2022 13:52:48 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> In the broken case where the conf/security/java.security configuration file doesn't exist, the JDK should throw an Error.
>>
>> CSR in progress.
>
> Sean Coffey has updated the pull request incrementally with one additional commit since the last revision:
>
> CSR review comments
src/java.base/share/classes/java/security/Security.java line 52:
> 50: * @implNote If the master security properties file is missing, the JDK
> 51: * implementation will throw an {@code InternalError} when initializing the
> 52: * {@code Security} class.
Is "master security properties file" the right term here? The only use of "master" in this class seems to be a deprecated method.
I'm also not sure about the word "missing" as there can be many reasons why opening a file may fail, e.g. something changes the permissions or file owner so that it can't be opened for example.
The implNote need not be specific on the exception that is thrown, it could say "will throw an unspecified exception ..."
-------------
PR: https://git.openjdk.org/jdk/pull/9747
More information about the security-dev
mailing list