RFR: JDK-8288475: Initializing RandomGeneratorFactory.FactoryMapHolder fails if a SecurityManager is installed
Sean Mullan
mullan at openjdk.org
Thu Jun 16 17:54:58 UTC 2022
On Thu, 16 Jun 2022 07:08:20 GMT, Johannes Kuhn <jkuhn at openjdk.org> wrote:
> * This adds additional permissions to the jdk.random module (`RuntimePermission "accessClassInPackage.jdk.internal.util.random"`)
> * The annotations of the provider classes are now parsed early.
> This avoids putting the parts that can trigger the parsing into an `AccessController.doPrivileged()` block.
> * If a `SecurityManager` is installed, `RandomGeneratorFactory.all()` will only return `RandomGenerator`s that are loaded by a system domain loader.
> This avoids parsing annotations of user classes from a privileged context.
test/jdk/java/util/Random/SecurityManagerFactory.java line 2:
> 1: /*
> 2: * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
Update year to 2022.
test/jdk/java/util/Random/SecurityManagerFactory.java line 29:
> 27: * @summary Checks if the random factory providers can be loaded when a SecurityManager is active
> 28: * @bug 8288475
> 29: * @run main/othervm/policy=java.policy -Djava.security.manager SecurityManagerFactory
You should not need to specify the `java.security.manager` system property as the jtreg `policy` tag will automatically run it under a SecurityManager.
test/jdk/java/util/Random/SecurityManagerFactory.java line 34:
> 32: public class SecurityManagerFactory {
> 33: public static void main(String[] args) {
> 34: RandomGeneratorFactory.all().toList();
Should you also check what `RandomGenerator`s are returned when an SM is enabled to make sure it is ok?
-------------
PR: https://git.openjdk.org/jdk/pull/9180
More information about the security-dev
mailing list