RFR: 8319332: Security properties files inclusion [v2]

Andrew John Hughes andrew at openjdk.org
Fri Nov 10 16:49:00 UTC 2023


On Thu, 9 Nov 2023 21:36:44 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> My major concern is that this does not look like a properties file anymore, that the same key have multiple values and you use an undocumented (?) format "key value". That said, this is a clever hack and I wonder why we hadn't used it for `security.provider`s.

This surprised me too when I first read the patch, and I had to go back to the specification of the `Properties` file. Although the convention tends to be `key=value`, it seems the specification allows for `key:value` and `key value` as well.

By "the same key has multiple values", I assume you mean the key "import"? The implementation overrides `put` and swallows these `include` lines so they are never actually added as keys and values. Were they to be added, each subsequent one would just override the one before, as is the intended behaviour of the existing `-Djava.security.properties` extra file which can be used to override `java.security` properties on the command line.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/16483#issuecomment-1806069303


More information about the security-dev mailing list