JDK12 setSecurityManager according to java.security.manager special tokens #4738
Conversation
| @@ -1305,3 +1305,6 @@ K0900="Create a new Reference, since a Reference cannot be cloned." | |||
| #java.lang.invoke.MethodHandle | |||
| K0A00="Failed to resolve Constant Dynamic entry with j9class: {0}, name: {1}, descriptor: {2}, bsmData: {3}" | |||
| K0A01="Constant_Dynamic references bootstrap method '{0}' does not have java.lang.invoke.MethodHandles.Lookup as first parameter." | |||
|
|
|||
| #java.lang.System | |||
| K0B00="Runtime is specified to disallow setting security manager" | |||
There was a problem hiding this comment.
This can be more explicit. i.e. -Djava.security.manager=disallow has been specified
There was a problem hiding this comment.
Updated the message.
| if (javaSecurityManager.isEmpty() || "default".equals(javaSecurityManager)) { | ||
| if ((javaSecurityManager != null) | ||
| /*[IF Java12]*/ | ||
| && !javaSecurityManager.equals("disallow") //$NON-NLS-1$ /* special token to disallow SecurityManager */ |
There was a problem hiding this comment.
Please add a comment to refer to the SecurityManager javadoc.
There was a problem hiding this comment.
JDK 12 doc is still an early access, added a comment More details are at JDK 12 javadoc jdk12/docs/api/java.base/java/lang/SecurityManager.html instead.
Please have another look.
There was a problem hiding this comment.
I didn't mean to include a direct link. In fact, I don't think the path is desired either. I'm fine with a comment at says "See the SecurityManager javadoc for details."
There was a problem hiding this comment.
Sure, the comment is updated.
JasonFengJ9
force-pushed
the
jdk12sm
branch
2 times, most recently
from
0e409f8
to
91cce0d
Compare
java.security.manager special tokens JDK12 throws UnsupportedOperationException when the system property java.security.manager is set to special token disallow during startup via command line options; In addition, special token allow permits setSecurityManager dynamically instead of an actual SecurityManager implementation class name; Replaced deprecated (since Java9) Class.newInstance() with Class.getDeclaredConstructor().newInstance() (not other occurrences, maybe another PR) ; Minor javadoc updates. Note: JDK8 and JDK11 don't support these special tokens allow and disallow. Signed-off-by: Jason Feng <fengj@ca.ibm.com>
|
jenkins test sanity zlinux jdk11 |
JDK12setSecurityManager()according to system propertyjava.security.managerspecial tokensJDK12throwsUnsupportedOperationExceptionwhen the system propertyjava.security.manageris set to special tokendisallowduring startup via command line options;In addition, special token
allowpermitssetSecurityManagerdynamically instead of an actualSecurityManagerimplementation class name;Replaced deprecated (since
Java9)Class.newInstance()withClass.getDeclaredConstructor().newInstance()(not other occurrences, maybe another PR) ;Minor
javadocupdates.Note:
JDK8andJDK11don't support these special tokensallowanddisallow.Manually verified behaviors matching
RI.Expected JTReg tests to provide test coverage such as following.
https://github.com/ibmruntimes/openj9-openjdk-jdk12/blob/e969f57ff8031485b00ccf2ed10f87a627c7bd68/test/jdk/java/lang/System/AllowSecurityManager.java#L24-L32
Fixes: #4734
Reviewer: @pshipton
FYI: @DanHeidinga
Signed-off-by: Jason Feng fengj@ca.ibm.com