RFR: 8270380: Change the default value of the java.security.manager system property to disallow

Weijun Wang weijun at openjdk.java.net
Tue Sep 28 18:31:36 UTC 2021

On Tue, 31 Aug 2021 02:05:06 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This change modifies the default value of the `java.security.manager` system property from "allow" to "disallow". This means unless it's explicitly set to "allow", any call to `System.setSecurityManager()` would throw an UOE.
>> The `AllowSecurityManager.java` and `SecurityManagerWarnings.java` tests are updated to confirm this behavior change. Two other tests are updated because they were added after JDK-8267184 and do not have `-Djava.security.manager=allow` on its `@run` line even it they need to install a `SecurityManager` at runtime.
>> Please note that this code change requires jtreg to be upgraded to 6.1, where a security manager [will not be set](https://bugs.openjdk.java.net/browse/CODETOOLS-7902990).
> New commit pushed. Sections added.

> @wangweij This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

Still waiting for jtreg upgraded to 6.1.


PR: https://git.openjdk.java.net/jdk/pull/5204

More information about the core-libs-dev mailing list