Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8159752

Grant de-privileged module permissions by default with java.security.policy override option

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b130
    • Verification:
      Verified

      Description

      JDK-8040059 changes the default policy for the deprivileged modules (those defined to the platform class loader) to enable granting specific permissions rather than AllPermission.

      Setting -Djava.security.policy==override.policy with double equals sign overrides the system security policy that may not work in JDK 9 if the application uses any deprivileged modules.

      Weblogic tests happens to override the security policy with double equals while it is unclear whether it is intended to override than augmenting.

      This issue is created to re-evaluate the compatibility risk for JDK-8040059. The platform class loader only defines JDK modules and JavaFX modules. One reasonable change may be to separate the security policy for the system modules from ${JAVA_HOME}/conf/security/java.policy. It should always grant the policy for the system modules unless the same code source is specified in java.policy (either the system-wide one or the one specified in java.security.policy system property)

        Attachments

          Issue Links

          There are no Sub-Tasks for this issue.

            Activity

              People

              Assignee:
              mullan Sean Mullan
              Reporter:
              mchung Mandy Chung
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: