Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8238483

policy.allowSystemProperty and policy.expandProperties also apply to JAAS configurations

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P4
    • Resolution: Approved
    • Fix Version/s: 15
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Interface Kind:
      System or security property
    • Scope:
      JDK

      Description

      Summary

      The policy.expandProperties and policy.allowSystemProperty security properties properties should be updated in the javadocs and the java.security configuration file to describe how they apply to JAAS configuration files.

      Problem

      The policy.expandProperties and policy.allowSystemProperty security properties apply to JAAS configuration files as well as policy files.

      Solution

      Add more details describing these boolean properties in the java.security file and the com.sun.security.auth.login.ConfigFile API. The ConfigFile API currently documents the policy.allowSystemProperty property but not the policy.expandProperties property. Also document their default values, if not explicitly set.

      Specification

      In the class description of com.sun.security.auth.login.ConfigFile API, the following sentence will be added at the end:

      In addition, the security property <i>policy.expandProperties</i> can
      be used to control whether system properties in the configuration file
      are expanded. If not set, the default value is <i>true</i> which means
      that properties will be expanded.

      Make the following additions to the definitions of the properties in the java.security file:

      -# whether or not we expand properties in the policy file
      -# if this is set to false, properties (${...}) will not be expanded in policy
      -# files.
      +# Controls whether or not properties are expanded in policy and login
      +# configuration files. If set to false, properties (${...}) will not
      +# be expanded in policy and login configuration files. If commented out or
      +# set to an empty string, the default value is "false" for policy files and
      +# "true" for login configuration files.
       #
       policy.expandProperties=true
      
      -# whether or not we allow an extra policy to be passed on the command line
      -# with -Djava.security.policy=somefile. Comment out this line to disable
      -# this feature.
      +# Controls whether or not an extra policy or login configuration file is
      +# allowed to be passed on the command line with -Djava.security.policy=somefile
      +# or -Djava.security.auth.login.config=somefile. If commented out or set to
      +# an empty string, the default value is "false".
       #
       policy.allowSystemProperty=true

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mullan Sean Mullan
              Reporter:
              weijun Weijun Wang
              Reviewed By:
              Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: