Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8238483

policy.allowSystemProperty and policy.expandProperties also apply to JAAS configurations

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 15
    • security-libs
    • None
    • behavioral
    • minimal
    • System or security property
    • JDK

      Summary

      The policy.expandProperties and policy.allowSystemProperty security properties properties should be updated in the javadocs and the java.security configuration file to describe how they apply to JAAS configuration files.

      Problem

      The policy.expandProperties and policy.allowSystemProperty security properties apply to JAAS configuration files as well as policy files.

      Solution

      Add more details describing these boolean properties in the java.security file and the com.sun.security.auth.login.ConfigFile API. The ConfigFile API currently documents the policy.allowSystemProperty property but not the policy.expandProperties property. Also document their default values, if not explicitly set.

      Specification

      In the class description of com.sun.security.auth.login.ConfigFile API, the following sentence will be added at the end:

      In addition, the security property <i>policy.expandProperties</i> can
be used to control whether system properties in the configuration file
are expanded. If not set, the default value is <i>true</i> which means
that properties will be expanded.

      Make the following additions to the definitions of the properties in the java.security file:

      -# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
+# Controls whether or not properties are expanded in policy and login
+# configuration files. If set to false, properties (${...}) will not
+# be expanded in policy and login configuration files. If commented out or
+# set to an empty string, the default value is "false" for policy files and
+# "true" for login configuration files.
 #
 policy.expandProperties=true

-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
+# Controls whether or not an extra policy or login configuration file is
+# allowed to be passed on the command line with -Djava.security.policy=somefile
+# or -Djava.security.auth.login.config=somefile. If commented out or set to
+# an empty string, the default value is "false".
 #
 policy.allowSystemProperty=true

            mullan Sean Mullan
            weijun Weijun Wang
            Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: