Details
-
CSR
-
Resolution: Approved
-
P3
-
None
-
behavioral
-
low
-
-
System or security property
-
JDK
Description
Summary
Change the default value of the java.security.manager
system property to disallow, so that unless it's explicitly set to allow
, any calling of System.setSecurityManager(SecurityManager)
with a non-null argument will throw an UnsupportedOperationException
.
Problem
We have deprecated the Security Manager for removal in JDK 17 through JEP 411, and in the next few releases we will gradually remove (or degrade) the API and the implementation. Disabling the ability to dynamically install a Security Manager by default is one of the first steps. This is already described in the Description section of JEP 411.
Solution
When the java.security.manager
system property is not set, treat it the same as set to disallow
.
Specification
src/java.base/share/classes/java/lang/SecurityManager.java:
/**
...
* The Java run-time may also allow, but is not required to allow, the security
* manager to be set dynamically by invoking the
* {@link System#setSecurityManager(SecurityManager) setSecurityManager} method.
* In the JDK implementation, if the Java virtual machine is started with
* the {@code java.security.manager} system property set to the special token
- * "{@code disallow}" then a security manager will not be set at startup and
- * cannot be set dynamically (the
+ * "{@code allow}", then a security manager will not be set at startup but can
+ * be set dynamically. If the Java virtual machine is started with the
+ * {@code java.security.manager} system property not set or set to the special
+ * token "{@code disallow}", then a security manager will not be set at startup
+ * and cannot be set dynamically (the
* {@link System#setSecurityManager(SecurityManager) setSecurityManager}
- * method will throw an {@code UnsupportedOperationException}). If the
- * {@code java.security.manager} system property is not set or is set to the
- * special token "{@code allow}", then a security manager will not be set at
- * startup but can be set dynamically.
+ * method will throw an {@code UnsupportedOperationException}).
...
* following table illustrates the behavior of the JDK implementation for the
* different settings of the {@code java.security.manager} system property:
...
* <tr>
* <th scope="col">Property Value</th>
* <th scope="col">The SecurityManager set at startup</th>
* <th scope="col">System.setSecurityManager run-time behavior</th>
* </tr>
...
* <tr>
* <th scope="row">null</th>
* <td>None</td>
- * <td>Success or throws {@code SecurityException} if not permitted by
- * the currently installed security manager</td>
+ * <td>Always throws {@code UnsupportedOperationException}</td>
* </tr>
...
- * <p> A future release of the JDK may change the default value of the
- * {@code java.security.manager} system property to "{@code disallow}".
...
*/
@Deprecated(since="17", forRemoval=true)
public class SecurityManager
src/java.base/share/classes/java/lang/System.java:
/*
...
* @implNote In the JDK implementation, if the Java virtual machine is
- * started with the system property {@code java.security.manager} set to
+ * started with the system property {@code java.security.manager} not set or set to
* the special token "{@code disallow}" then the {@code setSecurityManager}
* method cannot be used to set a security manager.
...
*/
@Deprecated(since="17", forRemoval=true)
@CallerSensitive
public static void setSecurityManager(@SuppressWarnings("removal") SecurityManager sm);
Attachments
Issue Links
- csr of
-
JDK-8270380 Change the default value of the java.security.manager system property to disallow
- Resolved