Loading...

XML

Word

Printable

Details

Type: CSR
Resolution: Unresolved
Priority: P3
Fix Version/s: 23
Component/s: security-libs
Labels:
None

Subcomponent:
java.security
Compatibility Kind:

behavioral
Compatibility Risk:
minimal
Compatibility Risk Description:

Hide
The risk of adding this additional property should be minimal. In its default state of unset, the behaviour should be as before. When set, the behaviour is on the same lines as for java.security.properties, but with the ability to use multiple files and to do so permanently.

Show
The risk of adding this additional property should be minimal. In its default state of unset, the behaviour should be as before. When set, the behaviour is on the same lines as for java.security.properties, but with the ability to use multiple files and to do so permanently.
Interface Kind:

System or security property

Description

Summary

Allow the java.security file to be temporarily or permanently extended by property files found within a given directory tree.

Problem

Currently, security properties are held within the java.security file in the JDK tree for each installed JDK. The system property java.security.properties can be used to point to a file containing additional properties. These can be appended to the existing set or override all existing properties.

There is currently no way to specify additional properties permanently or to reference multiple files. Making permanent changes to the java.security properties requires editing the java.security file in each JDK where the changes are required.

Solution

Allow a directory tree to be specified either permanently in the java.security file by the security.propertiesDir property or on the command line using java.security.propertiesDir. Any property files found in this directory tree are appended to those specified in java.security, as with the single file used by java.security.properties.

The files are appended in the lexicographic order of the paths. Only regular non-hidden files are included. If a file is also specified by java.security.properties, its properties will be appended as if it was the final file in the list of paths, with its values overriding any previously specified by files in the directory.

For example, if the contents of the specified directory on a UNIX system are as follows:

Path	Properties
01-testFile	prop1=apple
02-testFile	prop2=banana
03-testDir/extra	prop3=cherry
.04-testFile	prop4=diamond
05-testFile	prop3=cabbage

the result would be three additional security properties being appended to the set specified in java.security: prop1=apple, prop2=banana and prop3=cabbage. The value of prop3 specified by 03-testDir/extra is overridden by that in 05-testFile and the value in .04-testFile is ignored, as files starting with a '.' are regarded as hidden on UNIX systems.

The command-line variant, java.security.propertiesDir, is intended primarily for testing and to disable a permanent properties directory by setting the value to empty. Its value takes precedence over any value specified by security.propertiesDir in java.security. As with java.security.properties, the system property will be ignored if security.overridePropertiesFile in the java.security file is not set to true.

One possible usage scenario for this facility would be to set the security.propertiesDir in the java.security file of each JDK to a common shared directory, allowing all JDKs to share a common set of security properties. This eases setting up properties on each new JDK installation and also allows the shared properties to be maintained under different access permissions to those of the JDK.

Specification

N/A. This is an implementation change in the JDK, not affecting Java SE spec.

Attachments

Issue Links

csr of

JDK-8309330 Allow java.security to be extended via a properties directory

Open

Activity

People

Assignee:: Andrew Hughes

Reporter:: Andrew Hughes

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2023-06-01 17:36

Updated:: 2024-01-30 17:18