JDK-8291891 : Throw error if default java.security file is missing
  • Type: CSR
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 8-pool,11-pool,17-pool,19-pool,20
  • Submitted: 2022-08-04
  • Updated: 2022-12-27
  • Resolved: 2022-08-13
Related Reports
CSR :  
JDK-8299366 - Throw error if default java.security file is missing
CSR :  
JDK-8155246 - Throw error if default java.security file is missing
Cloners :  
JDK-8293246 - Produce warning when user specified java.io.tmpdir directory doesn't exist
Description
Summary
-------

Throw `java.lang.InternalError` if the `conf/security/java.security` file is missing. Currently, in the event of such a file missing, the JDK falls back to using an old, unmaintained, configuration file

Problem
-------

The `conf/security/java.security` configuration file ships with the JDK and contains security configuration properties to ensure the JDK runs with the latest security standards. If that file is missing, the current implementation falls back to a hardcoded set of properties which is minimal and not maintained. The fall back approach has regression since the introduction of JDK modules. See JDK-8291888. 

Solution
--------

Introduce an implementation specific change where an InternalError is thrown if the `java.security` file is detected to be missing when the Java security framework is initializing. Remove the fall back approach currently in place today.

Specification
-------------

The `conf/security/java.security` configuration file is read once on initialization of the `java.security.Security` class. Make a JDK implementation specific change so that if `java.security` is missing, an unspecified error will be thrown. The `security.overridePropertiesFile=true` configuration will continue to work as before.

add following `@implNote` to `java.security.Security`:

```
  @implNote If the properties file fails to load, the JDK implementation will
  throw an unspecified error when initializing the {@code Security} class.
```

add following note to the java.security conf file:
```
 If this properties file fails to load, the JDK implementation will throw
 an unspecified error when initializing the java.security.Security class.
```
Comments
I assume updated the hard-coded backup config was considered and rejected. Moving to Approved.
13-08-2022
I think the compatibility risk is probably unknown, but probably more like "low" since the application is now failing to start rather than continuing insecurely.
12-08-2022
I would expect the scenario is sufficiently obscure that the compatibility impact is not a concern. If the file doesn't expect or has the wrong permissions then it suggests the "installation" is broken and the run-time image is unusable (so good to catch this early).
12-08-2022
Will also need a release note. Also, I think it would be useful to document this behavior in the `java.security.Security` class description as an implementation note and possibly also inside the `java.security` file, probably after the paragraph that starts with "To disable the ability ...". The text could be something like: "If the master security properties file is missing, the JDK implementation will throw an InternalError when initializing the `java.security.Security` class".
08-08-2022