JDK-8301251 : Ignore allow and disallow options for java.security.manager System Property
  • Type: CSR
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 7-pool,8-pool,11-pool,11-pool-oracle
  • Submitted: 2023-01-27
  • Updated: 2023-05-24
  • Resolved: 2023-05-24
Related Reports
CSR :  
JDK-8301118 - Ignore allow and disallow options for java.security.manager System Property
Relates :  
JDK-8203316 - Provide a mechanism to make system's security manager immutable
Description
Summary
-------

Update supported JDK versions prior to JDK 12 to ignore the "allow" and "disallow" options of the `java.security.manager` system property (if set on the java command line) instead of treating them as classnames.

Problem
-------

In JDK 12, we introduced two new token options for the java.security.manager system property ("allow" and "disallow").

Many applications/frameworks are designed to run on multiple JDKs and for those that enable the SecurityManager at runtime via `System.setSecurityManager` they have to specify the "allow" option as of JDK 18 (see https://bugs.openjdk.org/browse/JDK-8203316). However, these applications would also prefer to use the same command line across multiple versions of the JDK, especially if it is not known what JDK version a user will use.

But on JDK versions earlier than JDK 12, if these options are specified, the runtime attempts to load a SecurityManager implementation with the classname of "allow" or "disallow", which results in an Error and the application will not start up.

Some applications have worked around this by creating a custom SecurityManager named "allow" that once enabled, immediately uninstalls itself, but this workaround is awkward and should not be necessary.

Solution
--------

If the `java.security.manager` system property is set to "allow" or "disallow" on the java command line, silently ignore it.

Specification
-------------

No specification changes, just a behavior change.
Comments
I think this is a good change to encourage "retroactive forward compatibility" around setting of the SecurityManager property across releases. The original CSR for JDK 12, JDK-8203316, makes various JDK-specific spec changes. A release note should certainly be done, but I think it would also be reasonable to make JDK-specific spec changes and re-spin the docs. Moving to Approved.
24-05-2023
Java 12 was the first release to specify the java.lang.SecurityManager property so technically okay to change the implementation in JDK 8u/11u to treat "allow" as a special value without a spec change. If it helps deployments that really want to run with -Djava.security.manager=allow on older releases then it should okay.
24-05-2023