changeset 60029:c5bf18d5f5e1

8191395: policy.allowSystemProperty and policy.expandProperties also apply to JAAS configurations Reviewed-by: weijun
author mullan
date Wed, 12 Feb 2020 10:28:59 -0500
parents 370f25f90d1f
children 10e939d362fc
files src/java.base/share/conf/security/java.security src/jdk.security.auth/share/classes/com/sun/security/auth/login/ConfigFile.java
diffstat 2 files changed, 15 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/conf/security/java.security	Wed Feb 12 09:38:59 2020 -0500
+++ b/src/java.base/share/conf/security/java.security	Wed Feb 12 10:28:59 2020 -0500
@@ -276,15 +276,18 @@
 policy.url.1=file:${java.home}/conf/security/java.policy
 policy.url.2=file:${user.home}/.java.policy
 
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
+# Controls whether or not properties are expanded in policy and login
+# configuration files. If set to false, properties (${...}) will not
+# be expanded in policy and login configuration files. If commented out or
+# set to an empty string, the default value is "false" for policy files and
+# "true" for login configuration files.
 #
 policy.expandProperties=true
 
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
+# Controls whether or not an extra policy or login configuration file is
+# allowed to be passed on the command line with -Djava.security.policy=somefile
+# or -Djava.security.auth.login.config=somefile. If commented out or set to
+# an empty string, the default value is "false".
 #
 policy.allowSystemProperty=true
 
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/login/ConfigFile.java	Wed Feb 12 09:38:59 2020 -0500
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/login/ConfigFile.java	Wed Feb 12 10:28:59 2020 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -78,7 +78,11 @@
  *
  * <p> The configuration syntax supported by this implementation
  * is exactly that syntax specified in the
- * {@code javax.security.auth.login.Configuration} class.
+ * {@code javax.security.auth.login.Configuration} class. In addition, the
+ * security property <i>policy.expandProperties</i> can be used to control
+ * whether system properties in the configuration file are expanded. If not
+ * set, the default value is <i>true</i> which means that properties will
+ * be expanded.
  *
  * @see javax.security.auth.login.LoginContext
  * @see java.security.Security security properties