On Thu, 9 Apr 2026 07:20:24 GMT, Alan Bateman <[email protected]> wrote:
>> This is a new jlink plugin which allows the user to specify values of >> security properties it wants to override in the `java.security` >> configuration file in a custom runtime image. This enhancement, along with >> [the `cacerts` jlink plugin](https://github.com/openjdk/jdk/pull/29700) >> allow users to more easily create runtimes that address the specific >> security requirements of their applications. >> >> The command-line syntax takes a file containing properties that the user >> wants to override. >> >> For example: >> >> >> jlink --security-properties props.security >> >> >> where `props.security` is a file containing one more more properties in the >> `java.security` file syntax. > > src/jdk.jlink/share/man/jlink.md line 245: > >> 243: Description >> 244: : Override the security properties in the `java.security` >> configuration >> 245: file with the properties in the specified file. > > I think the description will need to be expanded a bit to make it very clear > than the contents of the given file are used to override or add to the > java.security that goes into the generated run-time image. Just trying to > avoid anyone thinking it is somehow related to `-Djava.security.properties` > to override the location of the file. +1. It would make sense to also document that that the `include` directive is not supported. Suggestion: Override the security properties - if they exist - in the `conf/security/java.security` configuration file with the properties in the specified file. Appends properties not previously present in `java.security` at the end. The `include` directive is not supported. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30635#discussion_r3057676550
