> The implementation of this proposal is based on the requirements, > specification and design choices described in the [JDK-8319332] ticket and > its respective CSR [JDK-8319333]. What follows are implementation notes > organized per functional component, with the purpose of assisting to navigate > the code changes in this pull-request. > > ## Security properties loading (overview) > > A new static class named `SecPropLoader` (nested within > `java.security.Security`) is introduced to handle the loading of all security > properties. Its method `loadAll` is the first one to be called, at > `java.security.Security` static class initialization. The master security > properties file is then loaded by `loadMaster`. When additional security > properties files are allowed (the security property > `security.overridePropertiesFile` is set to `true`) and the > `java.security.properties` system property is passed, the method `loadExtra` > handles the extra load. > > The master properties file is loaded in `OVERRIDE` mode, meaning that the map > of properties is originally empty. Any failure occurred while loading these > properties is considered fatal. The extra properties file > (`java.security.properties`) may be loaded in `OVERRIDE` or `APPEND` mode. > Any failure in this case is ignored. This behavior maintains compatibility > with the previous implementation. > > While the `java.security.properties` system property is documented to accept > an URL type of value, filesystem path values are supported in the same way > that they were prior to this enhancement. Values are then interpreted as > paths and, only if that fails, are considered URLs. In the latter case, there > is one more attempt after opening the stream to check if there is a local > file path underneath (e.g. the URL has the form of > `file:///path/to/a/local/file`). The reason for preferring paths over URLs is > to support relative path file inclusion in properties files. > > ## Loading security properties from paths (`loadFromPath` method) > > When loading a properties file from a path, the normalized file location is > stored in the static field `currentPath`. This value is the current base to > resolve any relative path encountered while handling an _include_ definition. > Normalized paths are also saved in the `activePaths` set to detect recursive > cycles. As we move down or up in the _includes_ stack, `currentPath` and > `activePaths` values are updated. > > ## Loading security properties from URLs (`loadFromUrl` method) > > The extra properties file can be loaded from a URL. ...
Francisco Ferrari Bihurriet has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 16 commits: - Update java.security documentation and fix test Adjust java.security documentation to match the latest CSR update, explaining the definition of security profiles based on non-strict system property expansion. Skip specialCharsIncludes test case in platforms whose filesystem does not support paths containing Unicode characters. Co-authored-by: Francisco Ferrari <fferr...@redhat.com> Co-authored-by: Martin Balao <mba...@redhat.com> - Merge 'openjdk/master' into JDK-8319332 - Improve backward compatibility testing Co-authored-by: Francisco Ferrari <fferr...@redhat.com> Co-authored-by: Martin Balao <mba...@redhat.com> - Extend backward compatibility support Co-authored-by: Francisco Ferrari <fferr...@redhat.com> Co-authored-by: Martin Balao <mba...@redhat.com> - Merge 'openjdk/master' into JDK-8319332 - Merge 'openjdk/master' into JDK-8319332 - Merge 'openjdk/master' into JDK-8319332 Conflict in ConfigFileTest.java solved by keeping our file, which had been previously adjusted. Commands: git merge upstream/master git restore --ours -- test/jdk/java/security/Security/ConfigFileTest.java git add test/jdk/java/security/Security/ConfigFileTest.java git merge --continue - 8319332: Adjust code for JDK-8319673 changes JDK-8319673: Few security tests ignore VM flags Next, we will merge the openjdk/master branch and ignore the conflict in this file. Co-authored-by: Martin Balao <mba...@redhat.com> Co-authored-by: Francisco Ferrari Bihurriet <fferr...@redhat.com> - 8319332: Update copyright and ConfigFileTest.java. Bump copyright year to 2024 in all the modified files. Remove leaked host name from children JVMs debug command. Extract Executor::addSystemPropertiesAsJvmArgs from Executor::execute and rename 'allJvmArgs' to 'command'. Also split class name and RUNNER_ARG addition to 'command' as two separated command.add() calls. Co-authored-by: Martin Balao <mba...@redhat.com> Co-authored-by: Francisco Ferrari Bihurriet <fferr...@redhat.com> - Merge 'openjdk/master' into JDK-8319332 - ... and 6 more: https://git.openjdk.org/jdk/compare/a024eed7...a9b0ecbd ------------- Changes: https://git.openjdk.org/jdk/pull/16483/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=16483&range=09 Stats: 1282 lines in 6 files changed: 1052 ins; 167 del; 63 mod Patch: https://git.openjdk.org/jdk/pull/16483.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/16483/head:pull/16483 PR: https://git.openjdk.org/jdk/pull/16483