Analyze future impact of Java SecurityManager removal on tests #743
Comments
scottmarlow
added
the
10.0
scottmarlow
changed the title
|
Thanks, much appreciated! |
|
Running the EE 9.1 Platform TCK with Open Liberty and Java 18, we immediately hit a problem with the JavaTest harness that prevents any tests from running: There is a property (javatest.security.noSecurityManager=true) that skips the call to setSecurityManager, but there is not currently a hook in the TCK automation to set it. I've hacked in the change for now to get past it and am re-running the TCK. I will share the results when it is complete. |
|
What version of javatest are you using? You probably need a more recent build of javatest
Also, you depending on the test(s), you may need to include: -Djava.security.manager=allow
On Mar 12, 2022, at 1:45 PM, Brian Decker ***@***.***> wrote:
Running the EE 9.1 Platform TCK with Open Liberty and Java 18, we immediately hit a problem with the JavaTest harness that prevents any tests from running:
[javatest.batch] java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release
[javatest.batch] at java.base/java.lang.System.setSecurityManager(System.java:416)
[javatest.batch] at com.sun.javatest.JavaTestSecurityManager.install(JavaTestSecurityManager.java:84)
[javatest.batch] at com.sun.javatest.tool.Main.run(Main.java:291)
[javatest.batch] at com.sun.javatest.tool.Main.main0(Main.java:150)
[javatest.batch] at com.sun.javatest.tool.Main.main(Main.java:130)
There is a property (javatest.security.noSecurityManager=true) that skips the call to setSecurityManager, but there is not currently a hook in the TCK automation to set it. I've hacked in the change for now to get past it and am re-running the TCK. I will share the results when it is complete.
—
Reply to this email directly, view it on GitHub <#743 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABQPFO66ZSOP47X72INWFZLU7TQ3DANCNFSM5EDPYKGQ>.
Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you are subscribed to this thread.
My best,
Lance
--
Lance Andersen
USTA EMA President and CEO
PTR Professional 5A
USPTA Elite Professional
TIA Global Cardio Tennis-Master Trainer
USRSA
Mobile: 978 857-0446
luckydogtennis.com -- luckydogtennis.com/TennisBlog -- cardiotennis.com
|
I'm not sure that a newer version of JavaTest would matter, unless they've changed the default behavior to not set a security manager. The property we need is there already, it's just that the invocation in the TCK's Ant scripts doesn't use it at present.
I'm not trying to get all of the tests to pass with Java 18. Similar to what Scott did above, I'm trying to see what fails, so that we can be prepared for when there is a Java level that no longer lets you set this property to allow at all. |
|
My test results above are from running with Good idea to look at Java 18. I wonder which JavaTest version is needed to support |
We shouldn't need a new version of JavaTest. I'll create a PR to show the kind of change in the TCK scripts that would be needed for this. |
|
I've run tests with Open Liberty three ways now: (1) Java 17 with -Djava.security.manager=disallow, (2) Java 17 with the EE security permissions setup in our OL automation disabled, and (3) Java 18. In each run, I got the same set of 33 failures -- a subset of what Scott reported upthread. connector/permissiondd - 6 failures (testValidateLocalPermsInvalidName & testValidateMissingPermFails) The only surprising part to me (without having looked more closely yet) is that I would have expected more of the connector/permissiondd tests to fail. I'll look into that some more. |
|
From my updated test run with EE 9.1 (using the WildFly Preview 26.x branch which is actually EE 9.1): I'll attach test jtr + logs soon. |
#904 could benefit from the jakartaee-tck/pull/894 as well I think. |
Agreed. Shall I turn 894 into a real PR and have folks review it? The new version of JavaTest would also resolve this, but I'm not sure when it might be getting out of Beta releases. |
Yes, please do turn i894 into a real PR.
|
scottmarlow
removed
the
10.0
…m-tck#894 change to address jakartaee/platform-tck#743 which didn't get released with jakarta-xml-ws-tck-4.0.0.zip Signed-off-by: Scott Marlow <smarlow@redhat.com>
…m-tck#894 change to address jakartaee/platform-tck#743 which didn't get released with jakarta-xml-ws-tck-4.0.0.zip (#708) Signed-off-by: Scott Marlow <smarlow@redhat.com>
As per jakartaee/platform#406, analyze our options for running TCK tests against a future Java SE version that does not contain the SecurityManager classes.
One output from this issue should be analysis of how we could:
For reference, see https://openjdk.java.net/jeps/411
The text was updated successfully, but these errors were encountered: