Skip to content

8264140: Add -Djava.security.manager=allow to JavaFX tests calling setSecurityManager #510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

Conversation

kevinrushforth
Copy link
Member

@kevinrushforth kevinrushforth commented May 20, 2021

The security manager is being deprecated for removal by JEP 411, which is proposed for JDK 17. The implementation of JEP 411 is out for review here: openjdk/jdk#4073.

Along with the deprecation of most security manager classes and methods, the default value of the java.security.manager system property will be treated as "disallow". This means that the deprecated System::setSecurityManager method will throw UnsupportedOperationException unless -Djava.security.manager=allow is set on the command line. A few system tests and javafx.web unit tests set a security manager and will fail without setting that system property.

The fix is to set the -Djava.security.manager=allow in build.gradle when running tests in the :systemTests and :web projects. Support for setting java.security.manager to "allow" was added in JDK 12, so we also check that the boot JDK is >= 12 (the check is needed because JDK 11 is the minimum boot JDK).

As part of this PR I am removing the legacy ServiceWithSecurityManagerTest to address JDK-8234175. ServiceWithSecurityManagerTest is the only unit test in the javafx.graphics module that sets a security manager, and the test has skipped via @Ignore since FX 8 with the comment that the test "appears to be bogus". Since there are no active javafx.graphics tests that set the security manager, I don't see the need to set -Djava.security.manager=allow for javafx.graphics tests. Better to just remove the test.

I have done a full build / test using JDK 15 as a boot JDK. I then did a full build / test using a locally-built JDK 17-ea with the fix for JEP 411, and setting JDK_HOME to that JDK. With that, I can confirm that the tests that set the security manager fail without this fix and pass with this fix.

/issue add 8234175


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issues

  • JDK-8264140: Add -Djava.security.manager=allow to JavaFX tests calling setSecurityManager
  • JDK-8234175: Remove obsolete ServiceWithSecurityManagerTest unit test

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jfx pull/510/head:pull/510
$ git checkout pull/510

Update a local copy of the PR:
$ git checkout pull/510
$ git pull https://git.openjdk.java.net/jfx pull/510/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 510

View PR using the GUI difftool:
$ git pr show -t 510

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jfx/pull/510.diff

@kevinrushforth kevinrushforth requested a review from arapte May 20, 2021 17:23
@bridgekeeper
Copy link

bridgekeeper bot commented May 20, 2021

👋 Welcome back kcr! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr Ready for review label May 20, 2021
@openjdk
Copy link

openjdk bot commented May 20, 2021

@kevinrushforth
Adding additional issue to issue list: 8234175: Remove obsolete ServiceWithSecurityManagerTest unit test.

@mlbridge
Copy link

mlbridge bot commented May 20, 2021

Webrevs

@kevinrushforth
Copy link
Member Author

Note that this does not provide fine-grained setting of -Djava.security.manager=allow. It would require refactoring the tests to separate out all of the ones that set a security manager to a different test group. Until such time as we make JDK 17 the minimum (which won't be at least until JavaFX 18) it doesn't make sense to consider such a refactoring.

@openjdk
Copy link

openjdk bot commented May 24, 2021

@kevinrushforth This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8264140: Add -Djava.security.manager=allow to JavaFX tests calling setSecurityManager
8234175: Remove obsolete ServiceWithSecurityManagerTest unit test

Reviewed-by: arapte

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 3 new commits pushed to the master branch:

  • aebac07: 8210199: [linux / macOS] fileChooser can't handle emojis
  • 240d28f: 8264127: ListCell editing status is true, when index changes while editing
  • 5843910: 8267392: ENTER key press on editable TableView throws NPE

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Ready to be integrated label May 24, 2021
@kevinrushforth
Copy link
Member Author

/integrate

@openjdk openjdk bot closed this May 24, 2021
@openjdk openjdk bot added integrated Pull request has been integrated and removed ready Ready to be integrated rfr Ready for review labels May 24, 2021
@openjdk
Copy link

openjdk bot commented May 24, 2021

@kevinrushforth Since your change was applied there have been 4 commits pushed to the master branch:

  • 2fd5092: 8263761: Update boot JDK to 16.0.1
  • aebac07: 8210199: [linux / macOS] fileChooser can't handle emojis
  • 240d28f: 8264127: ListCell editing status is true, when index changes while editing
  • 5843910: 8267392: ENTER key press on editable TableView throws NPE

Your commit was automatically rebased without conflicts.

Pushed as commit 9507ea4.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@kevinrushforth kevinrushforth deleted the 8264140-setSecurityManager branch June 1, 2021 12:45
beatngu13 added a commit to junit-pioneer/junit-pioneer that referenced this pull request Sep 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated Pull request has been integrated
Development

Successfully merging this pull request may close these issues.

2 participants