8191395: policy.allowSystemProperty and policy.expandProperties also …

…apply to JAAS configurations Reviewed-by: weijun
openjdk · Feb 12, 2020 · 2fbbce2b233e924ec9c3720fb4e7ef8b1ef31d51 · 2fbbce2
1 parent a239c47
commit 2fbbce2b233e924ec9c3720fb4e7ef8b1ef31d51
Unified Split

Showing with 15 additions and 8 deletions.

+9 −6 src/java.base/share/conf/security/java.security

+6 −2 src/jdk.security.auth/share/classes/com/sun/security/auth/login/ConfigFile.java
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
@@ -276,15 +276,18 @@ policy.provider=sun.security.provider.PolicyFile
 policy.url.1=file:${java.home}/conf/security/java.policy
 policy.url.2=file:${user.home}/.java.policy
 
-# whether or not we expand properties in the policy file
-# if this is set to false, properties (${...}) will not be expanded in policy
-# files.
+# Controls whether or not properties are expanded in policy and login
+# configuration files. If set to false, properties (${...}) will not
+# be expanded in policy and login configuration files. If commented out or
+# set to an empty string, the default value is "false" for policy files and
+# "true" for login configuration files.
 #
 policy.expandProperties=true
 
-# whether or not we allow an extra policy to be passed on the command line
-# with -Djava.security.policy=somefile. Comment out this line to disable
-# this feature.
+# Controls whether or not an extra policy or login configuration file is
+# allowed to be passed on the command line with -Djava.security.policy=somefile
+# or -Djava.security.auth.login.config=somefile. If commented out or set to
+# an empty string, the default value is "false".
 #
 policy.allowSystemProperty=true
 

diff --git a/src/jdk.security.auth/share/classes/com/sun/security/auth/login/ConfigFile.java b/src/jdk.security.auth/share/classes/com/sun/security/auth/login/ConfigFile.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -78,7 +78,11 @@
  *
  * <p> The configuration syntax supported by this implementation
  * is exactly that syntax specified in the
- * {@code javax.security.auth.login.Configuration} class.
+ * {@code javax.security.auth.login.Configuration} class. In addition, the
+ * security property <i>policy.expandProperties</i> can be used to control
+ * whether system properties in the configuration file are expanded. If not
+ * set, the default value is <i>true</i> which means that properties will
+ * be expanded.
  *
  * @see javax.security.auth.login.LoginContext
  * @see java.security.Security security properties