On Tue, Feb 8, 2022 at 5:53 AM Jaikiran Pai <jaiki...@apache.org> wrote:
> Hello Earl, > > On 08/02/22 12:59 am, Earl Hood wrote: > > How exactly does setting the sysprop for only 18 and 19 allow folks to > test > > their stuff? If Ant currently depends on the security manager to > operate, > > why not set the sysprop regardless, then remove in future when a > > replacement API exists? > > Java 18 and 19 now throw a runtime exception by default when > System.setSecurityManager is called at runtime. This behaviour can be > changed to prevent the exception being thrown and let it behave like > older versions, by setting the Java system property > java.security.manager=allow. We (Ant) cannot set it by default to all > versions of Java because this "allow" value was only introduced in Java > 12 > > https://www.oracle.com/java/technologies/javase/12-relnote-issues.html#JDK-8191053. > > Ant 1.10.x supports using earlier versions than Java 12 (like Java 8), > so we (Ant) cannot blindly set that value without these Java version > checks. > FWIW, NetBeans added a SecurityManager called "allow", that uninstalls itself as soon as possible: https://github.com/apache/netbeans/blob/master/platform/o.n.bootstrap/src/allow.java Then -Djava.security.manager=allow works on the platforms supported by NetBeans - before JDK 12, "allow" is installed and quickly uninstalled, but setting another SecurityManager is allowed. Jan > > Since I work on a project that embeds Ant and uses it API, I am trying > > assess what I need to do on my end to mitigate the problem. I do not use > > the launcher scripts, but invoke Ant directly as an embedded service > (same > > JVM) or via an external JVM process (most common usage). > > The way the JDK implements the security manager removal, setting of > java.security.manager=allow is only allowed (and expected to work) when > launching Java. What that means is one cannot use System.setProperty() > API at runtime to set this property (it won't work). So users of Java > will have to set this value at launch time. Right now, users who use Ant > to build their project with Java 18 or 19, can workaround this issue by > setting the very broad ANT_OPTS environment variable to include > "-Djava.security.manager=allow". However, given the number of projects > out there that use Ant and various ways it gets used, I did not want > users to go fiddle with their build scripts to set up this value in > ANT_OPTS (that too conditionally based on Java versions). Instead, it's > much more useful if Ant itself did this in its own launch script, thus > allowing users to just download this newer version of Ant and continue > building their projects like they currently do. > > Now coming to your embedded case, whoever/whatever launches the original > JVM within which you launch Ant, will have to be responsible for setting > this system property while launching the JVM. There's no other way past > this if you want to use it against Java 18 or 19. > > > -Jaikiran > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org > For additional commands, e-mail: dev-h...@ant.apache.org > >
