On Thu, 20 May 2021 17:23:56 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
> The security manager is being deprecated for removal by [JEP > 411](https://openjdk.java.net/jeps/411), which is proposed for JDK 17. The > implementation of JEP 411 is out for review here: openjdk/jdk#4073. > > Along with the deprecation of most security manager classes and methods, the > default value of the `java.security.manager` system property will be treated > as "`disallow`". This means that the deprecated `System::setSecurityManager` > method will throw `UnsupportedOperationException` unless > `-Djava.security.manager=allow` is set on the command line. A few system > tests and javafx.web unit tests set a security manager and will fail without > setting that system property. > > The fix is to set the `-Djava.security.manager=allow` in `build.gradle` when > running tests in the `:systemTests` and `:web` projects. Support for setting > `java.security.manager` to "`allow`" was added in JDK 12, so we also check > that the boot JDK is >= 12 (the check is needed because JDK 11 is the minimum > boot JDK). > > As part of this PR I am removing the legacy `ServiceWithSecurityManagerTest` > to address [JDK-8234175](https://bugs.openjdk.java.net/browse/JDK-8234175). > `ServiceWithSecurityManagerTest` is the only unit test in the > `javafx.graphics` module that sets a security manager, and the test has > skipped via `@Ignore` since FX 8 with the comment that the test "appears to > be bogus". Since there are no active `javafx.graphics` tests that set the > security manager, I don't see the need to set `-Djava.security.manager=allow` > for `javafx.graphics` tests. Better to just remove the test. > > I have done a full build / test using JDK 15 as a boot JDK. I then did a full > build / test using a locally-built JDK 17-ea with the fix for JEP 411, and > setting `JDK_HOME` to that JDK. With that, I can confirm that the tests that > set the security manager fail without this fix and pass with this fix. Note that this does not provide fine-grained setting of `-Djava.security.manager=allow`. It would require refactoring the tests to separate out all of the ones that set a security manager to a different test group. Until such time as we make JDK 17 the minimum (which won't be at least until JavaFX 18) it doesn't make sense to consider such a refactoring. ------------- PR: https://git.openjdk.java.net/jfx/pull/510
