On 07/14/2016 04:38 PM, Chris Hegarty wrote:
The default.policy file is now always loaded by the default Policy
provider implementation (sun/security/provider/PolicyFile). It is
loaded if the java.security.policy '=' or '==' option is specified,
and also if the application uses the Policy.getInstance methods and
specifies the "JavaPolicy" type. If the default.policy file cannot be
loaded, an InternalError is thrown, on the basis that the runtime
cannot operate correctly unless these permissions are granted.
I think this is ok, but of course it is unnecessary for a minimal image
with just java.base. Probably not worth complicating things, but you
could conditionally add include the permissions per module based on its
presence.
Yes, excellent point and there is already an RFE open for this:
https://bugs.openjdk.java.net/browse/JDK-8080294
This should establish the groundwork for making that happen more easily
but was not considered as critical as this piece to have in place right now.
--Sean
