On 14/09/2019 21:21, Peter Firmstone wrote:
Hi Alan,
We've got a bunch of very old policy files in our test suite, so they
still had policy grants using the extension directory property. The
grant for the extension directory property was followed by a forward
slash and asterix. Oddly when the property was missing the grant
became a wildcard URL. Note this isn't the sun PolicyFile
implementation, but our policy provider also augments, rather than
replace, maybe there's a new policy file our provider isn't aware of?
From memory there was something special about the way the extension
directory property was treated by the policy provider, but I don't
recall the details, the same problems don't appear to exist when other
properties in policy files cannot be resolved.
Modules that required permissions, seem to be service providers:
In jdk/jdk repo, the following policy files are merged in the build to
create the default policy:
src/java.base/windows/lib/security/default.policy
src/java.base/solaris/lib/security/default.policy
src/java.base/share/lib/security/default.policy
The default policy goes into a JDK internal location in the run-time
image and used by the PolicyFile implementation. If you look in there
you should see the permissions that are granted to the modules that map
to the platform class loader. The intention is that deployments that are
setting their own policy files don't need to be concerned about the
permissions of modules in the run-time image. I suspect you are looking
for a custom PolicyFile implementation to make use of these defaults to
avoid needing to be concerned with the specific permissions that the
modules in the run-time image.
-Alan