Currently, security properties are held within the `java.security` file in the JDK tree for each installed JDK. The system property `java.security.properties` can be used to point to a file containing additional properties. These can be appended to the existing set or override all existing properties.
There is currently no way to specify additional properties permanently or to reference multiple files. Making permanent changes to the `java.security` properties requires editing the `java.security` file in each JDK where the changes are required. This patch allows a directory tree to be specified either permanently in the java.security file by the `security.propertiesDir` property or on the command line using `java.security.propertiesDir`. Any property files found in this directory tree can be appended to those specified in `java.security`, as with the single file used by `java.security.properties`. As an example, the `security.propertiesDir` in the `java.security` file of each JDK can be set to a common shared directory, allowing all JDKs to share a common set of security properties. This eases setting up properties on each new JDK installation and also allows the shared properties to be maintained under different access permissions to those of the JDK. The command-line variant, `java.security.propertiesDir`, is intended primarily for testing and to disable a permanent properties directory by setting the value to empty. As with `java.security.properties`, the system property will be ignored if `security.overridePropertiesFile` in the `java.security` file is not set to true. A less flexible version of this patch (a permanent hardcoded single file) has been [used in our JDK installations since 2016](https://bugzilla.redhat.com/show_bug.cgi?id=1249083) to provide a system-wide crypto policy. Having support for this in the upstream JDK would allow us to remove a local patch from our builds and reduce divergence from upstream. ------------- Commit messages: - 8309330: Allow java.security to be extended via a properties directory Changes: https://git.openjdk.org/jdk/pull/14277/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14277&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8309330 Stats: 132 lines in 3 files changed: 123 ins; 2 del; 7 mod Patch: https://git.openjdk.org/jdk/pull/14277.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14277/head:pull/14277 PR: https://git.openjdk.org/jdk/pull/14277
