> Currently, security properties are held within the `java.security` file in > the JDK tree for each installed JDK. The system property > `java.security.properties` can be used to point to a file containing > additional properties. These can be appended to the existing set or override > all existing properties. > > There is currently no way to specify additional properties permanently or to > reference multiple files. Making permanent changes to the `java.security` > properties requires editing the `java.security` file in each JDK where the > changes are required. > > This patch allows a directory tree to be specified either permanently in the > java.security file by the `security.propertiesDir` property or on the command > line using `java.security.propertiesDir`. Any property files found in this > directory tree can be appended to those specified in `java.security`, as with > the single file used by `java.security.properties`. > > As an example, the `security.propertiesDir` in the `java.security` file of > each JDK can be set to a common shared directory, allowing all JDKs to share > a common set of security properties. This eases setting up properties on each > new JDK installation and also allows the shared properties to be maintained > under different access permissions to those of the JDK. > > The command-line variant, `java.security.propertiesDir`, is intended > primarily for testing and to disable a permanent properties directory by > setting the value to empty. As with `java.security.properties`, the system > property will be ignored if `security.overridePropertiesFile` in the > `java.security` file is not set to true. > > A less flexible version of this patch (a permanent hardcoded single file) has > been [used in our JDK installations since > 2016](https://bugzilla.redhat.com/show_bug.cgi?id=1249083) to provide a > system-wide crypto policy. Having support for this in the upstream JDK would > allow us to remove a local patch from our builds and reduce divergence from > upstream.
Andrew John Hughes has updated the pull request incrementally with one additional commit since the last revision: Sort the returned list of property files and exclude hidden files. ------------- Changes: - all: https://git.openjdk.org/jdk/pull/14277/files - new: https://git.openjdk.org/jdk/pull/14277/files/f7529e43..85095b89 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=14277&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=14277&range=00-01 Stats: 50 lines in 3 files changed: 40 ins; 0 del; 10 mod Patch: https://git.openjdk.org/jdk/pull/14277.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/14277/head:pull/14277 PR: https://git.openjdk.org/jdk/pull/14277
