Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update java.security.manager behaviour #14329

Merged
merged 3 commits into from
Feb 4, 2022
Merged

Update java.security.manager behaviour #14329

merged 3 commits into from
Feb 4, 2022

Conversation

babsingh
Copy link
Contributor

@babsingh babsingh commented Jan 20, 2022
edited
Loading

  1. Consolidate security manager startup code invoked from
    ClassLoader.initializeClassLoaders in System.initSecurityManager (new method).

  2. As per the Java doc, the java.security.manager property should only be read
    at startup. Example: If this property is initialized with "disallow" when the
    JVM is started, then a security manager will not be set at startup and cannot
    be set dynamically. Currently, this property is read in
    System.setSecurityManager. If a user changes this property after startup, then
    System.setSecurityManager's behaviour will change after startup. This behaviour
    does not follow the Java doc and reference implementation. To fix this issue,
    the java.security.manager is only read once at startup in
    System.initSecurityManager.

  3. In JDK18, System.setSecurityManager's run-time behaviour changes with
    respect to the java.security.manager property. Previously, if the property
    was null, the run-time behaviour was success or throws SecurityException.
    In JDK18, the new behaviour is to throw UnsupportedOperationException if the
    property is null. This matches the behaviour when the property is set to
    "disallow".

  4. Set java.security.manager property for impacted tests.

  5. Explicitly handle null arguments in System.setSecurityManager.

Fixes: #14092
Fixes: #14094

Signed-off-by: Babneet Singh [email protected]

@babsingh babsingh marked this pull request as draft January 20, 2022 16:17
@babsingh
Copy link
Contributor Author

Javadoc References

@babsingh
Copy link
Contributor Author

In JDK18, System.setSecurityManager will throw UnsupportedOperationException if the java.security.manager property is not set (== null). So, this will break tests which incorporate System.setSecurityManager without setting the java.security.manager property. Debating whether to set the property for every impacted test or globally. @llxia Is there a way to set the java.security.manager property globally in the OpenJ9 test framework?

fyi @pshipton @tajila

@pshipton
Copy link
Member

Keeping in mind that we'll need to remove all the SecurityManager tests for (likely) jdk19 and later.

@pshipton pshipton requested a review from JasonFengJ9 January 20, 2022 16:52
@llxia
Copy link
Contributor

llxia commented Jan 24, 2022

Is there a way to set the java.security.manager property globally in the OpenJ9 test framework?

For Global settings, EXTRA_OPTIONS can be set in TKG https://github.com/adoptium/TKG/blob/master/openj9Settings.mk

If you want to set for each impacted test, EXTRA_OPTIONS can be set in the *.mk file in the test-related project. Similar to https://github.com/eclipse-openj9/openj9/blob/master/test/functional/Java8andUp/java8andUpSettings.mk

@JasonFengJ9
Copy link
Member

@babsingh please advise if this is ready for reviewing.

@babsingh
Copy link
Contributor Author

babsingh commented Jan 24, 2022
edited
Loading

@JasonFengJ9 This is good to review. I have kept it in the draft state because we will also need test changes. Without the test changes, OpenJ9 tests will fail with JDK18.

For the test changes, I am planning to update https://github.com/adoptium/TKG/blob/master/openj9Settings.mk as follows:

EXTRA_OPTIONS=-Djava.security.manager=allow

In JDK18, this should revert OpenJ9 behaviour to java.security.manager == null behaviour, which is seen in JDK17 and before.

@llxia
Copy link
Contributor

llxia commented Jan 24, 2022

FYI @renfeiw as the change may be added to TKG.

@renfeiw
Copy link
Contributor

renfeiw commented Jan 24, 2022

For the test changes, I am planning to update https://github.com/adoptium/TKG/blob/master/openj9Settings.mk as follows:

EXTRA_OPTIONS=-Djava.security.manager=allow

You probably need to use append, something like this:

EXTRA_OPTIONS +=  -Djava.security.manager=allow

@babsingh babsingh mentioned this pull request Jan 24, 2022
Closed
@babsingh babsingh force-pushed the sm_jdk18 branch 4 times, most recently from 77c99c8 to e19d599 Compare January 24, 2022 23:59
@babsingh babsingh marked this pull request as ready for review January 25, 2022 00:02
@babsingh
Copy link
Contributor Author

babsingh commented Jan 25, 2022
edited
Loading

This PR depends on adoptium/TKG#263, which contains the test framework changes. This PR should only be merged once adoptium/TKG#263 is merged. No longer applies. Refer to adoptium/TKG#263 (comment).

JasonFengJ9
JasonFengJ9 approved these changes Jan 25, 2022
View reviewed changes
Copy link
Member

@JasonFengJ9 JasonFengJ9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks good.

@babsingh babsingh force-pushed the sm_jdk18 branch 3 times, most recently from f1ff1b9 to a411f47 Compare February 1, 2022 18:18
@tajila tajila mentioned this pull request Feb 2, 2022
Merged
@babsingh babsingh force-pushed the sm_jdk18 branch 4 times, most recently from ecdd3ef to cff0f94 Compare February 3, 2022 17:24
@babsingh
Update java.security.manager behaviour
075f02d 
1. Consolidate security manager startup code invoked from
ClassLoader.initializeClassLoaders in System.initSecurityManager (new method).

2. As per the Java doc, the java.security.manager property should only be read
at startup. Example: If this property is initialized with "disallow" when the
JVM is started, then a security manager will not be set at startup and cannot
be set dynamically. Currently, this property is read in
System.setSecurityManager. If a user changes this property after startup, then
System.setSecurityManager's behaviour will change after startup. This behaviour
does not follow the Java doc and reference implementation. To fix this issue,
the java.security.manager is only read once at startup in
System.initSecurityManager.

3. In JDK18, System.setSecurityManager's run-time behaviour changes with
respect to the java.security.manager property. Previously, if the property
was null, the run-time behaviour was success or throws SecurityException.
In JDK18, the new behaviour is to throw UnsupportedOperationException if the
property is null. This matches the behaviour when the property is set to
"disallow".

Fixes: eclipse-openj9#14092
Fixes: eclipse-openj9#14094

Signed-off-by: Babneet Singh <[email protected]>
@babsingh
Set java.security.manager property for tests in JDK18+
bd6425f 
Tests which use System.setSecurityManager need to explicitly set the
java.security.manager property in JDK18+.

Impacted Java8andUp tests:
- JCL_TEST_Java-Security
- JCL_TEST_Java-Lang
- JCL_TEST_Java-Lang-Invoke
- JCL_TEST_Java-Lang_ClassLoader
- JCL_TEST_Java-Internals
- JCL_TEST_IBM-VM
- JCL_TEST_Java-Lang-Ref

Impacted JLM_Tests:
- JLM_Tests_IBMinternal
- TestMemoryMXBean

Impacted Jsr292 tests:
- jsr292Test
- jsr292BootstrapTest

Impacted cmdLineTests:
- J9security
- proxyFieldAccess

Signed-off-by: Babneet Singh <[email protected]>
@babsingh
Explicitly handle null arguments in System.setSecurityManager
c0e4f3a 
setSecurityManager should do nothing if the input argument is null and no
security manager has been established.

Before, this was being enforced implicitly. The implicit check no longer
works. There is error handling code and code to print a warning message,
which needs to avoided in the above "do nothing" scenario. So, an explicit
null check has been added to enforce the "no nothing" scenario.

Signed-off-by: Babneet Singh <[email protected]>
renfeiw
renfeiw approved these changes Feb 3, 2022
View reviewed changes
Copy link
Contributor

@renfeiw renfeiw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! LGTM

@babsingh
Copy link
Contributor Author

babsingh commented Feb 3, 2022

@tajila can you please relaunch the PR builds?

@tajila
Copy link
Contributor

tajila commented Feb 3, 2022

Jenkins test sanity win jdk11

@tajila
Copy link
Contributor

tajila commented Feb 3, 2022

Jenkins test sanity plinux jdk17,18

@tajila
Copy link
Contributor

tajila commented Feb 3, 2022

Jenkins test sanity plinux jdk17,jdk18

@tajila
Copy link
Contributor

tajila commented Feb 4, 2022

@babsingh please make a PR for the JDK18 stream as well

@tajila tajila merged commit 9398b11 into eclipse-openj9:master Feb 4, 2022
@babsingh
Copy link
Contributor Author

babsingh commented Feb 4, 2022

please make a PR for the JDK18 stream as well

@tajila Created #14437 for the JDK18 0.31 release branch.

babsingh added a commit to babsingh/aqa-tests that referenced this pull request Feb 4, 2022
@babsingh
[JDK18] Re-enable Security Manager Tests
eb67384 
The below tests have been fixed by eclipse-openj9/openj9#14329:
- java/lang/System/AllowSecurityManager
- java/lang/System/SecurityManagerWarnings

Signed-off-by: Babneet Singh <[email protected]>
@babsingh babsingh mentioned this pull request Feb 4, 2022
Merged
sophia-guo pushed a commit to adoptium/aqa-tests that referenced this pull request Feb 4, 2022
@babsingh
[JDK18] Re-enable Security Manager Tests (#3318)
5725532 
The below tests have been fixed by eclipse-openj9/openj9#14329:
- java/lang/System/AllowSecurityManager
- java/lang/System/SecurityManagerWarnings

Signed-off-by: Babneet Singh <[email protected]>
@pshipton pshipton mentioned this pull request Feb 7, 2022
Closed
babsingh added a commit to babsingh/openj9 that referenced this pull request Feb 7, 2022
@babsingh
Correctly throw UOE from setSecurityManager
b457ee8 
In some cases, warning messages are no longer being printed when the input
argument is null. Revising the fix in eclipse-openj9#14329 to correctly throw
UnsupportedOperationException (UOE) in case of a null input argument when the
security manager is disallowed.

When the security manager is not allowed to be set dynamically, return if the
input argument is null. UnsupportedOperationException should only be thrown for
a non-null input argument.

Fixes: eclipse-openj9#14445

Signed-off-by: Babneet Singh <[email protected]>
@babsingh babsingh mentioned this pull request Feb 7, 2022
Merged
babsingh added a commit to babsingh/openj9 that referenced this pull request Feb 8, 2022
@babsingh
Correctly throw UOE from setSecurityManager
379dd18 
In some cases, warning messages are no longer being printed when the input
argument is null. Revising the fix in eclipse-openj9#14329 to correctly throw
UnsupportedOperationException (UOE) in case of a null input argument when the
security manager is disallowed.

When the security manager is not allowed to be set dynamically, return if the
input argument is null. UnsupportedOperationException should only be thrown for
a non-null input argument.

Fixes: eclipse-openj9#14445

Signed-off-by: Babneet Singh <[email protected]>
@babsingh babsingh mentioned this pull request Feb 8, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tajila tajila tajila approved these changes

@renfeiw renfeiw renfeiw approved these changes

@JasonFengJ9 JasonFengJ9 JasonFengJ9 approved these changes

Assignees
No one assigned
Labels
comp:vm jdk8 jdk11 jdk17 jdk18
Projects
None yet
Milestone
No milestone
6 participants
@babsingh @pshipton @llxia @JasonFengJ9 @renfeiw @tajila