You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ant.apache.org by bu...@apache.org on 2021/06/15 13:20:56 UTC

[Bug 65381] New: java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

            Bug ID: 65381
           Summary: java task without fork=yes shows "WARNING:
                    java.lang.System::setSecurityManager is deprecated and
                    will be removed in a future release...." with jd17ea26
           Product: Ant
           Version: 1.10.9
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core tasks
          Assignee: notifications@ant.apache.org
          Reporter: stefan@huehner.org
  Target Milestone: ---

Latest JDK17 early-access build integrated the following change:

https://openjdk.java.net/jeps/411

That deprecated the java security managing with the option for removal.

Having an build.xml file calling the <java> task without using fork=yes seems
to trigger that warning at runtime

Apart from that being something to be fixed eventually it created extra
problems when output of said '<java>' tasked is put into an outputProperty as
then the extra text in that property breaks further processing.

Adding fork=yes to the <java> task target does avoid triggering the problem

Note that JDK17 is likely the next LTS java version

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #3 from Stefan Huehner <st...@huehner.org> ---
Attached a quick reproducer to show the behavior.

Usage:
point JAVA_HOME to jdk17ea26 build (or higher)

ant -f demo.xml bad

Show the unexpected warning inside the ${output} property.

ant -f demo.xml good

Does show the expected output.
Only change in 'good' target is using fork=yes to avoid triggering the
unexpected behavior.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #9 from René Vincent Jansen <rv...@xs4all.nl> ---
Having been bitten by this last night in JDK 19ea it might be good to advertise
this fork=yes a bit more, and as a workaround, maybe release a version that has
the default on fork=yes for the java task, as to limit the damage (which for me
was a few hours of poking around to find this bug database and reading the
not-so convincing correspondence with the Java security team.

I maintain the NetRexx compiler and we were impacted heavily by the not really
compatible JPMS changes in Java 9. Now this again ... why just not nop-out the
implementation and leave people with their own security managers if they want
to. I know that the Ant team also must be impacted by this and really cannot
help this. But seeing that this was known for half a year at least (we from
NetRexx never noticed warnings because we had to compile under Java 8) I think
the time to fix this has come, or paste it over the front page of the Ant
website in chocolate characters.

So for clarity my request: if fixing is hard, please put out a release with
fork=yes as a default to save people some time.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #8 from Jaikiran Pai <ja...@apache.org> ---
Hello Arjan, yes the new JDK 18 EA release has changes which causes these
failures. We were expecting this would happen in one of the EA releases of JDK
18. We are working on a way to get past this in Ant and allow using it with JDK
18 for builds. Unfortunately, it isn't straightforward so I've been
experimenting in some private builds, before I bring up the changes in the dev
list.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #7 from Arjan Tijms <ar...@gmail.com> ---
> note that JDK 17 only deprecates the SecurityManager for future removal and except for the WARNING message in the STDERR nothing else changes in JDK 17, functionality wise

In JDK 18 this is no longer the case. Instead of an error message, an exception
is thrown, e.g:

java.lang.UnsupportedOperationException: The Security Manager is deprecated and
will be removed in a future release
     [java]     at
java.base/java.lang.System.setSecurityManager(System.java:411)
     [java]     at
org.apache.tools.ant.types.Permissions.setSecurityManager(Permissions.java:103)
     [java]     at
org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:216)
     [java]     at
org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:155)

This breaks the builds, obviously.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #2 from Stefan Huehner <st...@huehner.org> ---
Created attachment 37898
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37898&action=edit
bug reproducer - part2

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #1 from Stefan Huehner <st...@huehner.org> ---
Created attachment 37897
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37897&action=edit
bug reproducer - part1

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #4 from Stefan Huehner <st...@huehner.org> ---
Created attachment 37899
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37899&action=edit
output with the bad/unexpected behavior

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

Jaikiran Pai <ja...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
   Target Milestone|---                         |1.10.14
         Resolution|---                         |FIXED

--- Comment #10 from Jaikiran Pai <ja...@apache.org> ---
In the upcoming Ant 1.10.14 release, Ant will no longer set or use Java
SecurityManager, when running on Java 18+ versions. These exceptions should no
longer be seen. Do note that you would still see the warning when running on
Java 17. I decided to continue setting SecurityManager on Java 17, since I
didn't want to impact builds which are already running "fine" (of course with
those warning), unlike Java 18+, where they would by default fail with the
UnsupportedOperationException

It would be very helpful if you could try out these changes against your
project, by testing it against our nightly build
https://ci-builds.apache.org/job/Ant/job/Ant_Nightly/lastSuccessfulBuild/artifact/distribution/

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #6 from Jaikiran Pai <ja...@apache.org> ---
Hello Stefan,

Thank you for reporting this issue. We have been aware of this change that the
upcoming JDK 17 release is proposing and have noticed this WARNING message
which impacts the STDERR stream content of an application. One of our internal
test case in the Ant project when run against this EA version, runs into this
same issue that you describe here.

This has been brought to the notice of the JDK dev team not just by us but by
all other impacted projects. Most of those discussions can be viewed in the JDK
security-dev mailing list discussions
https://mail.openjdk.java.net/pipermail/security-dev/2021-June/thread.html.
From my understanding this WARNING message is here to stay, so we (the Ant
project) will have to check our usage of SecurityManager internally in the
project and come up with a plan on how we deal with it in future (note that JDK
17 only deprecates the SecurityManager for future removal and except for the
WARNING message in the STDERR nothing else changes in JDK 17, functionality
wise).

Now coming to the example you posted, if the output of your program on STDOUT
is being impacted (which is what that example is demonstrating) then it's a
simple fix that needs to be done to your build file. Right now, your build file
looks like:

<java classname="Demo" outputproperty="output" classpath="."/>

As per the documentation of this task[1], the outputproperty documentation
reads:

>> The name of a property in which the output of the command should be stored. Unless the error stream is redirected to a separate file or stream, this property will include the error output.

So in its current form the "output" property value will include even contents
from STDERR (which is where that WARNING message is being logged). To fix this
and just get back your output from STDOUT of the program, you can either set an
additional "errorproperty" attribute or set the "discardError" attribute (which
is introduced in recently released 1.10.10 version of Ant) to "true". Once you
do that, your "bad" target should start seeing only the value "42" in the
output property value, just like you see in the "good" target.



[1] https://ant.apache.org/manual/Tasks/java.html

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65381] java task without fork=yes shows "WARNING: java.lang.System::setSecurityManager is deprecated and will be removed in a future release...." with jd17ea26

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65381

--- Comment #5 from Stefan Huehner <st...@huehner.org> ---
Created attachment 37900
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37900&action=edit
good/expected output

-- 
You are receiving this mail because:
You are the assignee for the bug.