OpenLiberty · gjwatts · Dec 3, 2024 · Nov 19, 2024 · Nov 21, 2024
diff --git a/...com.ibm.ws.jsp/src/com/ibm/ws/jsp/webcontainerext/AbstractJSPExtensionServletWrapper.java b/...com.ibm.ws.jsp/src/com/ibm/ws/jsp/webcontainerext/AbstractJSPExtensionServletWrapper.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 1997, 2022 IBM Corporation and others.
+ * Copyright (c) 1997, 2024 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
  * which accompanies this distribution, and is available at
@@ -17,6 +17,7 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.AccessController;
+import java.security.AllPermission;
 import java.security.CodeSource;
 import java.security.PermissionCollection;
 import java.security.PrivilegedActionException;
@@ -617,28 +618,7 @@ protected void createClassLoader() {
         }
         URL[] urls = null;
         try {
-            PermissionCollection permissionCollection = createPermissionCollection();
-            /*
-            PermissionCollection permissionCollection = Policy.getPolicy().getPermissions(codeSource);
-
-            ClassLoader loader = tcontext.getJspClassloaderContext().getClassLoader();
-            if (loader instanceof ReloadableClassLoader || loader instanceof CompoundClassLoader) {
-                Map csPerms = null;
-                if (loader instanceof ReloadableClassLoader)
-                    csPerms = ((ReloadableClassLoader) loader).getCodeSourcePermissions();
-                else
-                    csPerms = ((CompoundClassLoader) loader).getCodeSourcePermissions();
-                DynamicPolicy policy = DynamicPolicyFactory.getInstance();
-                if (policy != null) {
-                    URL webinfURL = new URL(codeSource.getLocation() + "/WEB-INF/classes/*");
-                    CodeSource webinfCS = new CodeSource(webinfURL, null);
-                    permissionCollection = ((DynamicPolicy) policy).getPermissions(webinfCS, csPerms);
-                }
-            }
-            */
-
-            String sourceDir = jspResources.getGeneratedSourceFile().getParentFile().toString() + File.separator + "*";
-            permissionCollection.add(new FilePermission(sourceDir, "read"));
+            PermissionCollection permissionCollection = createPermissionCollectionImpl();
 
             Container container = tcontext.getServletContext().getModuleContainer();
             ArrayList<URL> urlList = new ArrayList<URL>();
@@ -696,6 +676,27 @@ protected void createClassLoader() {
         }
     }
 
+    private static final PermissionCollection ALLPERMISSIONS;
+    static {
+        AllPermission allPerm = new AllPermission();
+        ALLPERMISSIONS = allPerm.newPermissionCollection();
+        if (ALLPERMISSIONS != null) {
+            ALLPERMISSIONS.add(allPerm);
+        }
+    }
+
+    private PermissionCollection createPermissionCollectionImpl() throws MalformedURLException {
+        if (System.getSecurityManager() == null) {
+            // No need to do anything else when there is no security manager.
+            // This handles cases where the security manager isn't supported (e.g. Java 24).
+            return ALLPERMISSIONS;
+        }
+        PermissionCollection permissionCollection = createPermissionCollection();
+        String sourceDir = jspResources.getGeneratedSourceFile().getParentFile().toString() + File.separator + "*";
+        permissionCollection.add(new FilePermission(sourceDir, "read"));
+        return permissionCollection;
+    }
+
     /* A request to a JSP page that has a request parameter with name jsp_precompile
      * is a precompilation request. This method determines if it is this type of request.*/
     boolean preCompile(HttpServletRequest request) throws ServletException {

diff --git a/dev/fattest.simplicity/autoFVT-defaults/src/ant/launch.xml b/dev/fattest.simplicity/autoFVT-defaults/src/ant/launch.xml
@@ -179,7 +179,7 @@
 		</condition>
 
 		<!-- boolean for Java15+.  The assumption is that at this point forward (Java 15), we will only be building using LTS 
-		     or interium versions of Java -->
+		     or interim versions of Java -->
 		<condition property="is.java15.orHigher" value="true">
 			<not>
 				<or>
@@ -189,6 +189,19 @@
 		    </not>
 		</condition>
 
+		<!-- boolean for Java24+.  The assumption is that at this point forward (Java 24), we will only be building using LTS 
+		     or interim versions of Java -->
+		<condition property="is.java24.orHigher" value="true">
+			<not>
+				<or>
+					<equals arg1="21"  arg2="${java.specification.version}"/>
+					<equals arg1="17"  arg2="${java.specification.version}"/>
+					<equals arg1="11"  arg2="${java.specification.version}"/>
+					<equals arg1="1.8" arg2="${java.specification.version}"/>
+				</or>
+		    </not>
+		</condition>
+
 		<!-- In Java 16, the default enforcement of strong encapsulation (part of JPMS, which was introduced in Java 9) has changed from 
 			 <dash><dash>"illegal-access=permit" to <dash><dash>"illegal-access=deny".  This causes many of our FATs that use reflection to fail.  
 			 Setting up a gated property (illegal.access.permit.fat) so that any builds that take place on Java 15+ use the JVM override 
@@ -199,12 +212,14 @@
 		<property name="illegal.access.permit.fat" value=""/>
 
 		<!-- Java 17 began the security manager's deprecation process (https://openjdk.java.net/jeps/411).
-			     In Java 18, the `java.security.manager` system property's default changed from `allow` to `disallow`, which causes our build process to fail.  
-				 Setting up a gated property (use.java.security.manager) so that any builds that take place on Java 15+ use the JVM override 
-				 -Djava.security.manager=allow which is needed for our build process, but older versions will be skipped --> 
+             In Java 18, the `java.security.manager` system property's default changed from `allow` to `disallow`, which causes our build process to fail.  
+             Setting up a gated property (use.java.security.manager) so that any builds that take place on Java 15+ use the JVM override 
+             -Djava.security.manager=allow which is needed for our build process, but older versions will be skipped. 
+             In Java 24, they are permanently disabling the security manager (https://openjdk.org/jeps/486) and trying to specify `-Djava.security.manager=allow` throws an exception.  So not allowing that parameter to be set if Java 24 or higher. --> 
 		<condition property="use.java.security.manager" value="-Djava.security.manager=allow">
 			<and>
 				<istrue value="${is.java15.orHigher}"/>
+				<not><istrue value="${is.java24.orHigher}"/></not>
 				<not><istrue value="${supports.framework.java}"/></not>
 			</and>
 		</condition>