On Thu, 2 Feb 2023 16:56:26 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> This change adds a system property that can be used to enable/disable the >> XML Signature secure validation mode. This is useful for enabling/disabling >> the mode at runtime. The system property will supersede and have the same >> name as the XMLCryptoContext property that can be used to enable/disable the >> mode: "org.jcp.xml.dsig.secureValidation". > > src/java.base/share/conf/security/java.security line 953: > >> 951: # "false". Any other value for the system property is also treated as >> "false". >> 952: # If the system property is set, it supersedes the XMLCryptoContext >> property >> 953: # value. > > is is necessary to state (hint) that the system property is read once at > class load time ? I think you are touching on an issue that is poorly documented across many system properties, so I'm reluctant to add something here which might lead to questions about other properties. I've always felt that unless otherwise specified, you should assume a system property is only read once. ------------- PR: https://git.openjdk.org/jdk/pull/12365
