RestrictedSecurity profiles sometimes share a lot of duplicate settings with only minor differences. With these changes the extension, similar to object-orientation, of profiles becomes possible.
More specifically, a profile A can extend another a profile B, using RestrictedSecurity.<profile A name>.extends = RestrictedSecurity.<profile B name>. This allows profile A to inherit all of profile B's properties. One can add additional properties to profile A, or amend some of the existing ones. That includes overriding, appending or removing from a property (wherever that's applicable).
An additional property is introduced. The RestrictedSecurity.<profile name>.desc.hash = <hash algorithm>:<hash> is used to ensure the profile hasn't been unintentionally altered. The profile's properties are hashed using the selected <hash algorithm>, and the result is compared to the <hash> provided through the property. This property is mandatory for base profiles (i.e., profiles that are not extending anything), and optional for the rest.
RestrictedSecurity
profiles sometimes share a lot of duplicate settings with only minor differences. With these changes the extension, similar to object-orientation, of profiles becomes possible.More specifically, a profile
A
can extend another a profileB
, usingRestrictedSecurity.<profile A name>.extends = RestrictedSecurity.<profile B name>
. This allows profileA
to inherit all of profileB
's properties. One can add additional properties to profileA
, or amend some of the existing ones. That includes overriding, appending or removing from a property (wherever that's applicable).An additional property is introduced. The
RestrictedSecurity.<profile name>.desc.hash = <hash algorithm>:<hash>
is used to ensure the profile hasn't been unintentionally altered. The profile's properties are hashed using the selected<hash algorithm>
, and the result is compared to the<hash>
provided through the property. This property is mandatory for base profiles (i.e., profiles that are not extending anything), and optional for the rest.Back-ported from: https://github.com/ibmruntimes/openj9-openjdk-jdk/pull/793
Signed-off by: Kostas Tsiounis kostas.tsiounis@ibm.com