Intercepted System.exit(...) on Java 21

sualeh

Sualeh Fatehi

Posted on August 25, 2024

Intercepted System.exit(...) on Java 21

In Java 8, it is possible (easy enough) to substitute a custom security manager which can capture system exit calls and allow code to continue executing. Java 21 makes this more difficult. However, this can cause a problem for systems that are being upgraded from Java 8 to Java 21, since processes can sometimes fail without any exceptions or logs. This is usually because libraries that used to substitute a custom security manager no longer do that with Java 21. Tracing the source of the error can be difficult.

Consider this use case:
Calling code with System.exit

If "Library 1" starts supporting Java 21, and so does not substitute a custom security manager, it can cause the "Web Application" to terminate without warning.

For example, look at this note from Apache Ant which says a custom security manager will be substituted if running on versions of Java lower than Java 18, but not on Java 18 and above. Other libraries are taking similar approaches.

I have boiled this down to the essentials. Take a look at how this could happen: sualeh/system-exit-21.

💖 💪 🙅 🚩
sualeh
Sualeh Fatehi

Posted on August 25, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related