Java Security Configurability For Native Images

[tuckeremulls]

Hello team! I recently opened #259 for configuring the networkaddress.cache.ttl java security property for a Spring Boot app containerized with buildpacks. I am now inquiring about the possibility of this configurability for a native image built with mvn -Pnative spring-boot:build-image.

Using the previous solution in #259 doesn't seem to work for applications I have built as a native image. Likely because the custom java security file is being passed as a JVM run time argument to the application. Is there any environment variable or property that can be set to configure this property during the build time of the native image?

Describe the Enhancement

Some method of supplying a file or property to override certain properties of java.security for a native image.

Possible Solution

Provided through an environment variable possibly for ease of access.

Motivation

This specific property networkaddress.cache.ttl can be altered to disable DNS caching, so that if DNS rules change, an application will be able to pick up the new resolutions rather than using an older incorrect one. Beyond just this property, there are many others that can be customized in the java.security file that may serve important usage to developers containerizing their apps.

[dmikusa]

How would you do this outside of buildpacks? If you were building and running on your local machine, how would you change this setting?

[tuckeremulls]

How would you do this outside of buildpacks? If you were building and running on your local machine, how would you change this setting?

Outside of buildpacks, the value can be set by supplying a custom java security file as a runtime argument which is being done in #259. Or the jdk's java.security file can be manually edited to the intended value.