8004064: Downgrade normative references to ${java.home}/lib/security/java.security

Reviewed-by: alanb, vinnie, xuelei

src/share/classes/com/sun/net/ssl/KeyManagerFactory.java

 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,12 +53,13 @@ public class KeyManagerFactory {
 
     /**
      * <p>The default KeyManager can be changed by setting the value of the
-     * "sun.ssl.keymanager.type" security property (in the Java security
-     * properties file) to the desired name.
+     * {@code sun.ssl.keymanager.type} security property to the desired name.
      *
-     * @return the default type as specified in the
-     * Java security properties file, or an implementation-specific default
-     * if no such property exists.
+     * @return the default type as specified by the
+     * {@code sun.ssl.keymanager.type} security property, or an
+     * implementation-specific default if no such property exists.
+     *
+     * @see java.security.Security security properties
      */
     public final static String getDefaultAlgorithm() {
         String type;

src/share/classes/com/sun/net/ssl/TrustManagerFactory.java

 /*
- * Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,12 +53,13 @@ public class TrustManagerFactory {
 
     /**
      * <p>The default TrustManager can be changed by setting the value of the
-     * "sun.ssl.trustmanager.type" security property
-     * (in the Java security properties file) to the desired name.
+     * {@code sun.ssl.trustmanager.type} security property to the desired name.
      *
-     * @return the default type as specified in the
-     * Java security properties file, or an implementation-specific default
-     * if no such property exists.
+     * @return the default type as specified by the
+     * {@code sun.ssl.trustmanager.type} security property, or an
+     * implementation-specific default if no such property exists.
+     *
+     * @see java.security.Security security properties
      */
     public final static String getDefaultAlgorithm() {
         String type;

src/share/classes/com/sun/security/auth/PolicyFile.java

 /*
- * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,13 +59,9 @@ import sun.security.util.PropertyExpander;
  *
  * <ol>
  * <li>
- *   Loop through the <code>java.security.Security</code> properties,
+ *   Loop through the security properties,
  *   <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
- *   <i>auth.policy.url.X</i>".  These properties are set
- *   in the Java security properties file, which is located in the file named
- *   &lt;JAVA_HOME&gt;/lib/security/java.security.
- *   &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
- *   and specifies the directory where the JRE is installed.
+ *   <i>auth.policy.url.X</i>".
  *   Each property value specifies a <code>URL</code> pointing to a
  *   policy file to be loaded.  Read in and load each policy.
  *
@@ -235,6 +231,7 @@ import sun.security.util.PropertyExpander;
  * @see java.security.CodeSource
  * @see java.security.Permissions
  * @see java.security.ProtectionDomain
+ * @see java.security.Security security properties
  */
 @Deprecated
 public class PolicyFile extends javax.security.auth.Policy {

src/share/classes/com/sun/security/auth/login/ConfigFile.java

 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,13 +49,9 @@ import sun.security.util.PropertyExpander;
  *
  * <ol>
  * <li>
- *   Loop through the <code>java.security.Security</code> properties,
+ *   Loop through the security properties,
  *   <i>login.config.url.1</i>, <i>login.config.url.2</i>, ...,
- *   <i>login.config.url.X</i>.  These properties are set
- *   in the Java security properties file, which is located in the file named
- *   &lt;JAVA_HOME&gt;/lib/security/java.security.
- *   &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
- *   and specifies the directory where the JRE is installed.
+ *   <i>login.config.url.X</i>.
  *   Each property value specifies a <code>URL</code> pointing to a
  *   login configuration file to be loaded.  Read in and load
  *   each configuration.
@@ -87,6 +83,7 @@ import sun.security.util.PropertyExpander;
  * <code>javax.security.auth.login.Configuration</code> class.
  *
  * @see javax.security.auth.login.LoginContext
+ * @see java.security.Security security properties
  */
 public class ConfigFile extends javax.security.auth.login.Configuration {
 

src/share/classes/java/net/doc-files/net-properties.html

 <!--
- Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
  This code is free software; you can redistribute it and/or modify it
@@ -237,6 +237,6 @@ tuning on how the cache is operating.</P>
 </UL>
 <P>Since these 2 properties are part of the security policy, they are
 not set by either the -D option or the System.setProperty() API,
-instead they are set in the JRE security policy file <code>lib/security/java.security</code>.</P>
+instead they are set as security properties.</P>
 </BODY>
 </HTML>

src/share/classes/java/security/KeyStore.java

@@ -695,27 +695,23 @@ public class KeyStore {
     }
 
     /**
-     * Returns the default keystore type as specified in the Java security
-     * properties file, or the string
-     * "jks" (acronym for "Java keystore")
+     * Returns the default keystore type as specified by the
+     * {@code keystore.type} security property, or the string
+     * {@literal "jks"} (acronym for {@literal "Java keystore"})
      * if no such property exists.
-     * The Java security properties file is located in the file named
-     * <JAVA_HOME>/lib/security/java.security.
-     * <JAVA_HOME> refers to the value of the java.home system property,
-     * and specifies the directory where the JRE is installed.
      *
      * <p>The default keystore type can be used by applications that do not
      * want to use a hard-coded keystore type when calling one of the
-     * <code>getInstance</code> methods, and want to provide a default keystore
+     * {@code getInstance} methods, and want to provide a default keystore
      * type in case a user does not specify its own.
      *
      * <p>The default keystore type can be changed by setting the value of the
-     * "keystore.type" security property (in the Java security properties
-     * file) to the desired keystore type.
+     * {@code keystore.type} security property to the desired keystore type.
      *
-     * @return the default keystore type as specified in the
-     * Java security properties file, or the string &quot;jks&quot;
+     * @return the default keystore type as specified by the
+     * {@code keystore.type} security property, or the string {@literal "jks"}
      * if no such property exists.
+     * @see java.security.Security security properties
      */
     public final static String getDefaultType() {
         String kstype;

src/share/classes/java/security/Policy.java

 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -48,12 +48,8 @@ import sun.security.util.SecurityConstants;
  * <code>getPolicy</code> installs an instance of the default Policy
  * implementation (a default subclass implementation of this abstract class).
  * The default Policy implementation can be changed by setting the value
- * of the "policy.provider" security property (in the Java security properties
- * file) to the fully qualified name of the desired Policy subclass
- * implementation.  The Java security properties file is located in the
- * file named &lt;JAVA_HOME&gt;/lib/security/java.security.
- * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
- * and specifies the directory where the JRE is installed.
+ * of the {@code policy.provider} security property to the fully qualified
+ * name of the desired Policy subclass implementation.
  *
  * <p> Application code can directly subclass Policy to provide a custom
  * implementation.  In addition, an instance of a Policy object can be
@@ -84,6 +80,7 @@ import sun.security.util.SecurityConstants;
  * @see java.security.Provider
  * @see java.security.ProtectionDomain
  * @see java.security.Permission
+ * @see java.security.Security security properties
  */
 
 public abstract class Policy {

src/share/classes/java/security/Security.java

 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,6 +39,10 @@ import sun.security.jca.*;
  * <p>This class centralizes all security properties and common security
  * methods. One of its primary uses is to manage providers.
  *
+ * <p>The default values of security properties are read from an
+ * implementation-specific location, which is typically the properties file
+ * {@code lib/security/java.security} in the Java installation directory.
+ *
  * @author Benjamin Renaud
  */
 

src/share/classes/java/security/cert/CertPathBuilder.java

@@ -281,25 +281,23 @@ public class CertPathBuilder {
     }
 
     /**
-     * Returns the default <code>CertPathBuilder</code> type as specified in
-     * the Java security properties file, or the string &quot;PKIX&quot;
-     * if no such property exists. The Java security properties file is
-     * located in the file named &lt;JAVA_HOME&gt;/lib/security/java.security.
-     * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
-     * and specifies the directory where the JRE is installed.
+     * Returns the default {@code CertPathBuilder} type as specified by
+     * the {@code certpathbuilder.type} security property, or the string
+     * {@literal "PKIX"} if no such property exists.
      *
-     * <p>The default <code>CertPathBuilder</code> type can be used by
+     * <p>The default {@code CertPathBuilder} type can be used by
      * applications that do not want to use a hard-coded type when calling one
-     * of the <code>getInstance</code> methods, and want to provide a default
+     * of the {@code getInstance} methods, and want to provide a default
      * type in case a user does not specify its own.
      *
-     * <p>The default <code>CertPathBuilder</code> type can be changed by
-     * setting the value of the "certpathbuilder.type" security property
-     * (in the Java security properties file) to the desired type.
+     * <p>The default {@code CertPathBuilder} type can be changed by
+     * setting the value of the {@code certpathbuilder.type} security property
+     * to the desired type.
      *
-     * @return the default <code>CertPathBuilder</code> type as specified
-     * in the Java security properties file, or the string &quot;PKIX&quot;
-     * if no such property exists.
+     * @see java.security.Security security properties
+     * @return the default {@code CertPathBuilder} type as specified
+     * by the {@code certpathbuilder.type} security property, or the string
+     * {@literal "PKIX"} if no such property exists.
      */
     public final static String getDefaultType() {
         String cpbtype =

src/share/classes/java/security/cert/CertPathValidator.java

@@ -293,25 +293,23 @@ public class CertPathValidator {
     }
 
     /**
-     * Returns the default <code>CertPathValidator</code> type as specified in
-     * the Java security properties file, or the string &quot;PKIX&quot;
-     * if no such property exists. The Java security properties file is
-     * located in the file named &lt;JAVA_HOME&gt;/lib/security/java.security.
-     * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
-     * and specifies the directory where the JRE is installed.
+     * Returns the default {@code CertPathValidator} type as specified by
+     * the {@code certpathvalidator.type} security property, or the string
+     * {@literal "PKIX"} if no such property exists.
      *
-     * <p>The default <code>CertPathValidator</code> type can be used by
+     * <p>The default {@code CertPathValidator} type can be used by
      * applications that do not want to use a hard-coded type when calling one
-     * of the <code>getInstance</code> methods, and want to provide a default
+     * of the {@code getInstance} methods, and want to provide a default
      * type in case a user does not specify its own.
      *
-     * <p>The default <code>CertPathValidator</code> type can be changed by
-     * setting the value of the "certpathvalidator.type" security property
-     * (in the Java security properties file) to the desired type.
+     * <p>The default {@code CertPathValidator} type can be changed by
+     * setting the value of the {@code certpathvalidator.type} security
+     * property to the desired type.
      *
-     * @return the default <code>CertPathValidator</code> type as specified
-     * in the Java security properties file, or the string &quot;PKIX&quot;
-     * if no such property exists.
+     * @see java.security.Security security properties
+     * @return the default {@code CertPathValidator} type as specified
+     * by the {@code certpathvalidator.type} security property, or the string
+     * {@literal "PKIX"} if no such property exists.
      */
     public final static String getDefaultType() {
         String cpvtype =

src/share/classes/java/security/cert/CertStore.java

 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -389,25 +389,23 @@ public class CertStore {
     }
 
     /**
-     * Returns the default <code>CertStore</code> type as specified in the
-     * Java security properties file, or the string &quot;LDAP&quot; if no
-     * such property exists. The Java security properties file is located in
-     * the file named &lt;JAVA_HOME&gt;/lib/security/java.security.
-     * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
-     * and specifies the directory where the JRE is installed.
-     *
-     * <p>The default <code>CertStore</code> type can be used by applications
+     * Returns the default {@code CertStore} type as specified by the
+     * {@code certstore.type} security property, or the string
+     * {@literal "LDAP"} if no such property exists.
+     *
+     * <p>The default {@code CertStore} type can be used by applications
      * that do not want to use a hard-coded type when calling one of the
-     * <code>getInstance</code> methods, and want to provide a default
-     * <code>CertStore</code> type in case a user does not specify its own.
+     * {@code getInstance} methods, and want to provide a default
+     * {@code CertStore} type in case a user does not specify its own.
      *
-     * <p>The default <code>CertStore</code> type can be changed by setting
-     * the value of the "certstore.type" security property (in the Java
-     * security properties file) to the desired type.
+     * <p>The default {@code CertStore} type can be changed by setting
+     * the value of the {@code certstore.type} security property to the
+     * desired type.
      *
-     * @return the default <code>CertStore</code> type as specified in the
-     * Java security properties file, or the string &quot;LDAP&quot;
-     * if no such property exists.
+     * @see java.security.Security security properties
+     * @return the default {@code CertStore} type as specified by the
+     * {@code certstore.type} security property, or the string
+     * {@literal "LDAP"} if no such property exists.
      */
     public final static String getDefaultType() {
         String cstype;

src/share/classes/javax/net/ssl/KeyManagerFactory.java

 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,17 +53,13 @@ public class KeyManagerFactory {
      * Obtains the default KeyManagerFactory algorithm name.
      *
      * <p>The default algorithm can be changed at runtime by setting
-     * the value of the "ssl.KeyManagerFactory.algorithm" security
-     * property (set in the Java security properties file or by calling
-     * {@link java.security.Security#setProperty(java.lang.String,
-     * java.lang.String)})
-     * to the desired algorithm name.
+     * the value of the {@code ssl.KeyManagerFactory.algorithm}
+     * security property to the desired algorithm name.
      *
-     * @see java.security.Security#setProperty(java.lang.String,
-     *          java.lang.String)
-     * @return the default algorithm name as specified in the
-     *          Java security properties, or an implementation-specific
-     *          default if no such property exists.
+     * @see java.security.Security security properties
+     * @return the default algorithm name as specified by the
+     *          {@code ssl.KeyManagerFactory.algorithm} security property, or an
+     *          implementation-specific default if no such property exists.
      */
     public final static String getDefaultAlgorithm() {
         String type;

src/share/classes/javax/net/ssl/TrustManagerFactory.java

 /*
- * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,14 +53,13 @@ public class TrustManagerFactory {
      * Obtains the default TrustManagerFactory algorithm name.
      *
      * <p>The default TrustManager can be changed at runtime by setting
-     * the value of the "ssl.TrustManagerFactory.algorithm" security
-     * property (set in the Java security properties file or by calling
-     * {@link java.security.Security#setProperty(String, String) })
-     * to the desired algorithm name.
-     *
-     * @return the default algorithm name as specified in the
-     * Java security properties, or an implementation-specific default
-     * if no such property exists.
+     * the value of the {@code ssl.TrustManagerFactory.algorithm}
+     * security property to the desired algorithm name.
+     *
+     * @see java.security.Security security properties
+     * @return the default algorithm name as specified by the
+     * {@code ssl.TrustManagerFactory.algorithm} security property, or an
+     * implementation-specific default if no such property exists.
      */
     public final static String getDefaultAlgorithm() {
         String type;

src/share/classes/javax/security/auth/Policy.java

 /*
- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -126,14 +126,9 @@ import sun.security.util.Debug;
  * are rejected.  Such permission must be listed in the
  * <code>java.security.Policy</code>.
  *
- * <p> The default <code>Policy</code> implementation can be changed by
- * setting the value of the "auth.policy.provider" security property
- * (in the Java security properties file) to the fully qualified name of
- * the desired <code>Policy</code> implementation class.
- * The Java security properties file is located in the file named
- * &lt;JAVA_HOME&gt;/lib/security/java.security.
- * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
- * and specifies the directory where the JRE is installed.
+ * <p> The default {@code Policy} implementation can be changed by
+ * setting the value of the {@code auth.policy.provider} security property to
+ * the fully qualified name of the desired {@code Policy} implementation class.
  *
  * @deprecated  as of JDK version 1.4 -- Replaced by java.security.Policy.
  *              java.security.Policy has a method:
@@ -154,7 +149,7 @@ import sun.security.util.Debug;
  * These two APIs provide callers the means to query the
  * Policy for Principal-based Permission entries.
  *
- *
+ * @see java.security.Security security properties
  */
 @Deprecated
 public abstract class Policy {

src/share/classes/javax/security/auth/callback/CallbackHandler.java

 /*
- * Copyright (c) 1999, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,13 +49,9 @@ package javax.security.auth.callback;
  * can then choose to prompt for a username and password serially,
  * or to prompt for both in a single window.
  *
- * <p> A default <code>CallbackHandler</code> class implementation
- * may be specified in the <i>auth.login.defaultCallbackHandler</i>
- * security property.  The security property can be set
- * in the Java security properties file located in the file named
- * &lt;JAVA_HOME&gt;/lib/security/java.security.
- * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
- * and specifies the directory where the JRE is installed.
+ * <p> A default {@code CallbackHandler} class implementation
+ * may be specified by setting the value of the
+ * {@code auth.login.defaultCallbackHandler} security property.
  *
  * <p> If the security property is set to the fully qualified name of a
  * <code>CallbackHandler</code> implementation class,
@@ -67,6 +63,7 @@ package javax.security.auth.callback;
  * <p> All default handler implementations must provide a public
  * zero-argument constructor.
  *
+ * @see java.security.Security security properties
  */
 public interface CallbackHandler {
 

src/share/classes/javax/security/auth/login/Configuration.java

 /*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -173,12 +173,8 @@ import sun.security.jca.GetInstance;
  * Configuration implementation (a default subclass implementation of this
  * abstract class).
  * The default Configuration implementation can be changed by setting the value
- * of the "login.configuration.provider" security property (in the Java
- * security properties file) to the fully qualified name of the desired
- * Configuration subclass implementation.  The Java security properties file
- * is located in the file named <JAVA_HOME>/lib/security/java.security.
- * <JAVA_HOME> refers to the value of the java.home system property,
- * and specifies the directory where the JRE is installed.
+ * of the {@code login.configuration.provider} security property to the fully
+ * qualified name of the desired Configuration subclass implementation.
  *
  * <p> Application code can directly subclass Configuration to provide a custom
  * implementation.  In addition, an instance of a Configuration object can be
@@ -190,6 +186,7 @@ import sun.security.jca.GetInstance;
  * for a list of standard Configuration types.
  *
  * @see javax.security.auth.login.LoginContext
+ * @see java.security.Security security properties
  */
 public abstract class Configuration {
 

src/share/classes/javax/security/auth/login/LoginContext.java

 /*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -163,9 +163,9 @@ import sun.security.util.ResourcesMgr;
  * input parameter, or if the caller specifies a <code>null</code>
  * CallbackHandler object (and a <code>null</code> value is permitted),
  * the LoginContext queries the
- * <i>auth.login.defaultCallbackHandler</i> security property
- * for the fully qualified class name of a default handler implementation.
- * If the security property is not set,
+ * {@code auth.login.defaultCallbackHandler} security property for the
+ * fully qualified class name of a default handler
+ * implementation. If the security property is not set,
  * then the underlying modules will not have a
  * CallbackHandler for use in communicating
  * with users.  The caller thus assumes that the configured
@@ -184,21 +184,13 @@ import sun.security.util.ResourcesMgr;
  * </ul>
  * </ol>
  *
- * <p> Note that Security Properties
- * (such as <code>auth.login.defaultCallbackHandler</code>)
- * can be set programmatically via the
- * <code>java.security.Security</code> class,
- * or statically in the Java security properties file located in the
- * file named &lt;JAVA_HOME&gt;/lib/security/java.security.
- * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
- * and specifies the directory where the JRE is installed.
- *
  * @see java.security.Security
  * @see javax.security.auth.AuthPermission
  * @see javax.security.auth.Subject
  * @see javax.security.auth.callback.CallbackHandler
  * @see javax.security.auth.login.Configuration
  * @see javax.security.auth.spi.LoginModule
+ * @see java.security.Security security properties
  */
 public class LoginContext {
 

src/share/classes/javax/security/cert/X509Certificate.java

 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -96,21 +96,17 @@ import java.util.Date;
  * </pre>
  * <p>
  * In either case, the code that instantiates an X.509 certificate
- * consults the Java security properties file to locate the actual
- * implementation or instantiates a default implementation.
+ * consults the value of the {@code cert.provider.x509v1} security property
+ * to locate the actual implementation or instantiates a default implementation.
  * <p>
- * The Java security properties file is located in the file named
- * &lt;JAVA_HOME&gt;/lib/security/java.security.
- * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
- * and specifies the directory where the JRE is installed.
- * In the Security properties file, a default implementation
- * for X.509 v1 may be given such as:
+ * The {@code cert.provider.x509v1} property is set to a default
+ * implementation for X.509 such as:
  * <pre>
  * cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl
  * </pre>
  * <p>
- * The value of this <code>cert.provider.x509v1</code> property has to be
- * changed to instatiate another implementation. If this security
+ * The value of this {@code cert.provider.x509v1} property has to be
+ * changed to instantiate another implementation. If this security
  * property is not set, a default implementation will be used.
  * Currently, due to possible security restrictions on access to
  * Security properties, this value is looked up and cached at class
@@ -127,6 +123,7 @@ import java.util.Date;
  * @since 1.4
  * @see Certificate
  * @see java.security.cert.X509Extension
+ * @see java.security.Security security properties
  */
 public abstract class X509Certificate extends Certificate {
 
@@ -156,8 +153,7 @@ public abstract class X509Certificate extends Certificate {
      * the data read from the input stream <code>inStream</code>.
      * The implementation (X509Certificate is an abstract class) is
      * provided by the class specified as the value of the
-     * <code>cert.provider.x509v1</code>
-     * property in the security properties file.
+     * {@code cert.provider.x509v1} security property.
      *
      * <p>Note: Only one DER-encoded
      * certificate is expected to be in the input stream.
@@ -184,8 +180,7 @@ public abstract class X509Certificate extends Certificate {
      * the specified byte array.
      * The implementation (X509Certificate is an abstract class) is
      * provided by the class specified as the value of the
-     * <code>cert.provider.x509v1</code>
-     * property in the security properties file.
+     * {@code cert.provider.x509v1} security property.
      *
      * <p>Note: All X509Certificate
      * subclasses must provide a constructor of the form: