eclipse-ee4j
diff --git a/‎examples/security-lockdown/runner/pom.xml
+2-1 b/‎examples/security-lockdown/runner/pom.xml
+2-1
diff --git a/‎examples/security-lockdown/runner/src/test/java/org/glassfish/securitylockdown/test/SecurityLockdownTest.java
+26-17 b/‎examples/security-lockdown/runner/src/test/java/org/glassfish/securitylockdown/test/SecurityLockdownTest.java
+26-17
diff --git a/‎hk2-api/pom.xml
+2-1 b/‎hk2-api/pom.xml
+2-1
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
+    Copyright (c) 2025 Contributors to Eclipse Foundation.
     Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved.
 
     This program and the accompanying materials are made available under the
@@ -87,7 +88,7 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
-                    <argLine>-Dlocal.repo=${settings.localRepository} -Dbuild.dir=${project.build.directory} -Djava.security.manager -Djava.security.policy=${project.build.directory}/test-classes/policy.txt @{surefireArgLineExtra}</argLine>
+                    <argLine>-Dlocal.repo=${settings.localRepository} -Dbuild.dir=${project.build.directory} ${activate.securitymanager} -Djava.security.policy=${project.build.directory}/test-classes/policy.txt @{surefireArgLineExtra}</argLine>
                     <!-- -Djava.security.debug=access,failure,domain -->
                 </configuration>
              </plugin>
 
@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2025 Contributors to Eclipse Foundation.
  * Copyright (c) 2012, 2018 Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2020 Payara Services Ltd.
  *
@@ -17,22 +18,30 @@
 
 package org.glassfish.securitylockdown.test;
 
-import org.junit.Assert;
+import com.alice.application.AliceApp;
+import com.mallory.application.MalloryApp;
 
 import org.glassfish.hk2.api.MultiException;
+import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Test;
 import org.jvnet.hk2.testing.junit.HK2Runner;
 
-import com.alice.application.AliceApp;
-import com.mallory.application.MalloryApp;
+import static org.junit.Assume.assumeTrue;
 
 /**
- * 
+ *
  * @author jwells
  *
  */
 public class SecurityLockdownTest extends HK2Runner {
-    
+
+    @Before
+    public void beforeMethod() {
+        // Security Manager tests using "AccessController.checkPermission(p);" don't work in JDK24+
+        assumeTrue(System.getProperty("java.vm.specification.version").compareTo("24") < 0);
+    }
+
     /**
      * Tests that we can do a lookup of AliceApp
      */
@@ -41,7 +50,7 @@ public void testAliceApp() {
         AliceApp aa = testLocator.getService(AliceApp.class);
         Assert.assertNotNull(aa);
     }
-    
+
     /**
      * Tests that we can do a lookup of AliceApp
      */
@@ -50,26 +59,26 @@ public void testMalloryApp() {
         MalloryApp ma = testLocator.getService(MalloryApp.class);
         Assert.assertNotNull(ma);
     }
-    
+
     /**
      * Tests that we can have Alice perform an operation on Mallory's behalf
      */
     @Test
     public void testMalloryCanLegallyHaveAliceDoAnOperation() {
         MalloryApp ma = testLocator.getService(MalloryApp.class);
         Assert.assertNotNull(ma);
-        
+
         ma.doAnApprovedOperation();
     }
-    
+
     /**
      * Tests that we can have Alice perform an operation on Mallory's behalf
      */
     @Test
     public void testMalloryCannotGetTheAuditServiceHimself() {
         MalloryApp ma = testLocator.getService(MalloryApp.class);
         Assert.assertNotNull(ma);
-        
+
         try {
             ma.tryToGetTheAuditServiceMyself();
             Assert.fail("Mallory should not be able to get the audit service himself");
@@ -78,15 +87,15 @@ public void testMalloryCannotGetTheAuditServiceHimself() {
             // Good, should have failed for him!
         }
     }
-    
+
     /**
      * Tests that Mallory cannot advertise a service
      */
     @Test
     public void testMalloryCannotAdvertiseAService() {
         MalloryApp ma = testLocator.getService(MalloryApp.class);
         Assert.assertNotNull(ma);
-        
+
         try {
             ma.tryToAdvertiseAService();
             Assert.fail("Mallory should not be able to advertise a service himself");
@@ -95,15 +104,15 @@ public void testMalloryCannotAdvertiseAService() {
             // Good, should have failed for him!
         }
     }
-    
+
     /**
      * Tests that Mallory cannot advertise a service
      */
     @Test
     public void testMalloryCannotUnAdvertiseAService() {
         MalloryApp ma = testLocator.getService(MalloryApp.class);
         Assert.assertNotNull(ma);
-        
+
         try {
             ma.tryToUnAdvertiseAService();
             Assert.fail("Mallory should not be able to unadvertise a service");
@@ -112,21 +121,21 @@ public void testMalloryCannotUnAdvertiseAService() {
             // Good, should have failed for him!
         }
     }
-    
+
     /**
      * Tests that Mallory cannot have a service that injects something it cannot
      */
     @Test
     public void testMalloryCannotInjectAnUnAuthorizedThing() {
         MalloryApp ma = testLocator.getService(MalloryApp.class);
         Assert.assertNotNull(ma);
-        
+
         try {
             ma.tryToInstantiateAServiceWithABadInjectionPoint();
             Assert.fail("Mallory should not be able to inject a service it has no rights to");
         }
         catch (MultiException multi) {
-            Assert.assertTrue(multi.getMessage(), multi.getMessage().contains("There was no object available in " + SecurityLockdownTest.class.getCanonicalName() 
+            Assert.assertTrue(multi.getMessage(), multi.getMessage().contains("There was no object available in " + SecurityLockdownTest.class.getCanonicalName()
                     + " for injection at SystemInjecteeImpl"));
         }
     }
 
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
+    Copyright (c) 2025 Contributors to Eclipse Foundation.
     Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved.
     Copyright (c) 2019, 2020 Payara Services Ltd.
 
@@ -83,7 +84,7 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
-                    <argLine>-Dlocal.repo=${settings.localRepository} -Dbuild.dir=${project.build.directory} -Djava.security.manager -Djava.security.policy=${project.build.directory}/test-classes/policy.txt @{surefireArgLineExtra}</argLine>
+                    <argLine>-Dlocal.repo=${settings.localRepository} -Dbuild.dir=${project.build.directory} ${activate.securitymanager} -Djava.security.policy=${project.build.directory}/test-classes/policy.txt @{surefireArgLineExtra}</argLine>
                     <!-- -Djava.security.debug=access,failure,domain -->
                 </configuration>
              </plugin>