RFR: JDK-8288475: Initializing RandomGeneratorFactory.FactoryMapHolder fails if a SecurityManager is installed

Jaikiran Pai jpai at openjdk.org
Fri Jun 17 07:06:53 UTC 2022 

On Thu, 16 Jun 2022 07:08:20 GMT, Johannes Kuhn <jkuhn at openjdk.org> wrote:

> * This adds additional permissions to the jdk.random module (`RuntimePermission "accessClassInPackage.jdk.internal.util.random"`)
> * The annotations of the provider classes are now parsed early.  
>   This avoids putting the parts that can trigger the parsing into an `AccessController.doPrivileged()` block.
> * If a `SecurityManager` is installed, `RandomGeneratorFactory.all()` will only return `RandomGenerator`s that are loaded by a system domain loader.  
>   This avoids parsing annotations of user classes from a privileged context.

src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 141:

> 139: 
> 140:     private static class FactoryMapHolder {
> 141:         static final Map<String, Provider<? extends RandomGenerator>> FACTORY_MAP = createFactoryMap();

Unrelated to this PR, but a more general question. It appears that this `FACTORY_MAP` gets cached on first use/call. A few questions about the `createFactoryMap` method:
1. The javadoc of that private method says:

/**
         * Returns the factory map, lazily constructing map on first use.
         *
         * @return Map of RandomGeneratorFactory classes.
         */

But the implementation and the signature of this method actually return a Map of `RandomGenerator` classes and not the `RandomGeneratorFactory` classes.
2. The implementation of this method internally uses the `ServiceLoader` to load the `RandomGenerator` service provider implementations. The internal implementation of the `ServiceLoader` will use a Thread context classloader that is set on the calling thread. The result of the call to this `createFactoryMap` is then cached once and for all in the `FACTORY_MAP`. Would this then lead to a non-deterministic behaviour where whoever ends up initializing this `FactoryMapHolder` first, will end up storing those RandomGenerators for every one else? Is this intentional? Do you think this caching should be reviewed?

-------------

PR: https://git.openjdk.org/jdk/pull/9180

More information about the core-libs-dev mailing list