Code review request for storing code signer info
Sean Mullan
sean.mullan at oracle.com
Fri Jan 14 12:26:53 PST 2011
On 1/14/11 2:09 PM, Mandy Chung wrote:
>> Have we given any thought as to whether we will add some sort of configuration
>> properties file to allow default settings to be overridden? There are other
>> security defaults that will likely need to be overriden, such as revocation
>> checking settings.
>>
> In JRE, there is a $JAVA_HOME/lib/security/java.security properties file that
> allows the default security settings to be overriden. Do you mean whether we
> will add a new configuration properties file for the base module to use
> (replacing java.security one?)?
Yes and no. We could leverage the java.security properties file but that has the
unfortunate outstanding issue that any modifications will be lost when you
update the JRE.
I was thinking more along the lines of a general modules property file for
overriding various settings. Something similar to the property files that you
can configure for Java Plugin/WebStart:
http://download.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/properties.html
> We haven't thought about that but I think it's
> something we should consider.
>
> Reading a properties file for configuration has startup impact. I found that
> some existing properties files in the JRE such as logging.properties incur
> unnecessary startup cost as most applications use the default configuration.
> Generally if we add a new configuration properties file, I would propose to
> build in the default configuration in the runtime and we will just ship a
> template file (different name as the actual configuration file so that the file
> only exists if it's not the default).
Ideally these properties would only be read when you are installing/verifying a
module which would have less of a noticeable performance impact.
Anyway, perhaps I'm thinking too far ahead. I think we should defer this issue
and I will just use a system property for now.
>
>>> line 1855-1858: it would be good to use try-with-resources.
>>
>> Ah, you mean the Project Coin enhancement? Is there an example of code that
>> uses this already that you can point me to?
>>
>
> I don't know off hand but the specification is here:
> http://blogs.sun.com/darcy/entry/project_coin_updated_arm_spec
>
> I believe Stuart will modernize the JDK to use try-with-resources for JDK 7
> after he finishes the diamond conversion.
I suggest we wait until Stuart makes some progress on that as we will have
useful code examples to work off of.
--Sean
More information about the jigsaw-dev
mailing list