A Bug in AccessControlContext.equals() and hashCode()?

Jeff Nisewanger jeffrey.nisewanger at oracle.com
Thu Jun 12 16:21:01 UTC 2014

> On Jun 11, 2014, at 11:14 PM, Frank Ding <dingxmin at linux.vnet.ibm.com> wrote:
> My questions are:
> 1. Though spec doesn't require two objects with same hashcode are equal, what's the particular reason that field "DomainCombiner combiner" are used for equal() but not hashCode()?

As you pointed out, the value returned by hashCode() is a quick heuristic or optimization for comparing equality and it is perfectly normal (but sub-optimal) for two unequal instances to share the same hash code value.

The hash code  calculation based on the array of ProtectionDomains is quick and easy and applies to all AccessControlContext instances. A useful hash code calculation for any DomainCombiner or other relevant instance state is less obvious and extending the calculation was deferred to a future release.

> 2. Is it expected that two AccessControlContext objects considered equal via method equals() should return same results for AccessControlContext.checkPermission()?


> In addition, current JCK tests (both Java 7 & 8) validate AccessControlContext.hashCode() by calculating only field "ProtectionDomain[] context". Does it make sense to challenge JCK if I would like add more fields for hashCode calculation?

I will follow up and answer your JCK question next week.


More information about the security-dev mailing list