RFR: JDK-8131486 : SecureClassLoader key for ProtectionDomain cache also needs to take into account certificates

Sean Mullan sean.mullan at oracle.com
Fri Jul 17 21:32:06 UTC 2015

One of the changesets for JEP 232 (Improve Secure Application 
Performance) introduced a regression in the ProtectionDomain cache used 
by SecureClassLoader. The HashMap key needs to also check the 
Certificates of the CodeSource (as well as the location); otherwise 2 
CodeSources from the same location but with different signers can 
resolve to the same ProtectionDomain.

The existing regression test has also been updated to test this case.

webrev: http://cr.openjdk.java.net/~mullan/webrevs/8131486/webrev.00/
bug: https://bugs.openjdk.java.net/browse/JDK-8131486


More information about the security-dev mailing list