RFR: JDK-8131486 : SecureClassLoader key for ProtectionDomain cache also needs to take into account certificates
Sean Mullan
sean.mullan at oracle.com
Sun Jul 19 23:37:03 UTC 2015
On 07/17/2015 08:00 PM, Weijun Wang wrote:
> The change looks fine.
>
> That said, is CodeSource's hashCode/equals used somewhere else? I mean,
> can we directly update them?
It might affect third party policy providers. We would also need to
update the CodeSource.equals specification. I think it is something to
think about for later on though.
--Sean
>
> Thanks
> Max
>
> On 07/18/2015 05:32 AM, Sean Mullan wrote:
>> One of the changesets for JEP 232 (Improve Secure Application
>> Performance) introduced a regression in the ProtectionDomain cache used
>> by SecureClassLoader. The HashMap key needs to also check the
>> Certificates of the CodeSource (as well as the location); otherwise 2
>> CodeSources from the same location but with different signers can
>> resolve to the same ProtectionDomain.
>>
>> The existing regression test has also been updated to test this case.
>>
>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8131486/webrev.00/
>> bug: https://bugs.openjdk.java.net/browse/JDK-8131486
>>
>> Thanks,
>> Sean
More information about the security-dev
mailing list