RFR: JDK-6826789: SecureClassLoader should not use CodeSource URLs as HashMap keys
Weijun Wang
weijun.wang at oracle.com
Thu Jun 11 15:33:48 UTC 2015
Hi Sean
I remember you mentioned that although no name lookup is performed here
the permissions will be calculated correctly, even if they are granted
to different host strings which are actually equivalent (your new test
proves this). The URL strings still must be resolved somewhere else to
make this happen. Can you add a comment on where?
Thanks
Max
On 06/11/2015 09:54 PM, Sean Mullan wrote:
> This is the fifth in a series of fixes for JEP 232 (Improve
> Secure Application Performance) [1].
>
> webrev:
> http://cr.openjdk.java.net/~mullan/webrevs/6826789/webrev.00/
> bug: https://bugs.openjdk.java.net/browse/JDK-6826789
>
> This fix changes the keys used in the ProtectionDomain cache in
> SecureClassLoader from URLs to Strings. The URL.hashCode method can
> trigger a potentially expensive name service lookup. The String form of
> the URL avoids that lookup, resulting in a big performance improvement.
>
> Thanks,
> Sean
>
> [1] http://openjdk.java.net/jeps/232
More information about the security-dev
mailing list