RFR: 8065233: Remove Policy provider code that synchronizes on identityPolicyEntries List

Sean Mullan sean.mullan at oracle.com
Fri May 22 17:52:08 UTC 2015

On 05/22/2015 10:41 AM, Sean Mullan wrote:
> On 05/22/2015 10:33 AM, Weijun Wang wrote:
>> Looks good.
>> Are you also going to remove the policy.ignoreIdentityScope definition
>> inside jdk\src\java.base\share\conf\security\java.security?
> Good catch. I thought that had been removed as part of JDK-6876158. Let
> me think this over a bit first.

After further thought, I think it makes sense to leave the property in 
for now. The Identity and IdentityScope classes are under consideration 
for removal in JDK 10, and if that is approved, we will also remove the 
property at that time. It's possible (though I would be very surprised) 
that there are 3rd party providers that support that property.

For the purposes of the policy provider in the JDK, it has not supported 
that property since JDK-6876158 was fixed (JDK 7). Thus, I will proceed 
with this fix as-is, since it is just removing leftover code that is 
useless at this point.

The one change I will make is to add a sentence to the java.security 
file that the default JDK policy provider does not support this 
property. This is just documenting existing behavior since JDK 7, so a 
CCC is not required.

Are you ok with that?


> --Sean
>> Thanks
>> Max
>> On 5/22/2015 10:25 PM, Sean Mullan wrote:
>>> This is the second in a series of fixes for JEP 232 (Improve Secure
>>> Application Performance) [1].
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8065233/webrev.00/
>>> bug: https://bugs.openjdk.java.net/browse/JDK-8065233
>>> This fix removes some obsolete synchronization code from the Policy
>>> implementation. This results in a slight improvement (about 2-4%) in the
>>> throughput of the Policy.getPermissions method. The bug contains a
>>> performance chart with more details.
>>> Thanks,
>>> Sean
>>> [1] http://openjdk.java.net/jeps/232

More information about the security-dev mailing list