RFR 7191662: JCE providers should be located via ServiceLoader,

Sean Mullan sean.mullan at oracle.com
Tue May 26 20:57:02 UTC 2015

This all looks fine to me (except for the Makefile stuff which I'll 
leave to others).


On 05/21/2015 12:21 AM, Valerie Peng wrote:
> Sean,
> Could you please review this change? The changes are mostly the same as
> the prototype in Jake, but I have to make some modification due to the
> difference in ServiceLoader lookup in OpenJDK (corresponding
> META-INF/services/java.security.Provider files in each module) and the
> related makefile change (merge their content into one for the final
> image build). Then, I adjusted the Provider.configure() method to take a
> single String argument to be consistent with the "providerarg" option
> that keytool defined.
> In addition, I also made some misc changes, such as configuring the
> providers inside ProviderConfig instead of ProviderLoader, add back the
> doPrivileged block to all the provider constructors. I also have second
> thought on making the switch to privider name (instead of provider class
> name) in java.security file, so I reverted the changes on that - that
> SunPKCS11 provider has its name specified in its configuration file, so
> when ServiceLoader loads the PKCS11 provider, the configuration file has
> not been passed to it, so the name is not known at that time. Thus,
> using the class name for the provider list entry seems to fit the flow
> better. I also updated the default policy for SunPKCS11 provider given
> its recent change of using sun.misc.
> Webrev: http://cr.openjdk.java.net/~valeriep/7191662/webrev.00/
> CCC: http://ccc.us.oracle.com/7191662
> Thanks,
> Valerie

More information about the security-dev mailing list