RFR 7191662: JCE providers should be located via ServiceLoader,

Valerie Peng valerie.peng at oracle.com
Tue May 26 21:02:29 UTC 2015

Thanks, I will sort out the Makefile stuff with Mandy and other build 

On 5/26/2015 1:57 PM, Sean Mullan wrote:
> This all looks fine to me (except for the Makefile stuff which I'll 
> leave to others).
> --Sean
> On 05/21/2015 12:21 AM, Valerie Peng wrote:
>> Sean,
>> Could you please review this change? The changes are mostly the same as
>> the prototype in Jake, but I have to make some modification due to the
>> difference in ServiceLoader lookup in OpenJDK (corresponding
>> META-INF/services/java.security.Provider files in each module) and the
>> related makefile change (merge their content into one for the final
>> image build). Then, I adjusted the Provider.configure() method to take a
>> single String argument to be consistent with the "providerarg" option
>> that keytool defined.
>> In addition, I also made some misc changes, such as configuring the
>> providers inside ProviderConfig instead of ProviderLoader, add back the
>> doPrivileged block to all the provider constructors. I also have second
>> thought on making the switch to privider name (instead of provider class
>> name) in java.security file, so I reverted the changes on that - that
>> SunPKCS11 provider has its name specified in its configuration file, so
>> when ServiceLoader loads the PKCS11 provider, the configuration file has
>> not been passed to it, so the name is not known at that time. Thus,
>> using the class name for the provider list entry seems to fit the flow
>> better. I also updated the default policy for SunPKCS11 provider given
>> its recent change of using sun.misc.
>> Webrev: http://cr.openjdk.java.net/~valeriep/7191662/webrev.00/
>> CCC: http://ccc.us.oracle.com/7191662
>> Thanks,
>> Valerie

More information about the security-dev mailing list