RFR (12): 8191053: Provide a mechanism to make system's security manager immutable
mandy chung
mandy.chung at oracle.com
Fri Sep 14 02:41:53 UTC 2018
On 9/13/18 1:02 PM, Sean Mullan wrote:
> This is a SecurityManager related change which warrants some
> additional details for its motivation.
>
> The current System.setSecurityManager() API allows a SecurityManager
> to be set at run-time. However, because of this mutability, it incurs
> a performance overhead even for applications that never call it and do
> not enable a SecurityManager dynamically, which is probably the
> majority of applications.
>
> :
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8191053/webrev.00/
> CSR: https://bugs.openjdk.java.net/browse/JDK-8203316
> JBS: https://bugs.openjdk.java.net/browse/JDK-8191053
This is a welcoming change as many applications run without security
manager and they will benefit the performance improvement. This patch
makes the private System::security field @Stable hich is the first
installment of perf optimization. I hope to see further optimization
can be done for example speed up of doPrivileged block in the
no-security manager case.
This patch looks good. It may be good to add one test case to launch
with -Djava.security.manager and -Djdk.allowSecurityManager=false to
show that no security manager is installed; essential
-Djava.security.manager is ignored. Maybe @implNote should mention such
case where -Djava.security.manager is ignored if
-Djdk.allowSecurityManager=false.
Mandy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180913/ddf8e5d4/attachment.htm>
More information about the security-dev
mailing list