[jdk17] RFR: 8269543: The warning for System::setSecurityManager should only appear once for each caller
Daniel Fuchs
dfuchs at openjdk.java.net
Tue Jun 29 18:50:08 UTC 2021
On Mon, 28 Jun 2021 21:09:43 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Add a cache to record which sources have called `System::setSecurityManager` and only print out warning lines once for each.
src/java.base/share/classes/java/lang/System.java line 337:
> 335: = Collections.synchronizedMap(new WeakHashMap<>());
> 336: }
> 337:
I wonder about the use of a WeakHashMap here. That may work well when the source is an interned string (a class name) which will be strongly referenced elsewhere and may be garbage collected if the class is unloaded, but in the case where it contains the name of the source jar then that string will only be referenced by the weak hashmap, and therefore it could be garbage collected any time - which would cause the mapping to be removed. In that case you cannot guarantee that the warning will be emitted only once.
-------------
PR: https://git.openjdk.java.net/jdk17/pull/166
More information about the security-dev
mailing list