[jdk17] RFR: 8269543: The warning for System::setSecurityManager should only appear once for each caller
Roger Riggs
rriggs at openjdk.java.net
Tue Jun 29 19:26:04 UTC 2021
On Tue, 29 Jun 2021 18:47:23 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Add a cache to record which sources have called `System::setSecurityManager` and only print out warning lines once for each.
>
> src/java.base/share/classes/java/lang/System.java line 337:
>
>> 335: = Collections.synchronizedMap(new WeakHashMap<>());
>> 336: }
>> 337:
>
> I wonder about the use of a WeakHashMap here. That may work well when the source is an interned string (a class name) which will be strongly referenced elsewhere and may be garbage collected if the class is unloaded, but in the case where it contains the name of the source jar then that string will only be referenced by the weak hashmap, and therefore it could be garbage collected any time - which would cause the mapping to be removed. In that case you cannot guarantee that the warning will be emitted only once.
Using a HashSet<Class> could use the callerClass as the key and be a stable reference for having given the message.
or use a ConcurrentHashMap<Class<?>>, boolean> and avoid any separate synchronization that would be needed with a HashSet or HashMap.
-------------
PR: https://git.openjdk.java.net/jdk17/pull/166
More information about the security-dev
mailing list