A Bug in AccessControlContext.equals() and hashCode()?

Frank Ding dingxmin at linux.vnet.ibm.com
Thu Jun 12 06:14:28 UTC 2014


Hi Guys,
  Recently, we noticed that JEP-140 has altered the behavior of
AccessControlContext equality and comparson semantics.  To be more
precisely, AccessControlContext.equals() takes fields "DomainCombiner
combiner" & "ProtectionDomain[] context" and some others into consideration
(both Java 7 & 8) whereas AccessControlContext.hashCode() only cares about
"ProtectionDomain[] context".  This is weird.

My questions are:
1. Though spec doesn't require two objects with same hashcode are equal,
what's the particular reason that field "DomainCombiner combiner" are used
for equal() but not hashCode()?
2. Is it expected that two AccessControlContext objects considered equal
via method equals() should return same results for
AccessControlContext.checkPermission()?

In addition, current JCK tests (both Java 7 & 8) validate
AccessControlContext.hashCode() by calculating only field
"ProtectionDomain[] context". Does it make sense to challenge JCK if I
would like add more fields for hashCode calculation?

Your insight is appreciated.

Thanks,
Frank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20140612/98ee5223/attachment.html>


More information about the security-dev mailing list