RFR: 8065233: Remove Policy provider code that synchronizes on identityPolicyEntries List
sean.mullan at oracle.com
Fri May 22 17:52:08 UTC 2015
On 05/22/2015 10:41 AM, Sean Mullan wrote:
> On 05/22/2015 10:33 AM, Weijun Wang wrote:
>> Looks good.
>> Are you also going to remove the policy.ignoreIdentityScope definition
>> inside jdk\src\java.base\share\conf\security\java.security?
> Good catch. I thought that had been removed as part of JDK-6876158. Let
> me think this over a bit first.
After further thought, I think it makes sense to leave the property in
for now. The Identity and IdentityScope classes are under consideration
for removal in JDK 10, and if that is approved, we will also remove the
property at that time. It's possible (though I would be very surprised)
that there are 3rd party providers that support that property.
For the purposes of the policy provider in the JDK, it has not supported
that property since JDK-6876158 was fixed (JDK 7). Thus, I will proceed
with this fix as-is, since it is just removing leftover code that is
useless at this point.
The one change I will make is to add a sentence to the java.security
file that the default JDK policy provider does not support this
property. This is just documenting existing behavior since JDK 7, so a
CCC is not required.
Are you ok with that?
>> On 5/22/2015 10:25 PM, Sean Mullan wrote:
>>> This is the second in a series of fixes for JEP 232 (Improve Secure
>>> Application Performance) .
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8065233/webrev.00/
>>> bug: https://bugs.openjdk.java.net/browse/JDK-8065233
>>> This fix removes some obsolete synchronization code from the Policy
>>> implementation. This results in a slight improvement (about 2-4%) in the
>>> throughput of the Policy.getPermissions method. The bug contains a
>>> performance chart with more details.
>>>  http://openjdk.java.net/jeps/232
More information about the security-dev