From 605924f8efe7436b5f7d18ec70d5d0e5b086d749 Mon Sep 17 00:00:00 2001
From: Sean Mullan <mullan@openjdk.org>
Date: Tue, 3 Jun 2014 07:34:35 -0400
Subject: [PATCH] 8036841: Reuse no-perms AccessControlContext object when
 performing isAuthorized check

Reviewed-by: wetmore
---
 .../classes/java/security/AccessController.java    | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/jdk/src/share/classes/java/security/AccessController.java b/jdk/src/share/classes/java/security/AccessController.java
index 36408a8d633..e2b8e584560 100644
--- a/jdk/src/share/classes/java/security/AccessController.java
+++ b/jdk/src/share/classes/java/security/AccessController.java
@@ -592,14 +592,24 @@ public final class AccessController {
             System.getSecurityManager() != null &&
             !callerPD.impliesCreateAccessControlContext())
         {
-            ProtectionDomain nullPD = new ProtectionDomain(null, null);
-            return new AccessControlContext(new ProtectionDomain[] { nullPD });
+            return getInnocuousAcc();
         } else {
             return new AccessControlContext(callerPD, combiner, parent,
                                             context, perms);
         }
     }
 
+    private static class AccHolder {
+        // An AccessControlContext with no granted permissions.
+        // Only initialized on demand when getInnocuousAcc() is called.
+        static final AccessControlContext innocuousAcc =
+            new AccessControlContext(new ProtectionDomain[] {
+                                     new ProtectionDomain(null, null) });
+    }
+    private static AccessControlContext getInnocuousAcc() {
+        return AccHolder.innocuousAcc;
+    }
+
     private static ProtectionDomain getCallerPD(final Class <?> caller) {
         ProtectionDomain callerPd = doPrivileged
             (new PrivilegedAction<ProtectionDomain>() {