diff --git a/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java b/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java index 3dd5933fb06..786d63ce73f 100644 --- a/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java +++ b/jdk/src/java.base/share/classes/java/security/ProtectionDomain.java @@ -25,23 +25,24 @@ package java.security; +import java.lang.ref.Reference; +import java.lang.ref.ReferenceQueue; import java.lang.ref.WeakReference; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; import java.util.Map; import java.util.WeakHashMap; +import java.util.concurrent.ConcurrentHashMap; +import sun.misc.JavaSecurityAccess; import sun.misc.JavaSecurityProtectionDomainAccess; import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache; +import sun.misc.SharedSecrets; import sun.security.util.Debug; import sun.security.util.SecurityConstants; -import sun.misc.JavaSecurityAccess; -import sun.misc.SharedSecrets; /** - * - *
- * This ProtectionDomain class encapsulates the characteristics of a domain, + * The ProtectionDomain class encapsulates the characteristics of a domain, * which encloses a set of classes whose instances are granted a set * of permissions when being executed on behalf of a given set of Principals. *
@@ -58,6 +59,7 @@ import sun.misc.SharedSecrets;
*/
public class ProtectionDomain {
+
private static class JavaSecurityAccessImpl implements JavaSecurityAccess {
private JavaSecurityAccessImpl() {
@@ -86,18 +88,33 @@ public class ProtectionDomain {
AccessController.getContext(), context);
}
- private static AccessControlContext getCombinedACC(AccessControlContext context, AccessControlContext stack) {
- AccessControlContext acc = new AccessControlContext(context, stack.getCombiner(), true);
+ private static AccessControlContext getCombinedACC(
+ AccessControlContext context, AccessControlContext stack) {
+ AccessControlContext acc =
+ new AccessControlContext(context, stack.getCombiner(), true);
return new AccessControlContext(stack.getContext(), acc).optimize();
}
}
static {
- // Set up JavaSecurityAccess in SharedSecrets
+ // setup SharedSecrets to allow access to doIntersectionPrivilege
+ // methods and ProtectionDomain cache
SharedSecrets.setJavaSecurityAccess(new JavaSecurityAccessImpl());
+ SharedSecrets.setJavaSecurityProtectionDomainAccess(
+ new JavaSecurityProtectionDomainAccess() {
+ @Override
+ public ProtectionDomainCache getProtectionDomainCache() {
+ return new PDCache();
+ }
+ });
}
+ /**
+ * Used for storing ProtectionDomains as keys in a Map.
+ */
+ static final class Key {}
+
/* CodeSource */
private CodeSource codesource ;
@@ -451,40 +468,104 @@ public class ProtectionDomain {
}
/**
- * Used for storing ProtectionDomains as keys in a Map.
+ * A cache of ProtectionDomains and their Permissions.
+ *
+ * This class stores ProtectionDomains as weak keys in a ConcurrentHashMap
+ * with additional support for checking and removing weak keys that are no
+ * longer in use.
*/
- final static class Key {}
-
- // A cache of ProtectionDomains and their Permissions
private static class PDCache implements ProtectionDomainCache {
- // We must wrap the PermissionCollection in a WeakReference as there
- // are some PermissionCollections which contain strong references
- // back to a ProtectionDomain and otherwise would never be removed
- // from the WeakHashMap
- private final Map