On 13/08/2014 11:10, Wang Weijun wrote:
Hi All
I'm working on "8038089: TLS optional support for Kerberos cipher suites needs to be
re-examine" which will separate the implementation of Kerberos-related TLS
ciphersuites from the other TLS codes. I am thinking of defining a ServiceLoader
interface called ExternalCipherSuiteProvider inside the TLS module and implement a
Krb5CipherSuiteProvider in the JGSS module. Now if the JGSS module is installed, it will
be found and thus supports the TLS_KRB5_* ciphersuites.
However, it looks like any application can include an implementation and register it by adding its own
$CLASSPATH/META-INF/services line. Is there anyway I can find out which is the "trusted" one? I've
looked at some ServiceLoader example inside JDK and it looks like they first load an implementation specified
by a system property and then do the ServiceLoader.load() loop. Is that system property meant to provide the
"trusted" or "builtin" implementation? I wonder if it still works now because even if we
define a system property (or security property), the implementation class will be invisible in a different
module.
The usual thing is to just have a default implementation that is used
when ServiceLoader doesn't locate a useful provider. You'll find many
examples of this in the JDK. In those cases then the default is not
listed in a services configuration file. From what you describe then
this may be what you want too.
ServiceLoader does not have a way to configure a preferred provider so
this is one reason why you'll see places where a system property can be
used to configured the preferred implementation.
-Alan.
