On Fri, 17 Jun 2022 06:47:59 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> * This adds additional permissions to the jdk.random module
>> (`RuntimePermission "accessClassInPackage.jdk.internal.util.random"`)
>> * The annotations of the provider classes are now parsed early.
>> This avoids putting the parts that can trigger the parsing into an
>> `AccessController.doPrivileged()` block.
>> * If a `SecurityManager` is installed, `RandomGeneratorFactory.all()` will
>> only return `RandomGenerator`s that are loaded by a system domain loader.
>> This avoids parsing annotations of user classes from a privileged context.
>
> src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line
> 165:
>
>> 163: onlyBuiltIn = p ->
>> VM.isSystemDomainLoader(p.type().getClassLoader());
>> 164: } else {
>> 165: onlyBuiltIn = p -> true;
>
> Should this variable be renamed to something else? Because right now it does
> the opposite of it's name. i.e. When `onlyBuiltIn` is set to `true`, like
> here, the code a few lines below which filters the stream accepts all
> `RandomGeneratorFactory` implementations that have been found.
Good idea. Naming is hard - and I don't have a good name. Maybe `allowType`?
On second thought, I could change it to `Stream<...> s = ...; if (...) {s =
s.filter(...)}`.
-------------
PR: https://git.openjdk.org/jdk/pull/9180
