On Tue, 11 Oct 2022 11:28:10 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> What about creating a new `JavaSecurityPropertiesAccess` class and moving >> the accessor method there? It seems it would be cleaner to remove the >> dependency on PD in the long run. > > @seanjmullan - I looked at that approach. The > `SharedSecrets.getJavaSecurityAccess().getInitialProperties();` call may > trigger early initialization of the `java.security.Security` class - I'm not > sure if we want that. ProtectionDomain class is currently loaded early in the > JDK boot cycle. > > In fact the change suggested by @AlanBateman yesterday also has possibility > to trigger unnecessary loading of the Security class. I might revert to the > original design where we store the cached Properties in ProtectionDomain ? Maybe I am missing something. If this JFR event is enabled, and the properties have not yet been accessed, then it seems ok for JFR to load the `Security` class when JFR is started since the user is interested in this event. ------------- PR: https://git.openjdk.org/jdk/pull/10394
