Maybe a comment should point to the description of this pattern (if it applies): https://www.oracle.com/technetwork/java/seccodeguide-139067.html#4-5
Gruss Bernd Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: security-dev <security-dev-boun...@openjdk.java.net> im Auftrag von Valerie Peng <valerie.p...@oracle.com> Gesendet: Freitag, Dezember 14, 2018 1:53 AM An: Nico Williams Cc: security-dev@openjdk.java.net Betreff: Re: RFR JDK-7092821 "java.security.Provider.getService() is synchronized and became scalability bottleneck" If I recall correctly, "initialized" and checkInitialized() method are meant to prevent unauthorized creation of Provider object either through inheritance or deserialization. Thus, they should not be removed unless we are sure that the original issue are no longer of concern. Thanks, Valerie On 12/13/2018 9:02 AM, Nico Williams wrote: > On Wed, Dec 12, 2018 at 11:48:26AM -0800, Valerie Peng wrote: >> If anyone is still reviewing this and need more time, please let me know >> soon. Otherwise, I will proceed with integration this afternoon. > One comment: > > - checkInitialized() in java.security.Provider seems pointless -- initialized > is always set to true in all the Provider the constructors > > here's your chance to remove it. > > Nico
