'Review Request: loading JCE providers using ServiceLoader'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-jigsaw-dev
Subject:    Review Request: loading JCE providers using ServiceLoader
From:       sean.mullan () oracle ! com (Sean Mullan)
Date:       2012-08-14 14:30:15
Message-ID: 502A60F7.3050909 () oracle ! com
[Download RAW message or body]

On 8/14/12 5:30 AM, Alan Bateman wrote:
> On 13/08/2012 20:17, Sean Mullan wrote:
>>
>> I thought about doing that, just adding them on to the end. But there 
>> are a few other subtle issues. Right now, if you want to use a JCE 
>> provider that isn't registered, you instantiate it directly (as I 
>> showed above). Or you could also instantiate it and use the 
>> Security.addProvider or insertProviderAt methods to add it to the list 
>> of registered providers. There are apps doing that today. That code 
>> may break (addProvider will return -1) if we automatically registered 
>> all JCE providers that were found by ServiceLoader. So I would rather 
>> hold off on this and address it later with the ordering of providers. 
>> We may need to adjust what it actually means for a JCE provider to be 
>> installed:
> I think it would make sense to add them at the end. One could imagine 
> calling Signature.getInstance(algorithm) and the implementation would 
> iterate over the configured providers and if none of them support the 
> algorithm then it will move onto the other installed providers looking 
> for one that supports this algorithm.
> 
> On the dynamic registration via Security.addProvider then I would think 
> it should be an error for someone to install the provider as a service 
> provider module and also attempts to register it themselves (and to 
> register it themselves would require they have some means to instantiate 
> it, suggesting it exports an API for that). It may be that bundled 
> providers intended to be dynamically registered just don't declare 
> themselves as services.
> 
> So I think it would be good to re-visit this, not critical for the 
> initial push of course.

Ok, that's good. It's a bit more work to make providers not configured in
java.security available by default -- it will require more surgery to the
sun.security.jca classes, so I'd rather do this later.

I've created a new CR to track the issues we should look at later:

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7191104

--Sean

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic