[GR-57827] Move the initialization of security providers from build time to run time and place it behind the --future-defaults flag.
#10143
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oracle-contributor-agreement
bot
added
the
OCA Verified
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
5 times, most recently
from
34af8ac to
6456842
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
6456842 to
7dcb3a1
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
7dcb3a1 to
032d899
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
3 times, most recently
from
89ff8f9 to
123c4d4
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
2 times, most recently
from
7b5e4ab to
945f038
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
945f038 to
d9b4f9d
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
d9b4f9d to
8c19084
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
8c19084 to
cabc6c2
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
cabc6c2 to
3c93db2
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
3c93db2 to
6fa2f31
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
2 times, most recently
from
a96aec3 to
32501d8
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
4 times, most recently
from
f7b5c08 to
a36a031
Compare
graalvmbot
changed the title
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
a36a031 to
9884742
Compare
graalvmbot
changed the title
graalvmbot
changed the title
--future-defaults flag.
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
2 times, most recently
from
5e20e93 to
1883add
Compare
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
3 times, most recently
from
b59fc06 to
f98245e
Compare
…efaults flags. Add a test for security provider run time registration. Add entry to a CHANGELOG.md Parse java.security.properties file at run time.
graalvmbot
force-pushed
the
js/GR-57827/providers-in-build-time
branch
from
f98245e to
af69098
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation:
Currently, security providers are initialized at build time, which leads to several unwanted side effects, such as pulling unnecessary objects into the image heap and snapshotting values from the builder's JVM... (see #8674 and #5950). The only aspect related to the provider that still needs to happen at build time is provider verification. Since we can now initialize a class twice in Native Image (once at build time and again at run time), this gives us the opportunity to move their initialization to run time.
Code Walkthrough:
SecurityServicesFeature.java).ServiceLoaderFeature.java).SecurityProvidersSupport), avoiding the need to keep provider objects in the image heap (seeSecuritySubstitutions).SecuritySubstitutions.XMLDSigRIfromTrustStoreManager.SecurityServiceTestto align with the new changes.CHANGELOG.mdentry.Note: The feature is now hidden behind the --future-defaults=all or --future-defaults=run-time-initialized-jdk flag (take a look here for more details).