Details
-
Sub-task
-
Resolution: Delivered
-
P4
-
8u321, 11.0.12.0.3-oracle, 11.0.14-oracle, 17
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8275157 | 11.0.14-oracle | Clifford Wayne | P4 | Resolved | Delivered | |
| JDK-8292091 | 11.0.12.0.3-oracle | Sean Coffey | P4 | Resolved | Delivered | |
| JDK-8275166 | 8u321 | Clifford Wayne | P4 | Resolved | Delivered |
Description
SunPKCS11 provider adds new provider configuration attributes to better control native resources usage. The SunPKCS11 provider consumes native resources in order to work with native PKCS11 libraries. To manage and better control the native resources, additional configuration attributes are added to control the frequency of clearing native references as well as whether to destroy the underlying PKCS11 Token after logout.
The 3 new attributes for SunPKCS11 provider configuration file are:
1) `destroyTokenAfterLogout` (boolean, defaults to false)
If set to true, when `java.security.AuthProvider.logout()` is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after `logout()` calls. Note that a PKCS11 provider with this attribute set to `true` should not be added to the system provider list since the provider object is not usable after a `logout()` method call.
2) `cleaner.shortInterval` (integer, defaults to 2000, in milliseconds)
This defines the frequency for clearing native references during busy period (such as, how often should the cleaner thread processes the no-longer-needed native references in the queue to free up native memory). Note that the cleaner thread will switch to the 'longInterval' frequency after 200 failed tries (such as, when no references are found in the queue).
3) `cleaner.longInterval` (integer, defaults to 60000, in milliseconds)
This defines the frequency for checking native reference during non-busy period (such as, how often should the cleaner thread check the queue for native references). Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.
The 3 new attributes for SunPKCS11 provider configuration file are:
1) `destroyTokenAfterLogout` (boolean, defaults to false)
If set to true, when `java.security.AuthProvider.logout()` is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after `logout()` calls. Note that a PKCS11 provider with this attribute set to `true` should not be added to the system provider list since the provider object is not usable after a `logout()` method call.
2) `cleaner.shortInterval` (integer, defaults to 2000, in milliseconds)
This defines the frequency for clearing native references during busy period (such as, how often should the cleaner thread processes the no-longer-needed native references in the queue to free up native memory). Note that the cleaner thread will switch to the 'longInterval' frequency after 200 failed tries (such as, when no references are found in the queue).
3) `cleaner.longInterval` (integer, defaults to 60000, in milliseconds)
This defines the frequency for checking native reference during non-busy period (such as, how often should the cleaner thread check the queue for native references). Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.
Attachments
Issue Links
- backported by
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-