Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8240256 Better resource cleaning for SunPKCS11 Provider
  3. JDK-8272907

Release Note: New SunPKCS11 configuration properties

    XMLWordPrintable

    Details

      Backports

        Description

        SunPKCS11 provider adds new provider configuration attributes to better control native resources usage. The SunPKCS11 provider consumes native resources in order to work with native PKCS11 libraries. To manage and better control the native resources, additional configuration attributes are added to control the frequency of clearing native references as well as whether to destroy underlying PKCS11 Token after logout.

        The 3 new attributes for SunPKCS11 provider configuration file are:
        1) `destroyTokenAfterLogout` (boolean, defaults to false)
        If set to true, when `java.security.AuthProvider.logout()` is called upon the SunPKCS11 provider instance, the underlying Token object will be destroyed and resources will be freed. This essentially renders the SunPKCS11 provider instance unusable after logout() calls. Note that a PKCS11 provider with this attribute set to true should not be added to the system provider list since the provider object is not usable after a logout() method call.

        2) `cleaner.shortInterval` (integer, defaults to 2000, in milliseconds)
        This defines the frequency for clearing native references during busy period, i.e. how often should the cleaner thread processes the no-longer-needed native references in the queue to free up native memory. Note that the cleaner thread will switch to the 'longInterval' frequency after 200 failed tries, i.e. when no references are found in the queue.

        3) `cleaner.longInterval` (integer, defaults to 60000, in milliseconds)
        This defines the frequency for checking native reference during non-busy period, i.e. how often should the cleaner thread check the queue for native references. Note that the cleaner thread will switch back to the 'shortInterval' value if native PKCS11 references for cleaning are detected.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                coffeys Sean Coffey
                Reporter:
                coffeys Sean Coffey
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: