...
Explicitly define the name of the class through name qualification (superclass in this compliant solution) in the synchronization synchronized block.
| Code Block | ||
|---|---|---|
| ||
public void doSomething() {
synchronized(SuperclassName.class) {
// ...
}
}
|
The class object being synchronized must should not be accessible to hostile code. If the class is package-private, then external packages may not access the Class object, ensuring its trustworthiness as an intrinsic lock object. For more information, see CON04-J. Synchronize using an internal private final lock object.
...
The class object being synchronized must should not be accessible to hostile code, as discussed in the previous compliant solution. Furthermore, care must be taken so that untrusted inputs are not accepted as arguments while loading classes using Class.forname() (see SEC05-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code for more information).
...
Synchronizing on an inappropriate field object can provide a false sense of thread safety and result in non-deterministic behavior.
...