Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
The _private lock object_ idiom prevents this vulnerability. The idiom consists of a {{java.lang.Object}} declared within the class as {{private}} and {{final}}. The object must be explicitly used for locking purposes in {{synchronized}} blocks, within the class's methods. This intrinsic lock is associated with the instance of the internal private object and not with the class itself. Consequently, there is no lock contention between this class's methods and methods of a hostile class. \[[Bloch 01|AA. Java References#Bloch 01]\]. 

Static state has the same potential problem. If a static method is declared synchronized, the intrinsic lock of the class object is acquired before executing the statements in its body, and released when the method completes. Any untrusted code that can access an object of the class, or a subclass, can use the getClass() method to gain access to the class object. The private lock object idiom can be used to protect static data by declaring the lock as private, static and final. Reducing the accessibility of the class to package-private may offer some reprieve from untrusted callers when using strategies other than internal locking.

...