...
| Code Block | ||
|---|---|---|
| ||
class Base {
static DateFormat format =
DateFormat.getDateInstance(DateFormat.MEDIUM);
public Date parse(String str) throws ParseException {
synchronized (Base.class) {
return format.parse(str);
}
}
}
// ...
|
This code example always synchronizes on the Base.class object, even if it is called from a Derived object.
...
| Code Block | ||
|---|---|---|
| ||
class Base {
static DateFormat format =
DateFormat.getDateInstance(DateFormat.MEDIUM);
public Date parse(String str) throws ParseException {
synchronized (Class.forName("Base")) {
return format.parse(str);
}
}
}
// ...
|
It is important that untrusted inputs are not accepted as arguments while loading classes using Class.forName(). See guideline SEC05-J. Do not expose standard APIs that use the immediate caller's class loader instance to untrusted code for more information.
...