...
An object should use a private internal lock object rather than its own intrinsic lock unless all of the following conditions are met:the class can guarantee that untrusted code may not:
- Subclass the class (However, trusted code may subclass the class.)
- Create an object of the
- The object's class is package-private and untrusted code cannot infiltrate the package.
- No objects of that class (or a subclass) ever escape its package, for instance, because of
thisreference leaks (which are described in CON14-J. Do not let the "this" reference escape during object construction). - Access an object of the class (or a subclass)
Furthermore, the class must also ensure that no superclasses it inherits from None of the object's superclasses use synchronization at all.
If any of these conditions restrictions are violatednot met, the object's intrinsic lock is not trustworthy. If all conditions are satisfied, then the object gains no significant security from using a private internal lock object, and may synchronize using its own intrinsic lock.
...