...
| Wiki Markup |
|---|
The _private lock object_ idiom can be used to prevent the DoS vulnerability. The idiom consists of a {{private}} object declared as an instance field. The {{private}} object must be explicitly used for locking purposes in {{synchronized}} blocks, within the class's methods. This lock object belongs to an instance of the object and is not associated with the class object itself. Consequently, there is no lock contention between a class method and a method of the hostile class when both try to lock on the class object. \[[Bloch 01|AA. Java References#Bloch 01]\] |
...
Thread-safe classes that use intrinsic synchronization may be protected by using the private lock object idiom and adapting them to use block synchronization. In this compliant solution, if the method changeValue() is called, the lock is obtained on a private Object that is both invisible and inaccessible from the caller.
...