On Jun 21, 2012, at 8:02 PM, Joe Wang wrote: > >> >> On the implementation changes then I agree with Paul's comment that there is >> a lot of duplication. I realize you have inherited some technical debt but >> now seems a good opportunity to clean this up instead of changing >> essentially the same code in lots of places. > > As discussed, it's security required. >
What exactly were the security reasons? is it related to something messing around with the static state? I still think we can factor out some common functionality. One solution is a deferral: define in the same package a public class that access information in a package private class. If you stick to using ServiceLoader.load you can avoid using SecurtySupport to obtain the TCCL for the service loading case. >> >> I don't understand the need for the Class.forName in findServiceProvider as >> I thought this method should just use ServiceLoader. > > For XPath, Transformer, Datatype and Validation, it's possible get rid of > that since the factory finder is dedicated to a single factory. For the > parsers and stream, it's shared by multiple factories, Class.forName is used > to return Class by name, or factory id. But can the service interface class (factory id) be absent in the latter case? If not perhaps Class can be used instead. Paul.
