prefer modern java.time classes over unsafe legacy ones

TritonDataCenter / java-http-signature

Library for performing RSA signed HTTP requests in Java

Mozilla Public License 2.0

17 stars 13 forks source link

prefer modern java.time classes over unsafe legacy ones #35

Closed cburroughs closed 7 years ago

cburroughs commented 7 years ago

Java 8 included JRS-310 which brought in modern date/time libraries. The legacy java.util.Date is mutable(!), doesn't actually represent a date(!!), and companion classes are not thead-safe. In particular the existing call to SimpleDateFormat.format was unsafe from multiple threads, which left callers of Signer in perpetual risk of errors.

ref #34

cburroughs commented 7 years ago

Your reading is correct! Although I have no evidence that this is a particularly hot method.