On 04/02/15 16:01, Peter Levart wrote:
On 02/04/2015 04:45 PM, Alan Bateman wrote:
On 04/02/2015 15:10, Weijun Wang wrote:
It should be checked, otherwise a non-initialized parent object comes
into being.
In general then permission checks in constructors are a bad idea but
we have an established idiom that has the no-arg constructor invoking
a static method that does the permission check.
-Alan
There is an alternative. The
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.checkMBeanTrustPermission(Class<?>)
checks the permission without running any code of the class.
I did look at checking the permission of the impl class, but with
service loader this would have to be done after the instance is created,
which in itself should not be a big issue here as the provider would not
be used by java.net.URL, but the side-effect is that we end up creating
an instance that will not be used.
> But if
verify-er checks constructor flow then this is as good as proposed.
I am happy that the verifier will catch this. This is an established
idiom that has been used in other, more sensitive, areas.
I'll see if I can prove this with an out-of-order compilation, or something.
-Chris.
