On Mon, Nov 9, 2009 at 16:34, Martin Buchholz <marti...@google.com> wrote: > (In response to Joe, who once asked me for little things to add > to the core libraries) > > Lots of classes need to use System.getProperty("line.separator"). > Many don't do it right because you need to use > a doPrivileged block whenever you read a system property. > Yet it is no secret - you can divine the line separator > even if you have no trust with the security manager.
Let me clarify somewhat. The default Policy defined in src/share/lib/security/java.policy allows you to access standard system properties such as line.separator, but... $ cat Println.java && java Println import java.security.*; public class Println { public static void main(String[] args) { Policy.setPolicy(new java.security.Policy() { public boolean implies(ProtectionDomain pd, Permission p) { return false; }}); System.setSecurityManager(new SecurityManager()); System.out.printf("%n"); String.format("%n"); } } ==> javac -source 1.6 -Xlint:all Println.java ==> java -esa -ea Println Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission line.separator read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302) at java.lang.System.getProperty(System.java:669) at java.util.Formatter$FormatSpecifier.print(Formatter.java:2700) at java.util.Formatter.format(Formatter.java:2437) at java.io.PrintStream.format(PrintStream.java:937) at java.io.PrintStream.printf(PrintStream.java:838) at Println.main(Println.java:10) --- Also, File.java only makes available the first char of the system properties (ensuring that Java will never work on platforms where file.separator is more than one character, or is a supplementary character? Martin