On 24/04/2014 06:06, Zhong Yu wrote:
If a thread is created inside AccessController.doPrivileged(), it seems to inherit AccessControlContext from the calling thread, is that the expected/specified behavior?
It should inherit the acc from when it was created. If that context was privileged by the use of doPrivileged, then it will follow the normal rules. The restricted do privileged in Java SE 8 behaves peculiarly (as specified).
I'm asking because I tried to solve this problem: A spawned Thread contains strong references to all call stack class loaders through Thread.inheritedAccessControlContext. I try to avoid that and make sure that only the immediate caller class loader is referenced; my concern is rather garbage collection than permissions. Is there anyway to achieve that?
You need to make sure you aren't doing something too privileged. If you're going to use doPrivileged in this manner, you should check that the calling context before the doPrivilieged has at least the permissions as inside. In particular, using only the immediate caller permissions is problematic.
Tom
