On 09/12/2014 11:21 AM, Alan Bateman wrote:
On 12/09/2014 08:14, Peter Levart wrote:
:
Just a question about security and delayed execution...
If at the time the configuration listener is added to the LogManager,
SecurityManager is not set, the listener will be invoked directly
even if at time the listener is invoked, SM has been set.
True but we typically don't get concerned about this. That is all bets
are off if you allow untrusted code to run before setting the security
manager.
I buy that, yes...
Regards, Peter
So normally the assumption is that you are either running with or
without a security manager, ignoring the case when it might be set or
unset mid-flight. Also for the common case (running without a security
manager) then you avoid needing to stash away the access control
context as that has a number of side effects (Stanimir has picked up
on this). Clearly there is a timing issue with code that runs early in
the startup before the system class loader has fully initialized and
the security manager set but great care has to be taken in those code
paths.
-Alan
