Nirmal Fernando <nirmal070...@gmail.com> writes:
> Do I have to perform IO operations like following?
>
> AccessController.doPrivileged
> (new java.security.PrivilegedAction() {
>
> public Object run() {
> //IO operations
> }
> }
Yes, exactly. You only need this around the call that creates the
FileOutputStream, not around every write() call on that stream.
> Any documentation on this would be really nice.
I haven't seen any document describing how to use it in Derby, but I
think the basic rule is that any call to a method that can raise a
SecurityException should be put inside a doPrivileged block, so that we
don't need to grant permissions to all jars in the call
stack.
Unfortunately, we don't have any way to enforce this policy at build
time, but we run the tests under a security manager with a small set of
privileges granted to try to detect if we've missed something.
--
Knut Anders
