Ant isn't using a SecurityManager (well, at least not at this point in the code). It's getting the one *I* set, then resetting it to the same value. This is a no-op except for the fact that Ant now asserts a permission that it doesn't need.
Agreed. This is the situation now and the code that is there is the "runt" of an attempt to turn on a security manager that would prevent a task from causing Ant to exit by calling System.exit(). This is the NoExitSecurityManager. I think the reason that is not done was JDK 1.1 compatability although ISTR that Peter suggested setting the security manager after some classes were loaded from the jar would cause a problem.
IOW, Main is the command line driver for Ant. If you are integrating Ant into another environment with its own security manager, you should be integrating Project.
What if I am integrating Ant into a non-Java environment, and want to turn on security from the command line? Is this usage invalid?
Yes, that is valid. I think Erik should go ahead and apply your patch. I'd also like to get your thoughts (and others) on an effective way to stop a non-forked Java program or a task from causing Ant to exit.
Conor
