On 12/09/2014 08:14, Peter Levart wrote:
:
Just a question about security and delayed execution...
If at the time the configuration listener is added to the LogManager,
SecurityManager is not set, the listener will be invoked directly even
if at time the listener is invoked, SM has been set.
True but we typically don't get concerned about this. That is all bets
are off if you allow untrusted code to run before setting the security
manager. So normally the assumption is that you are either running with
or without a security manager, ignoring the case when it might be set or
unset mid-flight. Also for the common case (running without a security
manager) then you avoid needing to stash away the access control context
as that has a number of side effects (Stanimir has picked up on this).
Clearly there is a timing issue with code that runs early in the startup
before the system class loader has fully initialized and the security
manager set but great care has to be taken in those code paths.
-Alan
