Dan Creswell wrote:
I'd also observe that running multiple processes gets you out of this predicament.
Yes that's true too.Since it's a global class lock on Policy, it does make it a possible avenue to perform denial of service. I might just raise a bug report and suggest it be changed to an internal explicit lock, so it can't be obtained until after the permission check is performed.
Interestingly Oracle's talking about process isolation for Java 9. Cheers, Peter.
