Re: [jira] [Commented] (RIVER-444) Extract classdep and other tools to a separate project and upgrade to JDK1.8

Sun, 21 Dec 2014 01:18:59 -0800

One issue with ProfilingSecurityManager is it depends on private state of jvm classes and it uses reflection to access it. This has always bothered me, but I never did anything about it.
We can create a new DebugSecurityManager that extends CombinerSecurityManager that performs the same task using only public api, this would fit into the runtime tools component. 


The reason for the existance of this SecurityManager, is not all 
ProtectionDomain's in the AccessControlContext consult the installed 
policy during a permission check.  Some Protec tionDomain's are given 
their permissions during construction, by consulting the policy at the 
time of their instantiation, however they never again consult the policy 
(depending on the ProtectionDomain constructor used), so using 
DebugDynamicPolicyProvider, we don't know the execution context when 
they requrie these permissions.



Something else to be aware of, is lazy class initialization may alter 
when a ProtectionDomain appears in the AccessControlContext, different 
jvm versions, subtle library or application code revisions or even state 
may determine when classes are initialized by the jvm.



For example, there are occassions when I've had to change policy files 
in the test suite between Java 1.4, 5 and 6 due to changes in the 
execution context.


Cheers,

Peter.

On 15/12/2014 4:39 AM, Greg Trasuk (JIRA) wrote:

     [ 
https://issues.apache.org/jira/browse/RIVER-444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14246047#comment-14246047
 ]

Greg Trasuk commented on RIVER-444:
-----------------------------------

ProfilingSecurityManager was removed from the production branch as part of a 
cleanup of license headers (it wasn't developed as part of River):

<--Begin commit message -->
URL: http://svn.apache.org/r1540532 Log: Added Apache license header to
com.sun.jini.jeri.internal.runtime.SequenceEntry.java (It was part of the
original code donation).

Remove com.sun.jini.tool.ProfilingSecurityManager. Although its license was
compatible with AL2.0, it wasn't original to Jini, and it is readily available
on the web.
<-- End commit message -->

















    











					Reply via email to