Thanks David for the detailed response! On Mon, Oct 8, 2018 at 7:27 AM David Lloyd <david.ll...@redhat.com> wrote:
> I think it's pretty reasonable to > document that user programs that wish to have context-sensitive > loggers should grant the "getStackWalkerWithClassReference" > RuntimePermission to the logging JAR/module. I looked for documentation on how to grant runtime permissions for a specific module via the commandline or in a policy file, but I couldn't figure out how to do this. The closest I found was "grant codeBase <URL>" -- is this the right mechanism, used with the module location URL? > I think a single clear > behavior plus a documentation note would result in a better user > experience than falling back through multiple potentially differing > behaviors based on run time factors which may not be immediately clear > to the user. > You make good points about predictability and expectations, although in my current implementation the series of fallbacks is mostly intended to support both JDK 9+ and JDK 7/8. (I implemented the StackWalker code using reflection so that the code can be compiled for JDK 7.) The last `Exception#getStackTrace()` fallback is there in case the main mechanism for JDK 9+ or 7/8 doesn't work due to a SecurityException, so maybe that's the case that should be removed in favor of clear documentation about the need for runtime permissions if a SecurityManager is installed.
