Creating Thread in AccessController.doPrivileged()
Tom Hawtin
tom.hawtin at oracle.com
Mon Apr 28 15:21:04 UTC 2014
On 24/04/2014 06:06, Zhong Yu wrote:
> If a thread is created inside AccessController.doPrivileged(), it
> seems to inherit AccessControlContext from the calling thread, is that
> the expected/specified behavior?
It should inherit the acc from when it was created. If that context was
privileged by the use of doPrivileged, then it will follow the normal
rules. The restricted do privileged in Java SE 8 behaves peculiarly (as
specified).
> I'm asking because I tried to solve this problem: A spawned Thread
> contains strong references to all call stack class loaders through
> Thread.inheritedAccessControlContext. I try to avoid that and make
> sure that only the immediate caller class loader is referenced; my
> concern is rather garbage collection than permissions. Is there anyway
> to achieve that?
You need to make sure you aren't doing something too privileged. If
you're going to use doPrivileged in this manner, you should check that
the calling context before the doPrivilieged has at least the
permissions as inside. In particular, using only the immediate caller
permissions is problematic.
Tom
More information about the core-libs-dev
mailing list