RFR: 8043306 - Provide a replacement for the API that allowed to listen for LogManager configuration changes
Alan Bateman
Alan.Bateman at oracle.com
Fri Sep 12 09:21:25 UTC 2014
On 12/09/2014 08:14, Peter Levart wrote:
> :
>
> Just a question about security and delayed execution...
>
> If at the time the configuration listener is added to the LogManager,
> SecurityManager is not set, the listener will be invoked directly even
> if at time the listener is invoked, SM has been set.
True but we typically don't get concerned about this. That is all bets
are off if you allow untrusted code to run before setting the security
manager. So normally the assumption is that you are either running with
or without a security manager, ignoring the case when it might be set or
unset mid-flight. Also for the common case (running without a security
manager) then you avoid needing to stash away the access control context
as that has a number of side effects (Stanimir has picked up on this).
Clearly there is a timing issue with code that runs early in the startup
before the system class loader has fully initialized and the security
manager set but great care has to be taken in those code paths.
-Alan
More information about the core-libs-dev
mailing list