RFR: 8043306 - Provide a replacement for the API that allowed to listen for LogManager configuration changes

Alan Bateman Alan.Bateman at oracle.com
Fri Sep 12 09:21:25 UTC 2014

On 12/09/2014 08:14, Peter Levart wrote:
> :
> Just a question about security and delayed execution...
> If at the time the configuration listener is added to the LogManager, 
> SecurityManager is not set, the listener will be invoked directly even 
> if at time the listener is invoked, SM has been set.
True but we typically don't get concerned about this. That is all bets 
are off if you allow untrusted code to run before setting the security 
manager. So normally the assumption is that you are either running with 
or without a security manager, ignoring the case when it might be set or 
unset mid-flight. Also for the common case (running without a security 
manager) then you avoid needing to stash away the access control context 
as that has a number of side effects (Stanimir has picked up on this). 
Clearly there is a timing issue with code that runs early in the startup 
before the system class loader has fully initialized and the security 
manager set but great care has to be taken in those code paths.


More information about the core-libs-dev mailing list