RFR: 8043306 - Provide a replacement for the API that allowed to listen for LogManager configuration changes

Peter Levart peter.levart at gmail.com
Fri Sep 12 12:04:39 UTC 2014

On 09/12/2014 11:21 AM, Alan Bateman wrote:
> On 12/09/2014 08:14, Peter Levart wrote:
>> :
>> Just a question about security and delayed execution...
>> If at the time the configuration listener is added to the LogManager, 
>> SecurityManager is not set, the listener will be invoked directly 
>> even if at time the listener is invoked, SM has been set.
> True but we typically don't get concerned about this. That is all bets 
> are off if you allow untrusted code to run before setting the security 
> manager. 

I buy that, yes...

Regards, Peter

> So normally the assumption is that you are either running with or 
> without a security manager, ignoring the case when it might be set or 
> unset mid-flight. Also for the common case (running without a security 
> manager) then you avoid needing to stash away the access control 
> context as that has a number of side effects (Stanimir has picked up 
> on this). Clearly there is a timing issue with code that runs early in 
> the startup before the system class loader has fully initialized and 
> the security manager set but great care has to be taken in those code 
> paths.
> -Alan

More information about the core-libs-dev mailing list