classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: java.util.ResourceBundle bug?

From: Mark Wielaard
Subject: Re: java.util.ResourceBundle bug?
Date: Sun, 4 Nov 2001 10:08:37 +0100
User-agent: Mutt/1.3.23i 
Hi,

On Sun, Nov 04, 2001 at 02:30:50PM +1300, Bryce McKinlay wrote:
> 
> OK, I guess we'll go with this approach then. Is the 
> AccessController.doPrivileged() actually required, given that 
> ResourceBundle (and its "private" security manager) will always be 
> loaded by the bootstrap classloader?

Permissions depend on the complete Class call chain. If any class in the
call chain does not have the required permission then the security check
will fail.

If a Class is loaded through a reference by another Class then the security
context of its static initialization blocks is dependend on the complete
class call chain that made the Class get loaded for the first time.
(Yes, this does mean that depending on the actual way classes are loaded,
which might depend on multi-threaded behaviour, class initialization might
or might not give a SecurityException.)

But if you can prove that a class is loaded/initialized very early in the
startup process (without any user class code yet being executed) and it is
not possible for the Class to get garbage collected (which is often not
supported for VM bootstrap classes) then the doPrivileged() might not be
necessary. And even then I would not depend on this behaviour.

Note that we currently have no actual Permission checking. But most of the
infrastructure is in place.

Cheers,

Mark

-- 
Stuff to read:
    <http://www.toad.com/gnu/whatswrong.html>
  What's Wrong with Copy Protection, by John Gilmore
reply via email to
[Prev in Thread] Current Thread [Next in Thread]