[jboss-as7-dev] About the getSecurityManager() optimization
David M. Lloyd
david.lloyd at redhat.com
Mon Mar 4 10:40:08 EST 2013
On 03/04/2013 09:35 AM, Anil Saldhana wrote:
> The reason why we had package level securityactions/privileged blocks
> was mainly to provision the permissions down to the package level (if
> need be). Having singleton classes representing priv blocks may be ok
> for AS core code. However, how do we prevent applications from using these
> singleton priv blocks?
No need to do so - the application still has to use doPrivileged from
their own code base. All we do is provide an object to give to it, to
avoid redundant classes from being defined and object instances from
being created. IOW there's no security risk that didn't already exist.
That said, this API is private (aka not supported by us for external
use), so we're free to change it or remove it at any time if we need to.
--
- DML
More information about the jboss-as7-dev
mailing list