[concurrency-interest] ThreadPoolExecutor.shutdown() and
forax at univ-mlv.fr
Wed Oct 19 12:00:49 EDT 2005
David Holmes wrote:
>>In ThreadPoolExecutor.shutdown(), if i have correctly understand the
>>documentation, the code first checks if permission "modifyThread"
>>is granted and then for each worker threads checks checkAccess.
>>Why in order to check permission "modifyThread",
>>you use AccessController.checkPermission() and not
>Only AccessController.checkPermission guarantees that you actually check if
>you have the permission. This class can't be modified by the application.
>The SecurityManager.checkAccess could do anything it wants even ignoring the
>installed security policy.
Yes i agree with you, but if the security manager wants to ignore the
it's not the responsibility of shutdown() to care about such detail.
By doing this, shutdown() you break the general security architecture of
Perhaps for you, this code is more secure but if additionnal security
implemented by the security manager, these tests are bypassed.
So this code can be considered as less secured.
>So to perform shutdown() you have to have the global modifyThread
>permission, and for each worker thread the SecurityManager's checkAccess
More information about the Concurrency-interest