[concurrency-interest] ThreadPoolExecutor.shutdown() andpermission

David Holmes dholmes at dltech.com.au
Wed Oct 19 12:28:18 EDT 2005


> Yes i agree with you,  but if the security manager wants to ignore the
> policy it's not the responsibility of shutdown() to care about such
detail.
>
> By doing this, shutdown() you break the general security architecture of
> Java.

I disagree. The SecurityManager is a remnant of the old security
architecture. The 1.2 architecture says that security is determined by the
installed security policy. If shutdown should be allowed then the correct
permission should be installed. The additional check of the SecurityManager
is to allow for a more restrictive security policy not a less restrictive
one.

That said it does seem that we enforce more security than other core classes
do, even Thread. I thought that Thread used both SecurityManager.checkAccess
and SecurityManager.checkPermission in certain cases, so that the need for
the permission could block access even if checkAccess allowed it. I presumed
that SecurityManager.checkPermission would be final but it is not - which
seems like an oversight to me (otherwise why call checkAccess and
checkPermission?)

The strategy used on shutdown() was approved by the JDK security folk.

Cheers,
David Holmes



More information about the Concurrency-interest mailing list