Mailing-List: contact dev-help@ant.apache.org; run by ezmlm
Message-ID: <3E498D94.5020200@cortexebusiness.com.au>
Date: Wed, 12 Feb 2003 10:56:04 +1100
From: Conor MacNeill <conor@cortexebusiness.com.au>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
MIME-Version: 1.0
To: Ant Developers List <dev@ant.apache.org>
Subject: Re: [PATCH] Main.runBuild does not need to setSecurityManager
References: <5ED0425E-3C96-11D7-B3E3-000393A564E6@ehatchersolutions.com>
 <3E472074.3020304@cortexebusiness.com.au> <3E4970AD.7070005@develop.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Stu Halloway (DevelopMentor) wrote:
> 
> Ant isn't using a SecurityManager (well, at least not at this point in 
> the code). It's getting the one *I* set, then resetting it to the same 
> value. This is a no-op except for the fact that Ant now asserts a 
> permission that it doesn't need.

Agreed. This is the situation now and the code that is there is the "runt" 
of an attempt to turn on a security manager that would prevent a task from 
causing Ant to exit by calling System.exit(). This is the 
NoExitSecurityManager. I think the reason that is not done was JDK 1.1 
compatability although ISTR that Peter suggested setting the security 
manager after some classes were loaded from the jar would cause a problem.

> 
>> IOW, Main is the command line driver for Ant. If you are integrating 
>> Ant into another environment with its own security manager, you should 
>> be integrating Project. 
> 
> 
> What if I am integrating Ant into a non-Java environment, and want to 
> turn on security from the command line? Is this usage invalid?
> 

Yes, that is valid. I think Erik should go ahead and apply your patch. I'd 
also like to get your thoughts (and others) on an effective way to stop a 
non-forked Java program or a task from causing Ant to exit.

Conor