Question
Is it acceptable to globally and finally store the check for a security manager?
Given the following line of code:
https://stackoverflow.com/questions/18322489
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianpublic static final boolean SEC_ON = (System.getSecurityManager() != null);
Would it be acceptable to place this in a library and reuse the result throughout the lifetime of the JVM?
Why? or Why not?
[update] Similar code exists in the reference implementation of the Java EE - JSP specification. Any app server/servlet container which uses it will not support dynamic configuration of a SecurityManager.
Solution 3
After petitioning the Java EE user group on the subject (https://java.net/projects/javaee-spec/lists/users/archive/2013-08/message/8), it appears their stance is to not make any such determination about whether it's ok to do this or not.
So, sadly while we may wish the answer to be "you should not do that", the reality is that you cannot rely on that assumption, because someone is and will probably continue to do it.
OTHER TIPS
No. A security manager can be installed at any time if not present initially.
Since the security manager can change at any time during the lifetime of the JVM, this is not a good practice. If they need a convenience shortcut, they should use a method such as:
public static boolean isSecurityOn() {
return (System.getSecurityManager() != null);
}
