classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question about serialization

From: Chris Gray
Subject: Re: question about serialization
Date: Tue, 5 Aug 2003 11:52:24 +0200 
On Tuesday 05 August 2003 01:43, Bryce McKinlay wrote:

> The performance implications of all this are also rather concerning -
> walking up the stack is going to be fairly slow. But I presume that for
> normal applications where security is not required (ie
> System.getSecurityManager()), such checks are avoided?

Performance is definitely an issue, so ideally it should be possible to omit 
stack checks in systems where this is not required.  But you only need to do 
a stack walk when explicitly requested, i.e when 
AccessController.checkPermission() is invoked.  For each stack frame you have 
to find the ProtectionDomain associated with the class in which the method 
being executed was declared; the set of distinct ProtectionDomain's is the 
AccessControlContext which will determine wheher the check passes or fails.  
Most of the time the number of distinct ProtectionDomain's will be rather 
small, the order doesn't matter, and all-powerful "system" classes have no 
effect on the end result; so opportunities for optimisation abound.

-- 
Chris Gray                                /k/ Embedded Java Solutions
Embedded & Mobile Java, OSGi              http://www.kiffer.be/k/
address@hidden                      +32 477 599 703
reply via email to
[Prev in Thread] Current Thread [Next in Thread]