Several activities should make use of the Java SecurityManager to ensure the caller has the appropriate privileges to perform the activity. These activities should be wrapped in a block such as the following:

String lineSeparator = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run()

{ return System.getProperty("line.separator"); }

}
);

obviously with the correct generic type for whatever is being returned from the run. (Nice and concise, huh? Ugh.)

We need to go through all of the (non-test) code and add this checking (if it is not already there) when the following types of activities are performed:

• System.getProperty
• System.setProperty
• Thread.currentThread().getContextClassLoader()
• All code executed via reflection