Joe,
I believe you are correct, a
thread getting a SecurityException could cause a deadlock. However, I also think that this case should never happen unless you've got a programming bug or the JVM gets hosed during execution.
Consider a basic book function (I leave out exception handling intentionally here):
With code like this, assuming lock works correctly, how could an incorrect cookie ever occur unless something was seriously wrong? The cookie is method -local and so how could anyone else change it? So, the way I see it, this "security model" is kind of bogus for an app with a book method like above. Yes, if the cookie is corrupted this could cause problems, but if your JVM is hosed then I would think all bets are off for any running classes.
One note, my thinking is based around book/find methods provided by a service layer that is called (possibly over a net via RMI) by clients, though I think the same is true if the client itself does the book sequence.
Regards,
Jay