JDK-8160768: LdapDnsProviderService confined to application class loader
Alan Bateman
Alan.Bateman at oracle.com
Thu Apr 16 09:46:46 UTC 2020
On 16/04/2020 09:46, Osipov, Michael wrote:
> Folks,
>
> can some one, or Rob, explain why this class is explicitly tied to the
> application class loader [1] when using the ServiceLoader? Is there
> any specific implication when the thread context class loader is used?
>
> This makes it rather problematic using in a stacked class loader
> environment as Apache Tomcat [2]. I can neither put it in the webapp
> class path nor the common.loader class path although the caller is in
> common.loader. I have patched the class locally, recomplied OpenJDK 14
> and it worked from both, application class loader and Tomcat's
> common.loader.
>
> Can someone explain this?
I think you are asking for the spec of InitialDirContext to be changed
to specify the TCCL rather than the system class loader when locating
the provider for DNS lookups when using LDAP. There are significant
security issues that would require a lot of detailed analysis before
going there. Not clear to me that it's worth it as I can't imagine there
are many web applications that would want to bundle one of these
providers. Does it work if you put the provider on the class path that
Tomcat uses?
-Alan.
More information about the core-libs-dev
mailing list