RFR: 8330005: RandomGeneratorFactory.getDefault() throws exception when the runtime image only has java.base module [v6]
Raffaello Giulietti
rgiulietti at openjdk.org
Sun May 5 12:08:59 UTC 2024
On Sun, 5 May 2024 05:28:07 GMT, Alan Bateman <alanb at openjdk.org> wrote:
>> Raffaello Giulietti has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains seven additional commits since the last revision:
>>
>> - Merge branch 'master' into 8330005
>> - Restrict RandomGenerator service providers to those loadable by the platform class loader.
>> - Typo.
>> - Added @uses javadoc tag for j.u.r.RandomGenerator in java.base.
>> - Terminology changes.
>> - Renamed package jdk.random to jdk.internal.random.
>> - 8330005: RandomGeneratorFactory.getDefault() throws exception when the runtime image only has java.base module
>
> src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 147:
>
>> 145: FactoryMapHolder.class.getModule().addUses(RandomGenerator.class);
>> 146: return ServiceLoader
>> 147: .load(RandomGenerator.class, ClassLoader.getPlatformClassLoader())
>
> SecurityManager is still a supported execution mode so you'll need to get the platform class loader in a privileged block until the SM feature is removed.
Yes, I considered the interactions with a security manager.
But here the call to `getPlatformClassLoader()` is done from a platform class, namely `FactoryMapHolder` itself. According to its documentation, the call succeeds in this case because the security manager is not even consulted.
When experimenting with the following code and the default manager, as with `-Djava.security.manager=default`, no exceptions are thrown, neither with the full JDK nor with the minimal image that just includes `java.base`. There's only a warning about future removal of `SecurityManager`, as expected from JEP 411.
import java.util.random.*;
public class Foo {
public static void main(final String[] args) throws Exception {
RandomGeneratorFactory.all().forEach(g -> System.out.println(g.name()));
final RandomGeneratorFactory<RandomGenerator> rgf = RandomGeneratorFactory.getDefault();
System.out.println("Got " + rgf);
}
}
But if the call to `getPlatformClassLoader()` is done directly from an app loaded by the system class loader, then an exception is thrown when the default security manager is active.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18932#discussion_r1590295056
More information about the core-libs-dev
mailing list