RFR: 8344223: Remove calls to SecurityManager and doPrivileged in java.net.URLClassLoader after JEP 486 integration [v2]
Eirik Bjørsnøs
eirbjo at openjdk.org
Tue Nov 19 11:24:46 UTC 2024
On Tue, 19 Nov 2024 10:48:25 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:
>> Can I please get a review of this change which proposes to remove SecurityManager related API usages from `URLClassLoader` and its related `URLClassPath`? This addresses https://bugs.openjdk.org/browse/JDK-8344223.
>>
>> The `URLClassLoader.getPermissions()` method will need additional changes but that will be done as part of https://bugs.openjdk.org/browse/JDK-8343150.
>>
>> I'll be opening a CSR for this change because we are removing support for the `jdk.net.URLClassPath.disableRestrictedPermissions` system property.
>>
>> No new tests have been added and existing tier1, tier2 and tier3 tests continue to pass.
>
> Jaikiran Pai has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains two additional commits since the last revision:
>
> - merge latest from master branch
> - 8344223: Remove calls to SecurityManager and doPrivileged in java.net.URLClassLoader after JEP 486 integration
src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java line 387:
> 385: Enumeration<URL> e = findResourcesOnClassPath(name);
> 386:
> 387: // concat the resources from the modules and the class path
Observation: This is now essentially `ClassLoader.CompoundEnumeration`, which could be reused if moved to `jdk.internal.loader`. Probably not for this PR though.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22233#discussion_r1848165627
More information about the core-libs-dev
mailing list