Integrated: 8344011: Remove usage of security manager from Class and reflective APIs

James Perkins jperkins at redhat.com
Fri Feb 21 01:08:45 UTC 2025


Please forgive me if this is the wrong medium to report this.

I've found an issue with the change in the ServiceLoader. Specifically, the
getConstructor()[1] method. Previously, the method caught Throwable and
then fail which would throw a java.util.ServiceConfigurationError
exception. With the changes, only a catches a NoSuchMethodException and
throws a ServiceConfigurationError then. Is this change in behavior
expected?

For some background on how I found this. I had a legitimate classpath issue
missing a CDI dependency. However, the constructor was throwing a
NoClassDefFoundException because of the missing required class. In versions
less than Java 24 this was okay because Throwable was caught. In Java 24
and 25 early access, this is an issue because the NoClassDefFoundException
is thrown instead of it being wrapped in a ServiceConfigurationError.

[1]:
https://github.com/openjdk/jdk/commit/abacece8265996aaec888c8f109f2e476ec7a8e3#diff-32ee5f2b2ad157956f95f404ef7001d8a1ca597ff07f4eb88181309a606af199L647-L668


James R. Perkins

Principal Software Engineer

Red Hat <https://www.redhat.com/>
<https://www.redhat.com/>


On Wed, Nov 13, 2024 at 11:44 PM Alan Bateman <alanb at openjdk.org> wrote:

> On Wed, 13 Nov 2024 10:32:34 GMT, Alan Bateman <alanb at openjdk.org> wrote:
>
> > Remove code required for the now defunct SecurityManager execution mode
> from java.lang.Class, friends, and reflection APIs. Careful review is
> required so I've set Reviewer to 2. I've tried to keep the changes as easy
> to review as possible and not go over board with cleanup.
> >
> > sun.reflect.misc.ReflectUtil are been hollowed out. A future pass will
> remove empty methods and qualified exports once the changes in "far away"
> code and modules is done.
> >
> > In Lookup's class description, the removal of the sentence "avoid
> package access checks for classes accessible to the lookup class"  and the
> link to the removed "Security manager interactions" section is in
> discussion/non-normative text, just missed in the JEP 486 update that
> remove the linked section.
> >
> > runtime/cds/appcds/StaticArchiveWithLambda.java is updated as creating
> the archive no longer skips a generated class.
> >
> > Testing: tier1-5
>
> This pull request has now been integrated.
>
> Changeset: abacece8
> Author:    Alan Bateman <alanb at openjdk.org>
> URL:
> https://git.openjdk.org/jdk/commit/abacece8265996aaec888c8f109f2e476ec7a8e3
> Stats:     1254 lines in 26 files changed: 6 ins; 1094 del; 154 mod
>
> 8344011: Remove usage of security manager from Class and reflective APIs
>
> Reviewed-by: liach, yzheng, rriggs
>
> -------------
>
> PR: https://git.openjdk.org/jdk/pull/22063
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20250220/951e6c6e/attachment-0001.htm>


More information about the core-libs-dev mailing list