[Bug 3490] New: JNLPClassLoader adds Jars from ProtectionDomains

Mon Nov 6 13:51:14 UTC 2017

https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3490

            Bug ID: 3490
           Summary: JNLPClassLoader adds Jars from ProtectionDomains
           Product: IcedTea-Web
           Version: unspecified
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: NetX (javaws)
          Assignee: jvanek at redhat.com
          Reporter: icedtea at white-hawk.de
                CC: unassigned at icedtea.classpath.org

Our web starter loads its initial resources from a single jar. Additional
resources are being fetched with a URLClassLoader which uses
AccessController.doPrivileged in its findClass method. This adds another
ProtectionDomain to the AccessControlContext retrieved by
AccessController.getStackAccessControlContext().

The problem is that this ProtectionDomain is used to add new Jars to the
JNLPClassLoader in getAccessControlContextForClassLoading(). Thus we have the
issue of some classes being loaded by our URLClassLoader and some by the
JNLPClassLoader, making them incompatible.

This does not occur when using the JNLPClassLoader of the Oracle JDK, the
classpath is not changed here.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20171106/c498a55a/attachment.html>